openssl使用,生成更证书与csr请求及签名

openssl

  • 目录
    • 简介
    • 生成ras私钥与公钥
    • 生成自签名证书(rootca)
    • 生成签名请求及CA 签名

目录

hhhh第一次用markdown,见谅见谅

简介

openssl 是目前最流行的 SSL 密码库工具,其提供了一个通用、健壮、功能完备的工具套件,用以支持SSL/TLS 协议的实现。

  • 官网 :https://www.openssl.org/source/;
  • 相关书籍:英文版的,读了一下,还是便于阅读的可以参考
    https://www.feistyduck.com/library/openssl-cookbook/online/index.html;

生成ras私钥与公钥

  • 直接生成私钥与公钥

    openssl genrsa -out fa.key
    

    结果

    Generating RSA private key, 2048 bit long modulus
    ....................................+++
    ...........................................................................................+++
    e is 65537 (0x10001)
    

    生成成功,e默认选的65537,现在大家公认安全的
    生成对应公钥 ,关于为什么可以从私钥中生成公钥后面解释

    openssl rsa -in fd.key -pubout -out fd-public.key
    

    出现writing RSA key,生成成功

  • 生成加密的私钥与公钥
    直接生成没加密的显然不安全,用这个命令可以对私钥文件加密,查看详细信息的时候要用密码解密

    openssl genrsa -aes128 -out fd.key 2048(密码)
    openssl rsa -in fd.key -pubout -out fd-public.key 204(密码)
    
    vim fd.ke//打开私钥文件
    
  • 关于生成的私钥文件

    直接打开私钥,公钥文件如下,没有太多的有效信息

    -----BEGIN RSA PRIVATE KEY-----
    MIIEowIBAAKCAQEAn55ZpC4TUt22yysV9W44P1ttD9wAyHzIJUETakXfsVGlN1w3
    HRUJu9fu54aR6bcvgueVaYIG3XczWfNlmkeiQ/uNUo6jrXcRrNaItrHN4amLsBND
    bBMTrPmMcWf4Pm1V9MfnW6zEC/LeRZFWplBFXtt+m9Z+wqhshd/YcuBmseQjfskY
    iWfBKHNsX2+XvlS9xZ34UA7xdRtloiTHWOj/0fRh8l1XHhkFsK3HY1IO87mDjx9E
    dA7lHA0OQYgn1BRyrXLZkemhKK0jBFvRBQU4d4VXmxJ6syQYZyPv2ldmtUo11HI6
    jSDhTcEAUOm+lpGtNjNbKxhCwAWO1/Ol/9CXBQIDAQABAoIBACXYkuKVtik4vqWv
    gpZd2uJS2CohfOIMjBwhMOxKwv41IJpeuAaiPVuXmGK3CpPCxnYgWNHabaxHHhre
    1iFdiMDbvSdtAKwZhkxX1bSTtgAihidqedr/LvQde0pMX5TVscLHPzkCXr2CiWcv
    Tb9DWx9hpcRneEjJTGn1qEmcoVzeHhl3YioIuD11bRPoBaUigDYR87gx+SS5I4fb
    8bWK+BS9otW3eIWl/IpEKowGfcGVzvtlnvaExUVTi59FGySfXKWuUReUDM58GXE2
    qLpdDamRLoAk7wh9DYCcECOfinIEdcnZn4c2w38CBUZ5/IsMcDpqVHKBY56DjKor
    WZE9r4UCgYEAzUwGSoQUUt0Gxb72p0RJBpYGogiRwvtKIba+DvD5xwOy0w6jIrae
    fl+9t1BTv4GHJdwsv0HTn15WFja9xRPfV2UhS34ruVX3b3xd0H64zYcFxInYcKKt
    nrbE8GBkGkZUXtKf1nkCj937k/d8l6FgkoJ+NXWWkwL2Z0qXkK9YBtMCgYEAxwpK
    i7QO6Hv/TLPciUKjlwSW7bqA9xOWYXEzZHFppsMwlGtTTMjmx9OrTPHpX+cskvVQ
    WqgDbT7pg5ooXfHWWzQa0DmEErbefmllpSwR/4OrUEpBQJaqAh8OHIbBqMPKPA7D
    n5Z6TQ7gBnH8XcCBj+OGPwROwt4BekJ7Z+zT88cCgYBejjqDjavysnyRDbB7P/dG
    gkkRzlKcdLMjLhEBvrm8kRaHIUHAFk6PtDckPGomVVlS9cLiYEZBK+kImDP1ln6S
    uTCJndYzqcWqYqSvB/7EIwFkEX1P+41uAY5ZjHvuoh/wAKC/3sJwUvSxpRaMnDZn
    pJTOuJcepQmqb2+5oxkvIwKBgDeQ7+7Afcj5lPRc4hyPtgvbBCeqAYb4uOrLJ4XL
    A6vCojVNIRw2mfb/aLs6beSQLSl5ws0MSqic/6P1zX8snKMpkLLA29Y9py+zTOUn
    wH6My67GjCDz7tJYyR+9nyL2RecuV/6di9cnZ/NkrwedTo5U/o1pLnPIdrEjDkCd
    JS7RAoGBAKTml25Ox0KtYuYwiPhv47aBIWT3gal/396ubqVC2QIzBYyl3ePA7bM8
    9vYJMKZn+4KGogJeWKrR6cCGEKWkKvEtOvyHEecv2Ud2Vv+rNntw0YdvC6s/50eQ
    /ObYMY9DhUS/BCggD9ibFuVufLMGAIlAuE4eWbq1G+Ge2wXh+gjF
    -----END RSA PRIVATE KEY-----
    
