Discover checking ssl certificate with openssl, include the articles, news, trends, analysis and practical advice about checking ssl certificate with openssl on alibabacloud.com
successfully executed, the Ca. Key and Ca. CRT certificates are generated in the bin directory.
Use the generated CA to sign the CSR file to generate the server certificateOpenssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config openssl.cnfAfter successful execution, the certificate file server. CRT will be generated
Use the generated CA to sign the CSR file to generate the client certificateOpenssl ca -in client.csr -out clie
the CHEAPSSL Web site, log on to the system, and then access my SSL, select the purchased certificate, and activate:
An application form will appear:
In this page will let you choose the type of server, we choose Apache + OpenSSL. Then, in the text box below, copy the contents of the Server.key that you just generated, and then click Next to verify the
variable to point to its bin folder.
Download OpenSSL profile http://www.securityfocus.com/data/tools/openssl.conf
And copy it to a folder so that it can be specified through the command line. Here is C:/SSL/
Otherwise, the error "unable to load config info from/usr/local/SSL/OpenSSL. CNF" is reported during running.
I. Create an OpenSSL Certificate:
1. Create the directory./democa/./democa/newcerts/and create the file./democa/index.txt./democa/serial.
2. Run echo 01>./democa/serial.
3. Create your own CA certificate
$ OpenSSL req-New-X509-keyout ca. Key-out ca. CRT
4. Generate the private key (key file) and CSR file of the server.
OpenSSL genrsa-out server.key 1024 (no password required)OpenSSL Req-new-key server.key-out SERVER.CSRCat SERVER.CSRPaste the above text into http://dc2.sankuai.info/certsrv/request Advanced Certificate request---->web Server certificate, OK, download base 64 encoded certificate
The OpenSSL Certificate Action command generates a self signed certificate# Generate a key, your private key, OpenSSL will prompt you to enter a password, you can enter, you can not lose,# Enter the words, each time you use this key to enter the password, security, or there should be a password protection >
default_ca. Its value is the name of the segment that saves the default configuration of CA. Here it is ca_default. This means that when OpenSSL generates a certificate, it will go to the ca_default field to find the corresponding configuration information.
The OpenSSL command allows multiple CA configurations in a configuration file.
[Ca_default]
This section c
)
Please enter the following 'extra 'attributes
To be sent with your certificate request
A challenge password []: 123456
An optional company name []: Tsing
3. Self-signed certificate:
C: /OpenSSL/bin> OpenSSL X509-req-in client/client-req.csr-out client/client-cert.pem-signkey client/client-key.pem-ca/ca-cert.pem-Cake
www.mysite.com.key-in www.mysite.com.pem-passin pass:123456-passout pass:123456-out Www.mysite.com.p126, remove the key password protectionSometimes it is too cumbersome to enter the password, you can remove the key protection password > OpenSSL RSA- in Myserver.key-out server.key.insecure7. Test CertificateOpenSSL provides simple client and server tools that can be used to simulate SSL connections for tes
-noout
Now, we can submit testreq. pem to our CA to generate the certificate.For convenience, we assume that testreq. pem is in // var/MyCA/private.
$ Openssl ca-in testreq. pem
There are three prompts, one is to ask your CA's private key password, two is to confirm, the output is the certificate issued to the customer.You can use the batch option to cancel the command prompt. You can use the notext option
Today, when trying to build a Docker registry private warehouse on a Mac machine, the latest registry of the Cup has been forced to use SSL authentication for security reasons, so we have a detailed understanding of the use of OpenSSL on Linux/mac, and a new set of English abbreviations, Finishing in the following:TLS: Transport Layer Security Protocol TransportSSL: Abbreviation for Secure Sockets Layer Sec
Note:Through the author's blog "working principle of the FTP server and how to log on to a virtual user through PAM Authentication", we learned that FTP is a file sharing protocol and uses a plaintext transmission mechanism, therefore, users and passwords transmitted over the Internet are insecure. Therefore, the SSL/TLS encryption algorithm must be used to provide the ciphertext transmission mechanism to ensure the security of users and passwords dur
platforms. The operating system needs to install OpenSSL, and this part of the operation should be performed as a system administrator, therefore, the following command line uses the "#" identifier to start the header.After OpenSSL is installed, the system will generate the openssl. cnf file under the/etc/ssl
certificate is. 1. After OpenSSL is installed, find OpenSSL. CnF in the/usr/lib/SSL directory (for Ubuntu system, use whereis to check the SSL directory) and copy it to the working directory. 2. Create a New democafolder under the Work directory, create the new files in
OpenSSL Toolkit is one of the implementation methods of SSL v2/V3 and TLS v1 protocols on Linux, and provides common encryption and decryption functions.
OpenSSLIt consists of three parts:
1:Libcrypto: an encrypted library mainly used to implement encryption and decryption.
2:Libssl: implements the SSL server-side function session Library
3:
-keyfile ca.key-configOpenssl ca-in client.csr-out Client.crt-cert ca.crt-keyfile ca.key-config
PS: such as the report update database error, the index.txt.attr file content update to Unique_subject = no
Note: This error occurs: Using configuration from/usr/share/ssl/openssl.cfg I am unable to access the./democa/newcerts directory./demo Ca/newcerts:no such file or directorySolution: 1. mkdir-p./democa/newcerts2). Touch Democa/index.txt3). Touch demo
In general, if you can find a certificate that is available, you can use it directly, except that some information about the certificate is incorrect or does not match the host that is deploying the certificate, but this does not affect the use of the browser prompt certificate.
You need to generate certificates manual
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.