怎样获取自己的SSL证书

lcchuguo

原创文章,转载请注明出处:server非业余研究http://blog.csdn.net/erlib 作者Sunface


假设仅为了測试,那使用以下方法就可以:

測试证书创建:

1.创建证书的key

  1. 
$ openssl genrsa -out key.pem 1024


2.创建证书,注意这里的common name应该填你的server name

    

  1. 
$ openssl req -new -key key.pem -out request.pem
    

    2. 

  2. 

    

    3. 

  3. 
   Country Name (2 letter code) [AU]:UA
    

    4. 

  4. 
   State or Province Name (full name) [Some-State]:
    

    5. 

  5. 
   Locality Name (eg, city) []:Kiev
    

    6. 

  6. 
   Organization Name (eg, company) [Internet Widgits Pty Ltd]:site4fast blog
    

    7. 

  7. 
   Organizational Unit Name (eg, section) []:.
    

    8. 

  8. 
   Common Name (eg, YOUR name) []:site4fast.example.net
    

    9. 

  9. 
   Email Address []:site4fast@example.net
    

    10. 

  10. 

    

    11. 

  11. 
   Please enter the following \'extra\' attributes
    

    12. 

  12. 
   to be sent with your certificate request
    

    13. 

  13. 
   A challenge password []:
    

    14. 

  14. 
   An optional company name []:

    15. 

  15.


3.证书签字

  1. 
$ openssl x509 -req -days 30 -in request.pem -signkey key.pem -out certificate.pem


4.至此,我们须要的測试证书已经创建好了:"self-signed certificate".



正式的证书创建步骤:

1.安装CA证书

  1. 
$ aptitude install ssl-cert ca-certificates

2.在startssl.com注冊

3.创建一个请求

  1. 
$ openssl req -new -newkey rsa:2048 -nodes -keyout www_privatekey.pem -out www_csr.pem



    

  1. 
Generating a 2048 bit RSA private key
    

    2. 

  2. 
 ..................................++++++
    

    3. 

  3. 
 ....................++++++
    

    4. 

  4. 
 writing new private key to \'www_privatekey.pem\'
    

    5. 

  5. 
 -----
    

    6. 

  6. 
 You are about to be asked to enter information that will be incorporated
    

    7. 

  7. 
 into your certificate request.
    

    8. 

  8. 
 What you are about to enter is what is called a Distinguished Name or a DN.
    

    9. 

  9. 
 There are quite a few fields but you can leave some blank
    

    10. 

  10. 
 For some fields there will be a default value,
    

    11. 

  11. 
 If you enter \'.\', the field will be left blank.
    

    12. 

  12. 
 -----
    

    13. 

  13. 
 Country Name (2 letter code) [AU]:UA
    

    14. 

  14. 
 State or Province Name (full name) [Some-State]:Some state
    

    15. 

  15. 
 Locality Name (eg, city) []:Some City
    

    16. 

  16. 
 Organization Name (eg, company) [Internet Widgits Pty Ltd]:Some Organisation
    

    17. 

  17. 
 Organizational Unit Name (eg, section) []:IT
    

    18. 

  18. 
 Common Name (eg, YOUR name) []:www.example.org
    

    19. 

  19. 
 Email Address []:test@example.org
    

    20. 

  20. 
 
    

    21. 

  21. 
 Please enter the following \'extra\' attributes
    

    22. 

  22. 
 to be sent with your certificate request
    

    23. 

  23. 
 A challenge password []:
    

    24. 

  24. 
 An optional company name []:

    25.

4.在发送之前验证请求的内容

  1. 
$ openssl req -in www_csr.pem -text -verify -noout

5.将请求发送给startssl.com,从站点请求一个新的证书。当须要CSR的时候将\'www_csr.pem\'填进去


6.从网页上复制证书。然后放入\'www_certificate.pem\'文件,然后检查文件的内容:

  1. 
$ openssl x509 -in www_certificate.pem -text -noout

7.測试server证书

  1. 
$ openssl verify www_certificate.pem

假设都正确。那就会看到OK的提示

  1. 
www_certificate.pem: OK



分类:

技术点:

相关文章:

  • 2021-12-05
  • 2022-01-21
  • 2021-09-15
  • 2021-12-02
  • 2022-12-23
  • 2021-06-27
  • 2022-12-23
猜你喜欢
  • 2022-12-23
  • 2021-10-30
  • 2022-02-26
  • 2021-08-03
  • 2022-01-01
  • 2022-12-23
  • 2021-11-25
相关资源
相似解决方案
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode