hhhh第一次用markdown,见谅见谅
openssl 是目前最流行的 SSL 密码库工具,其提供了一个通用、健壮、功能完备的工具套件,用以支持SSL/TLS 协议的实现。
直接生成私钥与公钥
openssl genrsa -out fa.key
结果
Generating RSA private key, 2048 bit long modulus
....................................+++
...........................................................................................+++
e is 65537 (0x10001)
生成成功,e默认选的65537,现在大家公认安全的
生成对应公钥 ,关于为什么可以从私钥中生成公钥后面解释
openssl rsa -in fd.key -pubout -out fd-public.key
出现writing RSA key,生成成功
生成加密的私钥与公钥
直接生成没加密的显然不安全,用这个命令可以对私钥文件加密,查看详细信息的时候要用密码解密
openssl genrsa -aes128 -out fd.key 2048(密码)
openssl rsa -in fd.key -pubout -out fd-public.key 204(密码)
vim fd.ke//打开私钥文件
关于生成的私钥文件
直接打开私钥,公钥文件如下,没有太多的有效信息
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAn55ZpC4TUt22yysV9W44P1ttD9wAyHzIJUETakXfsVGlN1w3
HRUJu9fu54aR6bcvgueVaYIG3XczWfNlmkeiQ/uNUo6jrXcRrNaItrHN4amLsBND
bBMTrPmMcWf4Pm1V9MfnW6zEC/LeRZFWplBFXtt+m9Z+wqhshd/YcuBmseQjfskY
iWfBKHNsX2+XvlS9xZ34UA7xdRtloiTHWOj/0fRh8l1XHhkFsK3HY1IO87mDjx9E
dA7lHA0OQYgn1BRyrXLZkemhKK0jBFvRBQU4d4VXmxJ6syQYZyPv2ldmtUo11HI6
jSDhTcEAUOm+lpGtNjNbKxhCwAWO1/Ol/9CXBQIDAQABAoIBACXYkuKVtik4vqWv
gpZd2uJS2CohfOIMjBwhMOxKwv41IJpeuAaiPVuXmGK3CpPCxnYgWNHabaxHHhre
1iFdiMDbvSdtAKwZhkxX1bSTtgAihidqedr/LvQde0pMX5TVscLHPzkCXr2CiWcv
Tb9DWx9hpcRneEjJTGn1qEmcoVzeHhl3YioIuD11bRPoBaUigDYR87gx+SS5I4fb
8bWK+BS9otW3eIWl/IpEKowGfcGVzvtlnvaExUVTi59FGySfXKWuUReUDM58GXE2
qLpdDamRLoAk7wh9DYCcECOfinIEdcnZn4c2w38CBUZ5/IsMcDpqVHKBY56DjKor
WZE9r4UCgYEAzUwGSoQUUt0Gxb72p0RJBpYGogiRwvtKIba+DvD5xwOy0w6jIrae
fl+9t1BTv4GHJdwsv0HTn15WFja9xRPfV2UhS34ruVX3b3xd0H64zYcFxInYcKKt
nrbE8GBkGkZUXtKf1nkCj937k/d8l6FgkoJ+NXWWkwL2Z0qXkK9YBtMCgYEAxwpK
i7QO6Hv/TLPciUKjlwSW7bqA9xOWYXEzZHFppsMwlGtTTMjmx9OrTPHpX+cskvVQ
WqgDbT7pg5ooXfHWWzQa0DmEErbefmllpSwR/4OrUEpBQJaqAh8OHIbBqMPKPA7D
n5Z6TQ7gBnH8XcCBj+OGPwROwt4BekJ7Z+zT88cCgYBejjqDjavysnyRDbB7P/dG
gkkRzlKcdLMjLhEBvrm8kRaHIUHAFk6PtDckPGomVVlS9cLiYEZBK+kImDP1ln6S
uTCJndYzqcWqYqSvB/7EIwFkEX1P+41uAY5ZjHvuoh/wAKC/3sJwUvSxpRaMnDZn
pJTOuJcepQmqb2+5oxkvIwKBgDeQ7+7Afcj5lPRc4hyPtgvbBCeqAYb4uOrLJ4XL
A6vCojVNIRw2mfb/aLs6beSQLSl5ws0MSqic/6P1zX8snKMpkLLA29Y9py+zTOUn
wH6My67GjCDz7tJYyR+9nyL2RecuV/6di9cnZ/NkrwedTo5U/o1pLnPIdrEjDkCd
JS7RAoGBAKTml25Ox0KtYuYwiPhv47aBIWT3gal/396ubqVC2QIzBYyl3ePA7bM8
