Security &引用;openssl编程简介;文章过期证书
我是openSSL库和PKI的新手。 我有一个简单的问题要问openSSL专家 有人知道如何为本文中的代码示例创建证书吗 Eric Rescorla的“OpenSSL编程简介(第I/II部分)” www.rtfm.com/openssl-examples/part1.pdf www.rtfm.com/openssl-examples/part2.pdf 我已从下载源代码 问题是证书已过期,我不知道如何创建新的根证书 如何创建根证书?如何为客户端和服务器应用程序创建证书?我应该使用哪种加密算法? 据我所知,我应该做以下工作:Security &引用;openssl编程简介;文章过期证书,security,openssl,ssl-certificate,x509,Security,Openssl,Ssl Certificate,X509,我是openSSL库和PKI的新手。 我有一个简单的问题要问openSSL专家 有人知道如何为本文中的代码示例创建证书吗 Eric Rescorla的“OpenSSL编程简介(第I/II部分)” www.rtfm.com/openssl-examples/part1.pdf www.rtfm.com/openssl-examples/part2.pdf 我已从下载源代码 问题是证书已过期,我不知道如何创建新的根证书 如何创建根证书?如何为客户端和服务器应用程序创建证书?我应该使用哪种加密算法?
- 创建密钥对。秘密和公开密钥
- 创建证书请求(p10格式)
- 创建自签名根证书(x509格式)
这是清楚的。我知道证书已过期,我的新证书不正确。问题是如何创建正确的证书、密钥和所有类似的东西。@Sauron。希望这个链接能有所帮助
#!/bin/sh
alg="rsa"
ossl="openssl"
passwd="password"
#certificate autority folder
caFolder="./demoCA"
#delete old certificates, CA folder and keys
rm -rf *.pem
rm -rf $caFolder
#create folder structure
mkdir $caFolder
mkdir "$caFolder/private"
mkdir "$caFolder/newcerts"
#generate RSA private key for CA
$ossl genrsa -out ca_key.pem 1024
#Creating certificate request:
$ossl req -new -key ca_key.pem -out ./ca_req.pem -days 1095 -passin pass:$passwd -passout pass:$passwd \
-subj /C=RU/ST=Moscow/L=Moscow/O=company/OU=TestCAs/CN=TestCA/emailAddress=TestCA@company.ru -extensions v3_ca
cp ca_key.pem "$caFolder/private/cakey.pem"
touch "$caFolder/index.txt"
#Create self signed CA certificate
$ossl ca -create_serial -in ca_req.pem -out ca_cert.pem -days 1095 -passin pass:$passwd -selfsign -extensions v3_ca -notext
cp ca_cert.pem "$caFolder/cacert.pem"
#generate SERVER private key and request for certificate
$ossl genrsa -out server_key.pem -passout pass:$passwd -des3 1024
$ossl req -new -key server_key.pem -passin pass:$passwd \
-passout pass:$passwd -out server_req.pem -days 1095 \
-subj /C=RU/ST=Moscow/L=Moscow/O=company/OU=SSLServers/CN=localhost/emailAddress=SSLServer@company.ru
#create SERVER certifiate (this certificate is not self signed. This certificate signed by CA private key)
$ossl ca -in server_req.pem -out server_cert.pem -passin pass:$passwd -notext
#generate RSA private key for client
$ossl genrsa -out user_key.pem -passout pass:$passwd -des3 1024
#generate request certificate for client
$ossl req -new -key user_key.pem -out user_req.pem -days 1095 \
-passin pass:$passwd -passout pass:$passwd \
-subj /C=RU/ST=Moscow/L=Moscow/O=company/OU=Clients/CN=Client/emailAddress=Client@company.ru
#create user certifiate (this certificate is not self signed. This certificate signed by CA private key)
$ossl ca -in user_req.pem -out user_cert.pem -passin pass:$passwd -notext
#generate DH param
$ossl dhparam -out dh1024.pem 1024
cat ./user_key.pem ./user_cert.pem > client.pem
cat ./server_key.pem ./server_cert.pem > server.pem
cp ./ca_cert.pem root.pem