    

    如果想获得更多信息,用下面的指令

    openssl rsa -text -in fd.key
    

    结果如下
    一个prime1,一个prime2就是生成大数n的两个素数,私钥中包含所有信息,所以可以用来生成公钥,

    Private-Key: (2048 bit)
    modulus:
        00:9f:9e:59:a4:2e:13:52:dd:b6:cb:2b:15:f5:6e:
        38:3f:5b:6d:0f:dc:00:c8:7c:c8:25:41:13:6a:45:
        df:b1:51:a5:37:5c:37:1d:15:09:bb:d7:ee:e7:86:
        91:e9:b7:2f:82:e7:95:69:82:06:dd:77:33:59:f3:
        65:9a:47:a2:43:fb:8d:52:8e:a3:ad:77:11:ac:d6:
        88:b6:b1:cd:e1:a9:8b:b0:13:43:6c:13:13:ac:f9:
        8c:71:67:f8:3e:6d:55:f4:c7:e7:5b:ac:c4:0b:f2:
        de:45:91:56:a6:50:45:5e:db:7e:9b:d6:7e:c2:a8:
        6c:85:df:d8:72:e0:66:b1:e4:23:7e:c9:18:89:67:
        c1:28:73:6c:5f:6f:97:be:54:bd:c5:9d:f8:50:0e:
        f1:75:1b:65:a2:24:c7:58:e8:ff:d1:f4:61:f2:5d:
        57:1e:19:05:b0:ad:c7:63:52:0e:f3:b9:83:8f:1f:
        44:74:0e:e5:1c:0d:0e:41:88:27:d4:14:72:ad:72:
        d9:91:e9:a1:28:ad:23:04:5b:d1:05:05:38:77:85:
        57:9b:12:7a:b3:24:18:67:23:ef:da:57:66:b5:4a:
        35:d4:72:3a:8d:20:e1:4d:c1:00:50:e9:be:96:91:
        ad:36:33:5b:2b:18:42:c0:05:8e:d7:f3:a5:ff:d0:
        97:05
    publicExponent: 65537 (0x10001)
    privateExponent:
        25:d8:92:e2:95:b6:29:38:be:a5:af:82:96:5d:da:
        e2:52:d8:2a:21:7c:e2:0c:8c:1c:21:30:ec:4a:c2:
        fe:35:20:9a:5e:b8:06:a2:3d:5b:97:98:62:b7:0a:
        93:c2:c6:76:20:58:d1:da:6d:ac:47:1e:1a:de:d6:
        21:5d:88:c0:db:bd:27:6d:00:ac:19:86:4c:57:d5:
        b4:93:b6:00:22:86:27:6a:79:da:ff:2e:f4:1d:7b:
        4a:4c:5f:94:d5:b1:c2:c7:3f:39:02:5e:bd:82:89:
        67:2f:4d:bf:43:5b:1f:61:a5:c4:67:78:48:c9:4c:
        69:f5:a8:49:9c:a1:5c:de:1e:19:77:62:2a:08:b8:
        3d:75:6d:13:e8:05:a5:22:80:36:11:f3:b8:31:f9:
        24:b9:23:87:db:f1:b5:8a:f8:14:bd:a2:d5:b7:78:
        85:a5:fc:8a:44:2a:8c:06:7d:c1:95:ce:fb:65:9e:
        f6:84:c5:45:53:8b:9f:45:1b:24:9f:5c:a5:ae:51:
        17:94:0c:ce:7c:19:71:36:a8:ba:5d:0d:a9:91:2e:
        80:24:ef:08:7d:0d:80:9c:10:23:9f:8a:72:04:75:
        c9:d9:9f:87:36:c3:7f:02:05:46:79:fc:8b:0c:70:
        3a:6a:54:72:81:63:9e:83:8c:aa:2b:59:91:3d:af:
        85
    prime1:
        00:cd:4c:06:4a:84:14:52:dd:06:c5:be:f6:a7:44:
        49:06:96:06:a2:08:91:c2:fb:4a:21:b6:be:0e:f0:
        f9:c7:03:b2:d3:0e:a3:22:b6:9e:7e:5f:bd:b7:50:
        53:bf:81:87:25:dc:2c:bf:41:d3:9f:5e:56:16:36:
        bd:c5:13:df:57:65:21:4b:7e:2b:b9:55:f7:6f:7c:
        5d:d0:7e:b8:cd:87:05:c4:89:d8:70:a2:ad:9e:b6:
        c4:f0:60:64:1a:46:54:5e:d2:9f:d6:79:02:8f:dd:
        fb:93:f7:7c:97:a1:60:92:82:7e:35:75:96:93:02:
        f6:67:4a:97:90:af:58:06:d3
    prime2:
        00:c7:0a:4a:8b:b4:0e:e8:7b:ff:4c:b3:dc:89:42:
        a3:97:04:96:ed:ba:80:f7:13:96:61:71:33:64:71:
        69:a6:c3:30:94:6b:53:4c:c8:e6:c7:d3:ab:4c:f1:
        e9:5f:e7:2c:92:f5:50:5a:a8:03:6d:3e:e9:83:9a:
        28:5d:f1:d6:5b:34:1a:d0:39:84:12:b6:de:7e:69:
        65:a5:2c:11:ff:83:ab:50:4a:41:40:96:aa:02:1f:
        0e:1c:86:c1:a8:c3:ca:3c:0e:c3:9f:96:7a:4d:0e:
        e0:06:71:fc:5d:c0:81:8f:e3:86:3f:04:4e:c2:de:
        01:7a:42:7b:67:ec:d3:f3:c7
    exponent1:
        5e:8e:3a:83:8d:ab:f2:b2:7c:91:0d:b0:7b:3f:f7:
