CA証明書生成ノート
2944 ワード
目次
1、例
2、ヘルプコマンド___
3、常用命令
1、
2、
3、
1、例
----------------------------pem -------------
1、CA ,
openssl genrsa -out ca-key.pem -aes128 2048
openssl req -new -x509 -key ca-key.pem -out ca-cert.pem -days 1000
, csr.pem :
Country Name,State or Province Name,Organization Name
2、server , ,
openssl genrsa -out server-key.pem -aes128 2048
openssl req -new -key server-key.pem -out server-csr.pem
openssl ca -in server-csr.pem -cert ca-cert.pem -keyfile ca-key.pem -out server-cert.pem -days 365
:
"I am unable to access the ../../CA/newcerts directory ../../CA/newcerts: No such file or directory"
:
# create directory
$ mkdir ../../CA
$ mkdir ../../CA/newcerts
# create empty file :
$ vi ../../CA/index.txt
# create file and input 01 (the content is 01) :
$ vi ../../CA/serial
3、client , ,
openssl genrsa -out client-key.pem -aes128 2048
openssl req -new -key client-key.pem -out client-csr.pem
openssl ca -in client-csr.pem -cert ca-cert.pem -keyfile ca-key.pem -out client-cert.pem -days 365
----------------------------p12 -------------
openssl pkcs12 -export -in client-cert.pem -inkey client-key.pem -out client-cert.p12
----------------------------jks -------------
keytool -genkeypair -keyalg RSA -alias client -keystore client.jks
# PrivateKeyEntry
keytool -delete -alias client -keystore client.jks
# check keystore
#keytool -list -v -keystore client.jks
# covert format, private-key jks
openssl pkcs8 -in client-key.pem -inform pem -out client-key.pk8 -outform der -topk8 -nocrypt
# pkeytool.jar
# import client-key.pk8,client-cert.pem
java -jar pkeytool.jar -importkey -keyfile client-key.pk8 -certfile client-cert.pem -alias myclient -keystore client.jks
# import ca-cert
keytool -importcert -v -trustcacerts -file ca-cert.pem -alias myCA -keystore client.jks
2、ヘルプコマンド___
openssl --help
openssl x509 --help
3、常用命令
1、 :
openssl genrsa -out ca-key.pem 1024
2、 :
openssl genrsa -des3 -out ca-key.pem 1024
3、 :
openssl rsa -in ca-key.pem -out ca-key.pem
4、 :
openssl req -new -x509 -key ca-key.pem -out ca-cert.pem -days 1095
5、 :
openssl rsa -in ca-key.pem -pubout -out pub-key.pem
6、 :( 、 、 )(PEM DER)
openssl x509 -in ca-cert.pem -inform PEM -out ca-cert.der -outform DER
openssl rsa -in ca-key.pem -inform PEM -out ca-key.der -outform DER
openssl rsa -pubin -in pub-key.pem -inform PEM -pubout -out pub-key.der -outform DER
7、 pfx (p12):
openssl pkcs12 -export -in server-cert.pem -out server.p12 -inkey server-key.pem
8、p12 :
openssl pkcs12 -in server.p12 -out server.txt
9、 :( 、 、 )
openssl x509 -in ca-cert.pem -noout -text -modulus
openssl rsa -in ca-key.pem -noout -text -modulus
openssl rsa -in pub-key.pem -noout -text -modulus