openssl

阅读更多

openssl

1.生成私钥
openssl genrsa -des3 -out server.key 1024


除去口令
openssl rsa -in server.key -out server.key

2.生成CSR
openssl req -new -key server.key -out server.csr

3.生成CRT
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt

4.客服端同理
openssl genrsa -des3 -out client.key 1024
openssl req -new -key client.key -out client.csr -config openssl.cnf
Openssl ca -in client.csr -out client.crt -cert ca.crt -keyfile ca.key -config openssl.cnf

5.合成pem
cat ca.crt ca.key> ca.pem
cat server.crt server.key > server.pem

备注:
对于nginx, 使用key和crt也够了, 可以不合成pem


查看证书
--------------------------------------------------
openssl rsa -noout -text -in server.key
openssl req -noout -text -in server.csr

openssl x509 -noout -text -in server.crt

验证证书
openssl verify server.crt