Self-built CA Based on OpenSSL and SSL certificate issuance
For details about SSL/TLS, see the SSL/TLS principles.For more information about Certificate Authority (CA) and digital certificate, see OpenSSL and SSL digital certificate
In HTTPS learning note two, the concept of digital certificates has been clarified, composed and how the client validates the server-side certificate during the HTTPS connection process. This chapter describes how to use the OpenSSL library to
Digital Certificate and its authentication process [reprinted], digital certificate reprinted
As we all know, public key cryptography makes it easy to use digital signatures, encrypted communications, and other key services by using the public key
I. Generate a CA certificate
Currently, the CA of a third-party authority is not used for authentication and serves as the CA.
Prerequisites: Download www.openssl.org from the
Use the OpenSSL to verify the certificate chain with the following command:Debian:/home/zhaoya/openssl#openssl verify-cafile Root_cert User_certThe Root_cert can contain a lot of certificates, you can use the Cat command to merge multilevel CA
About OpenSSL OpenSSL
SSL is an abbreviation for the Secure Socket Layer protocol, which provides covert transmission over the Internet. Netscape Company introduced the SSL protocol standard at the same time as the first web browser, there are now 3.
In the previous article, we talked about common authentication methods: User Name/password authentication and Windows authentication. In the next article, we will introduce another important credential type: X.509 Certificate and the authentication
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
and provide relevant evidence. A staff member will contact you within 5 working days.