        46:82:49:11:ce:52:9c:74:b3:23:2e:11:01:be:b9:
        bc:91:16:87:21:41:c0:16:4e:8f:b4:37:24:3c:6a:
        26:55:59:52:f5:c2:e2:60:46:41:2b:e9:08:98:33:
        f5:96:7e:92:b9:30:89:9d:d6:33:a9:c5:aa:62:a4:
        af:07:fe:c4:23:01:64:11:7d:4f:fb:8d:6e:01:8e:
        59:8c:7b:ee:a2:1f:f0:00:a0:bf:de:c2:70:52:f4:
        b1:a5:16:8c:9c:36:67:a4:94:ce:b8:97:1e:a5:09:
        aa:6f:6f:b9:a3:19:2f:23
    exponent2:
        37:90:ef:ee:c0:7d:c8:f9:94:f4:5c:e2:1c:8f:b6:
        0b:db:04:27:aa:01:86:f8:b8:ea:cb:27:85:cb:03:
        ab:c2:a2:35:4d:21:1c:36:99:f6:ff:68:bb:3a:6d:
        e4:90:2d:29:79:c2:cd:0c:4a:a8:9c:ff:a3:f5:cd:
        7f:2c:9c:a3:29:90:b2:c0:db:d6:3d:a7:2f:b3:4c:
        e5:27:c0:7e:8c:cb:ae:c6:8c:20:f3:ee:d2:58:c9:
        1f:bd:9f:22:f6:45:e7:2e:57:fe:9d:8b:d7:27:67:
        f3:64:af:07:9d:4e:8e:54:fe:8d:69:2e:73:c8:76:
        b1:23:0e:40:9d:25:2e:d1
    coefficient:
        00:a4:e6:97:6e:4e:c7:42:ad:62:e6:30:88:f8:6f:
        e3:b6:81:21:64:f7:81:a9:7f:df:de:ae:6e:a5:42:
        d9:02:33:05:8c:a5:dd:e3:c0:ed:b3:3c:f6:f6:09:
        30:a6:67:fb:82:86:a2:02:5e:58:aa:d1:e9:c0:86:
        10:a5:a4:2a:f1:2d:3a:fc:87:11:e7:2f:d9:47:76:
        56:ff:ab:36:7b:70:d1:87:6f:0b:ab:3f:e7:47:90:
        fc:e6:d8:31:8f:43:85:44:bf:04:28:20:0f:d8:9b:
        16:e5:6e:7c:b3:06:00:89:40:b8:4e:1e:59:ba:b5:
        1b:e1:9e:db:05:e1:fa:08:c5
    writing RSA key
    -----BEGIN RSA PRIVATE KEY-----
    MIIEowIBAAKCAQEAn55ZpC4TUt22yysV9W44P1ttD9wAyHzIJUETakXfsVGlN1w3
    HRUJu9fu54aR6bcvgueVaYIG3XczWfNlmkeiQ/uNUo6jrXcRrNaItrHN4amLsBND
    bBMTrPmMcWf4Pm1V9MfnW6zEC/LeRZFWplBFXtt+m9Z+wqhshd/YcuBmseQjfskY
    iWfBKHNsX2+XvlS9xZ34UA7xdRtloiTHWOj/0fRh8l1XHhkFsK3HY1IO87mDjx9E
    dA7lHA0OQYgn1BRyrXLZkemhKK0jBFvRBQU4d4VXmxJ6syQYZyPv2ldmtUo11HI6
    jSDhTcEAUOm+lpGtNjNbKxhCwAWO1/Ol/9CXBQIDAQABAoIBACXYkuKVtik4vqWv
    gpZd2uJS2CohfOIMjBwhMOxKwv41IJpeuAaiPVuXmGK3CpPCxnYgWNHabaxHHhre
    1iFdiMDbvSdtAKwZhkxX1bSTtgAihidqedr/LvQde0pMX5TVscLHPzkCXr2CiWcv
    Tb9DWx9hpcRneEjJTGn1qEmcoVzeHhl3YioIuD11bRPoBaUigDYR87gx+SS5I4fb
    8bWK+BS9otW3eIWl/IpEKowGfcGVzvtlnvaExUVTi59FGySfXKWuUReUDM58GXE2
    qLpdDamRLoAk7wh9DYCcECOfinIEdcnZn4c2w38CBUZ5/IsMcDpqVHKBY56DjKor
    WZE9r4UCgYEAzUwGSoQUUt0Gxb72p0RJBpYGogiRwvtKIba+DvD5xwOy0w6jIrae
    fl+9t1BTv4GHJdwsv0HTn15WFja9xRPfV2UhS34ruVX3b3xd0H64zYcFxInYcKKt
    nrbE8GBkGkZUXtKf1nkCj937k/d8l6FgkoJ+NXWWkwL2Z0qXkK9YBtMCgYEAxwpK
    i7QO6Hv/TLPciUKjlwSW7bqA9xOWYXEzZHFppsMwlGtTTMjmx9OrTPHpX+cskvVQ
    WqgDbT7pg5ooXfHWWzQa0DmEErbefmllpSwR/4OrUEpBQJaqAh8OHIbBqMPKPA7D
    n5Z6TQ7gBnH8XcCBj+OGPwROwt4BekJ7Z+zT88cCgYBejjqDjavysnyRDbB7P/dG
    gkkRzlKcdLMjLhEBvrm8kRaHIUHAFk6PtDckPGomVVlS9cLiYEZBK+kImDP1ln6S
    uTCJndYzqcWqYqSvB/7EIwFkEX1P+41uAY5ZjHvuoh/wAKC/3sJwUvSxpRaMnDZn
    pJTOuJcepQmqb2+5oxkvIwKBgDeQ7+7Afcj5lPRc4hyPtgvbBCeqAYb4uOrLJ4XL
    A6vCojVNIRw2mfb/aLs6beSQLSl5ws0MSqic/6P1zX8snKMpkLLA29Y9py+zTOUn
    wH6My67GjCDz7tJYyR+9nyL2RecuV/6di9cnZ/NkrwedTo5U/o1pLnPIdrEjDkCd
    JS7RAoGBAKTml25Ox0KtYuYwiPhv47aBIWT3gal/396ubqVC2QIzBYyl3ePA7bM8
    9vYJMKZn+4KGogJeWKrR6cCGEKWkKvEtOvyHEecv2Ud2Vv+rNntw0YdvC6s/50eQ
    /ObYMY9DhUS/BCggD9ibFuVufLMGAIlAuE4eWbq1G+Ge2wXh+gjF
    

