[network]OpenSSL生成证书的步骤

2016-3-28 写技术

SSL的原理先不说,这里先把证书的生成以及CA的生成和签名记录一下:

1.1.服务端密钥
openssl genrsa -des3 -out server.key 2048
PEM pass phrase:123456
1.2.密钥去密码
openssl rsa -in server.key -out server.key [cancel password]
pass phrase:123456 [ca password]
1.3.生成请求签名文件
openssl req -new -key server.key -out server.csr

2.1.客户端密钥
openssl genrsa -des3 -out client.key 2048
PEM pass phrase:123456
2.2.密钥去密码
openssl rsa -in client.key -out client.key [cancel password]
pass phrase:123456 [ca password]
2.3.生成请求签名文件
openssl req -new -key client.key -out client.csr

3.1.生成CA密钥
openssl genrsa -des3 -out ca.key 2048
PEM pass phrase:123456
3.2.密钥去密码
openssl rsa -in ca.key -out ca.key [cancel password]
pass phrase:123456 [ca password]
3.3.生成证书
openssl req -new -x509 -key ca.key -out ca.crt

4.1.一个脚本,作用没深究
/usr/lib/ssl/misc/CA.pl -newca
:ca.crt
4.2.由CA签名证书
openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config openssl.cnf
openssl ca -in client.csr -out client.crt -cert ca.crt -keyfile ca.key -config openssl.cnf

标签: network

« [python]ubuntu下python安装指南 | [C]Source Insight常用的快捷键»

评论:


2016-03-30 09:52
./mosquitto_sub -h 192.168.0.106 -i 111 -p 8883 -t "111" --cafile /home/nicholas/workspace/project/mosquitto/run/openssl/ca.crt --cert /home/nicholas/workspace/project/mosquitto/run/openssl/client.crt --key /home/nicholas/workspace/project/mosquitto/run/openssl/client.key


./mosquitto_pub -h 192.168.0.106 -p 8883 -t "111" -m "this is nicholas pub" --cafile /home/nicholas/workspace/project/mosquitto/run/openssl/ca.crt --cert /home/nicholas/workspace/project/mosquitto/run/openssl/client.crt --key /home/nicholas/workspace/project/mosquitto/run/openssl/client.key
回复

发表评论:

Powered by anycle 湘ICP备15001973号-1