First, IntroductionThe OpenSSL command set fully embodies the KISS Spirit of Unix programming-the functionality of each command is simple and independent, and it can be combined in a scripting language to achieve powerful functionality.Here are just a few of our frequently used commands, the detailed help of each command can refer to the corresponding manpages,ii. Common Functions 1, generate your own CA (Certific
1. Generate a self-signed certificate
Generally, the https server requires an X509 Certificate certified by a formal CA. When the client connects to the https server, the CA's common key is used to check whether the certificate is correct. However, it is very troublesome to obtain the CA
I. Configuring HTTPS and self-signed certificates for Nginx1. Making CA CertificateCa.key CA Private Key:OpenSSL genrsa-des3-out Ca.key 2048Make the decrypted CA private key (which is generally not necessary):OpenSSL rsa-in ca.key-out Ca_decrypted.keyCA.CRT CA Root certificate (public key):OpenSSL req-new-x509-days 730
) []: Root
Email Address []: sky
3. Self-signed certificate:
C:/OpenSSL/bin> OpenSSL X509-req-in Ca/ca-req.csr-out Ca/ca-cert.pem-signkey Ca/ca-key.pem-days 3650
4. Export the certificate to the. p12 format supported by the browser: (skipped if not required)
C:/
2016-10-28 Reprint Please specify Source: http://daodaoliang.com/
作者: daodaoliang版本: V1.0.1邮箱: [emailprotected]Reference Links: Here and here and official documents1. Making a server certificateServer CA Private key:openssl genrsa -des3 -out ca.key 2048Make the decrypted CA private key (which is generally not necessary):openssl rsa -in ca.key -out ca_decrypted.keyCA.CRT CA Root certificate (public key
generated certificate is CA.CRTOpenSSL x509-req-days 3650-in/home/lengshan/ca.csr-signkey/home/lengshan/ca.key-out/home/lengshan/ca.crt#为我们的证书建立第一个序列号, usually with 4 characters, this does not affect the subsequent issuance of certificates and other operationsecho Face >/home/lengshan/serial#建立ca的证书库, does not affect the subsequent operation, the default configuration file also has the storage placeTouch/home/lengshan/index.txt#建立证书回收列表保存失效的证书
The self-Signed https certificate is insecure.
I. project requirements
All the apps we make are enterprise-level applications, while downloading enterprise-level applications must follow the itms protocol, and https links are required under the itms protocol. This requires your server to support the https protocol, this protocol requires an SSL certificate. We us
The concepts related to certificates are really tricky because they haven't been exposed to certificate encryption before, because there's a whole new term coming up that looks like something else in another field, not something that we're familiar with in the programming world, at least personally, and I don't know much about it for a long time. The purpose of writing this article is to clarify these concepts, to understand their meaning and relevanc
sign the certificate issued by ourselves. This certificate can be obtained from other cas or self-Signed root certificates. Here we generate a self-Signed root certificate.
First, we need to add some information to the configuration file, as shown below. The section name is
A certificate in pfx format needs to be converted to the CER format at work. The original practice is to first import the pfx format certificate to the browser, and then export it from the browser, however, this is too slow for batch operations. You can use the commands provided by OpenSSL to meet this requirement.
Ope
The. PFX digital certificate is created automatically by using VS2005. The default validity period is only one year, and "Issuer", "issued to" is a combination of the current machine name and the current login username, in fact we can create a more friendly. PFX digital certificate.
To open the SDK command prompt for the Microsoft. NET Framework, follow these steps:
1. Create a self-
Model Stepping 7, Genuineintel * vs120comntools= ' C:\Program Files (x86) \microsoft Visual Studio 12.0\VC ' * Input files:c:\devpack\mingw\msys\1.0\local\win64\bin *: Libeay32.dll *: SSLEAY32.DL L * Output path:c:\devpack\workspace\temp\win64--------------------------------------------------* Make Windows Module Definition:libeay32.def * Make Windows Module import file:libeay32.libMicrosoft (R) Library Manager Version 12.00 .21005.1Copyright (C) Microsoft Corporation. All rights reserved. C
Important notifications:Symbian signed will cooperate with the new Certificate Authority TC trustcenter to issue the Symbian signed certification certificate from January 1, May 29, 2007. after January 1, May 2008, Verisign ACS publisher ID will no longer be supported for Symbian s
Label: style blog HTTP use AR strong data SP 2014 This error has always occurred when I recently used Ruby libraries.. When using the net/IMAP library or the net/HTTP Library (mainly using HTTPS and HTTPS using SSL), the details are as follows: Error message: e:/ruby200/lib/Ruby/2.0.0/NET/IMAP. RB: 1454: In 'connect': ssl_connect returned = 1 errno = 0 state = SSLv3 read server certificate B: Certificate
Use the OpenSSL to verify the certificate chain with the following command:Debian:/home/zhaoya/openssl#openssl verify-cafile Root_cert User_certThe Root_cert can contain a lot of certificates, you can use the Cat command to merge multilevel CA certificates into a file, and then the program will load after startup Root_
1. Determine the directory structureFirst determine that there is a democa directory, and that the structure isDemoca
Certs--Empty directory
CRL--Empty directory
Newcerts--Empty directory
Private--Empty directory
Index.txt--Empty file
Serial--I don't know what's the use of ... The general content is 00
No, execute the order.mkdir democamkdir democa\certsmkdir democa\crlmkdir democa\newcertsmkdir democa\privateecho off > demoCA\ Index.txtecho Onecho > Democa\serial2. Genera
profiles for development and distribution, respectively. Similarly, there are two types of push certificates:Development App,app server that is signed by developer provisioning Profile must send a notification using a developer certificate.Production App,app Server published according to ad hoc or App store must use Production certificate. If they are confused, the app will not receive a push notification.
Certificate. on the screen, you will be prompted to enter the required personal information (such as Country, province, city, company, etc.) according to the prompts ).
Ii. Client
1. Generate the client private key (key file );
Openssl genrsa-des3-out client. key 1024 2. Generate the client certificate signature request file (csr file );
The first part: overview。。 Part II: System Preparation1 Operating system CentOS 6.xIp:2 Installing OpenSSL Yum Install-y OpenSSL3 Installing the JDKDownload JDK http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html from official websiteDownload here is jdk1.8 upload to CentOS6, extract to/opt/jtools/java/directoryConfiguring Environment variablesVim ~/.bash_profileexport java_home=/opt/jtools/java/jdk1.8export classpath=.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.