生成自签名证书(rootca)

  • 生成 RSA 私钥和自签名证书

    openssl req -newkey rsa:2048 -nodes -keyout rsa_private.key -x509 -days 365 -out cert.crt
    

    req是证书请求的子命令,-newkey rsa:2048 -keyout private_key.pem 表示生成私钥(PKCS8格式),-nodes 表示私钥不加密,若不带参数将提示输入密码;
    -x509表示输出证书,-days365 为有效期,此后根据提示输入证书拥有者信息;
    若执行自动输入,可使用-subj选项:

    openssl req -newkey rsa:2048 -nodes -keyout rsa_private.key -x509 -days 365 -out cert.crt -subj "/C=CN/ST=GD/L=SZ/O=vihoo/OU=dev/CN=vivo.com/[email protected]"
    
  • 使用 已有RSA 私钥生成自签名证书

    openssl req -new -x509 -days 365 -key rsa_private.key -out cert.crt
    

    -new 指生成证书请求,加上-x509 表示直接输出证书,-key 指定私钥文件,其余选项与上述命令相同

    Enter pass phrase for fd.key:					输入私钥的加密密码,如生成的是加密私钥
    Country Name (2 letter code) [XX]:CN			输入国家名,至少两个字符
    State or Province Name(ful name) []:JX			输入洲/省的名称
    Locality Name(eg,city) [Default City]:GZ		输入地点名称(如城市)[默认城市]
    Organization Name (eg, company) [Default Company Ltd]:JXUST				输入组织名称
    Organizational Unit Name (eg, section) []:XA							输入部门名称
    Common Name (eg, your name or your server's hostname) []:last-player	输入常用名称
    Email Address []:[email protected]					输入邮箱地址
    
    
  • 关于.crt文件
    使用vim直接查看如下:

    vim cert.crt
    

    显然和私钥文件的时候一样,要用专门的指令查看,才能看到更多信息

    
    -----BEGIN CERTIFICATE-----
    MIIDhzCCAm+gAwIBAgIJAL7Tx+5lsceuMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV
    BAYTAkNOMQswCQYDVQQIDAJKWDELMAkGA1UEBwwCR1oxDjAMBgNVBAoMBUpYVVNU
    MQswCQYDVQQLDAJYQTEUMBIGA1UEAwwLbGFzdC1wbGF5ZXIwHhcNMTgxMjA2MDI0
    ODQ1WhcNMTkxMjA2MDI0ODQ1WjBaMQswCQYDVQQGEwJDTjELMAkGA1UECAwCSlgx
    CzAJBgNVBAcMAkdaMQ4wDAYDVQQKDAVKWFVTVDELMAkGA1UECwwCWEExFDASBgNV
    BAMMC2xhc3QtcGxheWVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
    5apZ3FZDueTnsisyxPpsQ9jRY9NIY97+TZ3QQSkOkHqCzWRUFGXZzVs89gY4HV41
    Hkby1409G3fU16bNXWyiageQOdYelNoZy4mEwY9f1Fsb/FrHO6Jwye6rrS9EWKTy
    RHBjCFjSXJZ9GrZ7SHn5rvbBN05MWT2LliYcNvZxf0Kv8Gb10HCnhF9TivEZ7f4a
    p0Jos23ar8GlOlGqiPZ0r64FZge9jarKRJGKPYIS8259eZoAb6/C3b3LN8rTnQG5
    teXPxESocOahWFlLoGC27lE4wjtcSiSHwE+ze8Gqtk+mfZf3sRd9GojqiWvOoKB9
    hu0xwUJIRMYbto9LgqY4kQIDAQABo1AwTjAdBgNVHQ4EFgQUQXyWVVShzHccuBed
    YKd0B1wXiP8wHwYDVR0jBBgwFoAUQXyWVVShzHccuBedYKd0B1wXiP8wDAYDVR0T
    BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEACtlDGERQhy1atQxzu51Fn2h3fmHr
    12j3CCZ0Ud4JgonDZmSjpO0g903tp9R6kFwZ2rlFRY1uNxKHZ+QGGsCnyiXMt7oK
    iq+54NZ98N0xPkGizsQrU8L1K4/IXfTEWt1Gi/7vcjRgTuRv4ontF521aNdH8brQ
    7eRDe1Z5hpxnurqndX3/Uuuuses2d0+Z3H38ZcdrwiNDlrbDcTJXjLFERu8DGyZl
    0o/Vc9XCtH7rgRlbjg6tj8ie5mp3HPvCnaf98PBiCEfzkcX7L/zwLry5mnvszv4g
    8U4XWRagprKznIHU5SIfi2OYhefXYPHSpsAqhSgeW9zKOQqjRZgOQakGqQ==
    
    

    查看指令

    openssl x509 -text -in cert.crt
    

    里面包含生成证书的各种消息,以及公钥及其sha256的hash值

    
    Certificate:
        Data:
            Version: 3 (0x2)
            Serial Number:
                be:d3:c7:ee:65:b1:c7:ae
        Signature Algorithm: sha256WithRSAEncryption
            Issuer: C=CN, ST=JX, L=GZ, O=JXUST, OU=XA, CN=last-player
            Validity
                Not Before: Dec  6 02:48:45 2018 GMT
                Not After : Dec  6 02:48:45 2019 GMT
            Subject: C=CN, ST=JX, L=GZ, O=JXUST, OU=XA, CN=last-player
            Subject Public Key Info:
                Public Key Algorithm: rsaEncryption
                    Public-Key: (2048 bit)
                    Modulus:
                        00:e5:aa:59:dc:56:43:b9:e4:e7:b2:2b:32:c4:fa:
                        6c:43:d8:d1:63:d3:48:63:de:fe:4d:9d:d0:41:29:
                        0e:90:7a:82:cd:64:54:14:65:d9:cd:5b:3c:f6:06:
                        38:1d:5e:35:1e:46:f2:d7:8d:3d:1b:77:d4:d7:a6:
                        cd:5d:6c:a2:6a:07:90:39:d6:1e:94:da:19:cb:89:
                        84:c1:8f:5f:d4:5b:1b:fc:5a:c7:3b:a2:70:c9:ee:
                        ab:ad:2f:44:58:a4:f2:44:70:63:08:58:d2:5c:96:
                        7d:1a:b6:7b:48:79:f9:ae:f6:c1:37:4e:4c:59:3d:
                        8b:96:26:1c:36:f6:71:7f:42:af:f0:66:f5:d0:70:
                        a7:84:5f:53:8a:f1:19:ed:fe:1a:a7:42:68:b3:6d:
                        da:af:c1:a5:3a:51:aa:88:f6:74:af:ae:05:66:07:
                        bd:8d:aa:ca:44:91:8a:3d:82:12:f3:6e:7d:79:9a:
                        00:6f:af:c2:dd:bd:cb:37:ca:d3:9d:01:b9:b5:e5:
                        cf:c4:44:a8:70:e6:a1:58:59:4b:a0:60:b6:ee:51:
                        38:c2:3b:5c:4a:24:87:c0:4f:b3:7b:c1:aa:b6:4f:
                        a6:7d:97:f7:b1:17:7d:1a:88:ea:89:6b:ce:a0:a0:
                        7d:86:ed:31:c1:42:48:44:c6:1b:b6:8f:4b:82:a6:
                        38:91
                    Exponent: 65537 (0x10001)
            X509v3 extensions:
                X509v3 Subject Key Identifier:
                    41:7C:96:55:54:A1:CC:77:1C:B8:17:9D:60:A7:74:07:5C:17:88:FF
                X509v3 Authority Key Identifier:
                    keyid:41:7C:96:55:54:A1:CC:77:1C:B8:17:9D:60:A7:74:07:5C:17:88:FF
    
                X509v3 Basic Constraints:
                    CA:TRUE
        Signature Algorithm: sha256WithRSAEncryption
             0a:d9:43:18:44:50:87:2d:5a:b5:0c:73:bb:9d:45:9f:68:77:
             7e:61:eb:d7:68:f7:08:26:74:51:de:09:82:89:c3:66:64:a3:
             a4:ed:20:f7:4d:ed:a7:d4:7a:90:5c:19:da:b9:45:45:8d:6e:
             37:12:87:67:e4:06:1a:c0:a7:ca:25:cc:b7:ba:0a:8a:af:b9:
             e0:d6:7d:f0:dd:31:3e:41:a2:ce:c4:2b:53:c2:f5:2b:8f:c8:
             5d:f4:c4:5a:dd:46:8b:fe:ef:72:34:60:4e:e4:6f:e2:89:ed:
             17:9d:b5:68:d7:47:f1:ba:d0:ed:e4:43:7b:56:79:86:9c:67:
             ba:ba:a7:75:7d:ff:52:eb:ae:b1:eb:36:77:4f:99:dc:7d:fc:
             65:c7:6b:c2:23:43:96:b6:c3:71:32:57:8c:b1:44:46:ef:03:
             1b:26:65:d2:8f:d5:73:d5:c2:b4:7e:eb:81:19:5b:8e:0e:ad:
             8f:c8:9e:e6:6a:77:1c:fb:c2:9d:a7:fd:f0:f0:62:08:47:f3:
             91:c5:fb:2f:fc:f0:2e:bc:b9:9a:7b:ec:ce:fe:20:f1:4e:17:
             59:16:a0:a6:b2:b3:9c:81:d4:e5:22:1f:8b:63:98:85:e7:d7:
             60:f1:d2:a6:c0:2a:85:28:1e:5b:dc:ca:39:0a:a3:45:98:0e:
             41:a9:06:a9
    -----BEGIN CERTIFICATE-----
    MIIDhzCCAm+gAwIBAgIJAL7Tx+5lsceuMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV
    BAYTAkNOMQswCQYDVQQIDAJKWDELMAkGA1UEBwwCR1oxDjAMBgNVBAoMBUpYVVNU
    MQswCQYDVQQLDAJYQTEUMBIGA1UEAwwLbGFzdC1wbGF5ZXIwHhcNMTgxMjA2MDI0
    ODQ1WhcNMTkxMjA2MDI0ODQ1WjBaMQswCQYDVQQGEwJDTjELMAkGA1UECAwCSlgx
    CzAJBgNVBAcMAkdaMQ4wDAYDVQQKDAVKWFVTVDELMAkGA1UECwwCWEExFDASBgNV
    BAMMC2xhc3QtcGxheWVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
    5apZ3FZDueTnsisyxPpsQ9jRY9NIY97+TZ3QQSkOkHqCzWRUFGXZzVs89gY4HV41
    Hkby1409G3fU16bNXWyiageQOdYelNoZy4mEwY9f1Fsb/FrHO6Jwye6rrS9EWKTy
    RHBjCFjSXJZ9GrZ7SHn5rvbBN05MWT2LliYcNvZxf0Kv8Gb10HCnhF9TivEZ7f4a
    p0Jos23ar8GlOlGqiPZ0r64FZge9jarKRJGKPYIS8259eZoAb6/C3b3LN8rTnQG5
    teXPxESocOahWFlLoGC27lE4wjtcSiSHwE+ze8Gqtk+mfZf3sRd9GojqiWvOoKB9
    hu0xwUJIRMYbto9LgqY4kQIDAQABo1AwTjAdBgNVHQ4EFgQUQXyWVVShzHccuBed
    YKd0B1wXiP8wHwYDVR0jBBgwFoAUQXyWVVShzHccuBedYKd0B1wXiP8wDAYDVR0T
    BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEACtlDGERQhy1atQxzu51Fn2h3fmHr
    12j3CCZ0Ud4JgonDZmSjpO0g903tp9R6kFwZ2rlFRY1uNxKHZ+QGGsCnyiXMt7oK
    iq+54NZ98N0xPkGizsQrU8L1K4/IXfTEWt1Gi/7vcjRgTuRv4ontF521aNdH8brQ
    7eRDe1Z5hpxnurqndX3/Uuuuses2d0+Z3H38ZcdrwiNDlrbDcTJXjLFERu8DGyZl
    0o/Vc9XCtH7rgRlbjg6tj8ie5mp3HPvCnaf98PBiCEfzkcX7L/zwLry5mnvszv4g
    8U4XWRagprKznIHU5SIfi2OYhefXYPHSpsAqhSgeW9zKOQqjRZgOQakGqQ==
    -----END CERTIFICATE-----
    

    根证书我们已经有了,下面进证书签名

生成签名请求及CA 签名

  • 使用RSA私钥生成CSR签名请求
    安全考虑,我们要重新生成一份rsa密钥

    openssl genrsa -aes256 -out server.key
    

    这里要重复输入两次密码

    Enter pass phrase for server.key:
    Verifying - Enter pass phrase for server.key:
    

    下面用新生成的rsa私钥生成csr签名请求

    openssl req -new -key server.key -out server.csr
    

    输入密码,按照要求把信息写上,这次多了一个

    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:extra			挑战密码,数字签名认证是用的,话说是一个固定值是不是不太好
    An optional company name []:JXUST
    

    到此我们就有了一个csr签名请求文件,打开看一下,直接打开还是没什么信息,用下面命令打开

    openssl req -text -in server.csr
    
    Certificate Request:
        Data:
            Version: 0 (0x0)
            Subject: C=CN, ST=JX, L=GZ, O=JXUST, OU=XA, CN=last-player/[email protected]
            Subject Public Key Info:
                Public Key Algorithm: rsaEncryption
                    Public-Key: (2048 bit)
                    Modulus:
                        00:aa:5f:ba:4b:cd:02:08:72:17:4a:e5:61:86:69:
                        af:00:da:ea:b1:23:bb:e2:13:0d:22:b1:5e:dd:d2:
                        f1:46:e2:30:f9:82:5d:04:be:4e:26:44:5d:a7:e6:
                        6a:07:1b:f8:6f:bb:eb:89:ec:2d:08:75:4a:1e:b8:
                        df:c2:48:ab:b1:2e:fc:0c:ff:53:5d:28:42:d2:7f:
                        81:af:bc:ea:4a:a9:e8:96:a0:20:b6:7f:fa:fb:32:
                        51:3a:53:3b:23:45:95:ac:b0:9d:98:90:81:5d:10:
                        46:15:c1:8c:7c:4f:68:4f:a6:c6:b8:85:b7:0a:26:
                        74:ed:48:b5:e6:e7:93:65:fa:d0:fd:ac:ea:4f:51:
                        72:ea:50:9a:bf:29:c3:f2:5e:ac:8c:8a:86:d0:17:
                        d5:4b:1c:ae:74:2b:7c:25:fd:0b:93:23:e5:bd:69:
                        8c:a9:9f:7f:59:11:4a:3c:3a:75:67:ee:34:45:a5:
                        5d:3b:cc:97:fc:ac:05:7a:25:8e:a5:81:d5:b0:5b:
                        37:91:3a:09:de:2e:83:54:f8:19:7f:16:d7:4a:b6:
                        ac:9a:f8:40:06:7c:f7:75:6d:b9:09:8b:35:ee:11:
                        9b:e6:d4:09:8b:50:aa:48:20:fe:36:cc:93:dd:6b:
                        1b:34:76:a2:39:fd:fb:ee:64:b8:26:ff:51:3f:b6:
                        4b:55
                    Exponent: 65537 (0x10001)
            Attributes:
                unstructuredName         :JXUST
                challengePassword        :extra
        Signature Algorithm: sha256WithRSAEncryption
             a1:54:f9:f8:ba:b2:80:ea:42:1a:18:eb:f8:73:96:12:35:19:
             59:74:75:94:fc:31:2b:d8:36:79:c8:56:a0:bf:de:e6:73:23:
             31:be:6d:96:86:73:4f:bc:1e:1a:cc:79:b0:26:bd:92:2f:df:
             61:91:94:7e:49:60:05:13:89:25:d9:14:50:6b:d3:54:c5:20:
             80:c7:04:69:cf:79:06:45:56:c1:51:46:a2:81:35:7f:08:b8:
             3f:05:69:72:cc:14:02:93:8d:da:61:d6:01:72:56:02:08:98:
             35:89:f5:d7:80:e5:bf:7e:90:fa:e6:c2:ca:4b:82:e2:75:66:
             80:f8:3e:aa:5b:21:bc:66:07:e1:67:f4:76:4e:50:ad:dc:0e:
             fc:a6:e1:98:25:4c:30:18:c5:16:9f:87:32:46:be:27:ff:32:
             d2:38:67:6b:5d:e3:27:2f:ef:75:1f:cc:ae:3b:8a:ba:2d:66:
             08:b5:6c:5f:27:38:41:cb:6c:30:5a:32:37:1e:2a:bc:93:e8:
             7e:01:b4:d5:c5:7c:b4:f4:6d:b5:42:e8:80:26:4e:eb:49:c0:
             27:24:8d:3b:16:fb:a3:0e:63:eb:a2:a2:af:b0:0d:d2:ee:1e:
             dc:cb:a3:fa:df:f7:64:80:88:5b:0d:2a:76:b1:91:0f:f7:60:
             75:90:1f:4f
    -----BEGIN CERTIFICATE REQUEST-----
    MIIC7DCCAdQCAQAwezELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkpYMQswCQYDVQQH
    DAJHWjEOMAwGA1UECgwFSlhVU1QxCzAJBgNVBAsMAlhBMRQwEgYDVQQDDAtsYXN0
    LXBsYXllcjEfMB0GCSqGSIb3DQEJARYQODM4MzMxNjM0QHFxLmNvbTCCASIwDQYJ
    KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKpfukvNAghyF0rlYYZprwDa6rEju+IT
    DSKxXt3S8UbiMPmCXQS+TiZEXafmagcb+G+764nsLQh1Sh6438JIq7Eu/Az/U10o
    QtJ/ga+86kqp6JagILZ/+vsyUTpTOyNFlaywnZiQgV0QRhXBjHxPaE+mxriFtwom
    dO1Itebnk2X60P2s6k9RcupQmr8pw/JerIyKhtAX1UscrnQrfCX9C5Mj5b1pjKmf
    f1kRSjw6dWfuNEWlXTvMl/ysBXoljqWB1bBbN5E6Cd4ug1T4GX8W10q2rJr4QAZ8
    93VtuQmLNe4Rm+bUCYtQqkgg/jbMk91rGzR2ojn9++5kuCb/UT+2S1UCAwEAAaAs
    MBQGCSqGSIb3DQEJAjEHDAVKWFVTVDAUBgkqhkiG9w0BCQcxBwwFZXh0cmEwDQYJ
    KoZIhvcNAQELBQADggEBAKFU+fi6soDqQhoY6/hzlhI1GVl0dZT8MSvYNnnIVqC/
    3uZzIzG+bZaGc0+8HhrMebAmvZIv32GRlH5JYAUTiSXZFFBr01TFIIDHBGnPeQZF
    VsFRRqKBNX8IuD8FaXLMFAKTjdph1gFyVgIImDWJ9deA5b9+kPrmwspLguJ1ZoD4
    PqpbIbxmB+Fn9HZOUK3cDvym4ZglTDAYxRafhzJGvif/MtI4Z2td4ycv73UfzK47
    irotZgi1bF8nOEHLbDBaMjceKryT6H4BtNXFfLT0bbVC6IAmTutJwCckjTsW+6MO
    Y+uioq+wDdLuHtzLo/rf92SAiFsNKnaxkQ/3YHWQH08=
    -----END CERTIFICATE REQUEST-----
    

    有了csr请求文件,现在就查ca签名了

    openssl x509 -req -days 3650 -in server.csr -CA cert.crt -CAkey fd.key -CAcreateserial -out server.crt
    

    出现如下结果,证明签名成功,我们得到一个由cert.crt签名认证的证书server.crt

    Signature ok
    subject=/C=CN/ST=JX/L=GZ/O=JXUST/OU=XA/CN=last-player/[email protected]
    Getting CA Private Key
    Enter pass phrase for fd.key:
    

    打开看一下 -noout指令就是不输出,vim指令可以看到的内容

    openssl req -text -in server.csr -noout
    
    Certificate Request:
        Data:
            Version: 0 (0x0)
            Subject: C=CN, ST=JX, L=GZ, O=JXUST, OU=XA, CN=last-player/[email protected]
            Subject Public Key Info:
                Public Key Algorithm: rsaEncryption
                    Public-Key: (2048 bit)
                    Modulus:
                        00:aa:5f:ba:4b:cd:02:08:72:17:4a:e5:61:86:69:
                        af:00:da:ea:b1:23:bb:e2:13:0d:22:b1:5e:dd:d2:
                        f1:46:e2:30:f9:82:5d:04:be:4e:26:44:5d:a7:e6:
                        6a:07:1b:f8:6f:bb:eb:89:ec:2d:08:75:4a:1e:b8:
                        df:c2:48:ab:b1:2e:fc:0c:ff:53:5d:28:42:d2:7f:
                        81:af:bc:ea:4a:a9:e8:96:a0:20:b6:7f:fa:fb:32:
                        51:3a:53:3b:23:45:95:ac:b0:9d:98:90:81:5d:10:
                        46:15:c1:8c:7c:4f:68:4f:a6:c6:b8:85:b7:0a:26:
                        74:ed:48:b5:e6:e7:93:65:fa:d0:fd:ac:ea:4f:51:
                        72:ea:50:9a:bf:29:c3:f2:5e:ac:8c:8a:86:d0:17:
                        d5:4b:1c:ae:74:2b:7c:25:fd:0b:93:23:e5:bd:69:
                        8c:a9:9f:7f:59:11:4a:3c:3a:75:67:ee:34:45:a5:
                        5d:3b:cc:97:fc:ac:05:7a:25:8e:a5:81:d5:b0:5b:
                        37:91:3a:09:de:2e:83:54:f8:19:7f:16:d7:4a:b6:
                        ac:9a:f8:40:06:7c:f7:75:6d:b9:09:8b:35:ee:11:
                        9b:e6:d4:09:8b:50:aa:48:20:fe:36:cc:93:dd:6b:
                        1b:34:76:a2:39:fd:fb:ee:64:b8:26:ff:51:3f:b6:
                        4b:55
                    Exponent: 65537 (0x10001)
            Attributes:
                unstructuredName         :JXUST
                challengePassword        :extra
        Signature Algorithm: sha256WithRSAEncryption
             a1:54:f9:f8:ba:b2:80:ea:42:1a:18:eb:f8:73:96:12:35:19:
             59:74:75:94:fc:31:2b:d8:36:79:c8:56:a0:bf:de:e6:73:23:
             31:be:6d:96:86:73:4f:bc:1e:1a:cc:79:b0:26:bd:92:2f:df:
             61:91:94:7e:49:60:05:13:89:25:d9:14:50:6b:d3:54:c5:20:
             80:c7:04:69:cf:79:06:45:56:c1:51:46:a2:81:35:7f:08:b8:
             3f:05:69:72:cc:14:02:93:8d:da:61:d6:01:72:56:02:08:98:
             35:89:f5:d7:80:e5:bf:7e:90:fa:e6:c2:ca:4b:82:e2:75:66:
             80:f8:3e:aa:5b:21:bc:66:07:e1:67:f4:76:4e:50:ad:dc:0e:
             fc:a6:e1:98:25:4c:30:18:c5:16:9f:87:32:46:be:27:ff:32:
             d2:38:67:6b:5d:e3:27:2f:ef:75:1f:cc:ae:3b:8a:ba:2d:66:
             08:b5:6c:5f:27:38:41:cb:6c:30:5a:32:37:1e:2a:bc:93:e8:
             7e:01:b4:d5:c5:7c:b4:f4:6d:b5:42:e8:80:26:4e:eb:49:c0:
             27:24:8d:3b:16:fb:a3:0e:63:eb:a2:a2:af:b0:0d:d2:ee:1e:
             dc:cb:a3:fa:df:f7:64:80:88:5b:0d:2a:76:b1:91:0f:f7:60:
             75:90:1f:4f
    
    

你可能感兴趣的:(服务器)