9vYJMKZn+4KGogJeWKrR6cCGEKWkKvEtOvyHEecv2Ud2Vv+rNntw0YdvC6s/50eQ
/ObYMY9DhUS/BCggD9ibFuVufLMGAIlAuE4eWbq1G+Ge2wXh+gjF
-----END RSA PRIVATE KEY-----
如果想获得更多信息,用下面的指令
openssl rsa -text -in fd.key
结果如下
一个prime1,一个prime2就是生成大数n的两个素数,私钥中包含所有信息,所以可以用来生成公钥,
Private-Key: (2048 bit)
modulus:
00:9f:9e:59:a4:2e:13:52:dd:b6:cb:2b:15:f5:6e:
38:3f:5b:6d:0f:dc:00:c8:7c:c8:25:41:13:6a:45:
df:b1:51:a5:37:5c:37:1d:15:09:bb:d7:ee:e7:86:
91:e9:b7:2f:82:e7:95:69:82:06:dd:77:33:59:f3:
65:9a:47:a2:43:fb:8d:52:8e:a3:ad:77:11:ac:d6:
88:b6:b1:cd:e1:a9:8b:b0:13:43:6c:13:13:ac:f9:
8c:71:67:f8:3e:6d:55:f4:c7:e7:5b:ac:c4:0b:f2:
de:45:91:56:a6:50:45:5e:db:7e:9b:d6:7e:c2:a8:
6c:85:df:d8:72:e0:66:b1:e4:23:7e:c9:18:89:67:
c1:28:73:6c:5f:6f:97:be:54:bd:c5:9d:f8:50:0e:
f1:75:1b:65:a2:24:c7:58:e8:ff:d1:f4:61:f2:5d:
57:1e:19:05:b0:ad:c7:63:52:0e:f3:b9:83:8f:1f:
44:74:0e:e5:1c:0d:0e:41:88:27:d4:14:72:ad:72:
d9:91:e9:a1:28:ad:23:04:5b:d1:05:05:38:77:85:
57:9b:12:7a:b3:24:18:67:23:ef:da:57:66:b5:4a:
35:d4:72:3a:8d:20:e1:4d:c1:00:50:e9:be:96:91:
ad:36:33:5b:2b:18:42:c0:05:8e:d7:f3:a5:ff:d0:
97:05
publicExponent: 65537 (0x10001)
privateExponent:
25:d8:92:e2:95:b6:29:38:be:a5:af:82:96:5d:da:
e2:52:d8:2a:21:7c:e2:0c:8c:1c:21:30:ec:4a:c2:
fe:35:20:9a:5e:b8:06:a2:3d:5b:97:98:62:b7:0a:
93:c2:c6:76:20:58:d1:da:6d:ac:47:1e:1a:de:d6:
21:5d:88:c0:db:bd:27:6d:00:ac:19:86:4c:57:d5:
b4:93:b6:00:22:86:27:6a:79:da:ff:2e:f4:1d:7b:
4a:4c:5f:94:d5:b1:c2:c7:3f:39:02:5e:bd:82:89:
67:2f:4d:bf:43:5b:1f:61:a5:c4:67:78:48:c9:4c:
69:f5:a8:49:9c:a1:5c:de:1e:19:77:62:2a:08:b8:
3d:75:6d:13:e8:05:a5:22:80:36:11:f3:b8:31:f9:
24:b9:23:87:db:f1:b5:8a:f8:14:bd:a2:d5:b7:78:
85:a5:fc:8a:44:2a:8c:06:7d:c1:95:ce:fb:65:9e:
f6:84:c5:45:53:8b:9f:45:1b:24:9f:5c:a5:ae:51:
17:94:0c:ce:7c:19:71:36:a8:ba:5d:0d:a9:91:2e:
80:24:ef:08:7d:0d:80:9c:10:23:9f:8a:72:04:75:
c9:d9:9f:87:36:c3:7f:02:05:46:79:fc:8b:0c:70:
3a:6a:54:72:81:63:9e:83:8c:aa:2b:59:91:3d:af:
85
prime1:
00:cd:4c:06:4a:84:14:52:dd:06:c5:be:f6:a7:44:
49:06:96:06:a2:08:91:c2:fb:4a:21:b6:be:0e:f0:
f9:c7:03:b2:d3:0e:a3:22:b6:9e:7e:5f:bd:b7:50:
53:bf:81:87:25:dc:2c:bf:41:d3:9f:5e:56:16:36:
bd:c5:13:df:57:65:21:4b:7e:2b:b9:55:f7:6f:7c:
5d:d0:7e:b8:cd:87:05:c4:89:d8:70:a2:ad:9e:b6:
c4:f0:60:64:1a:46:54:5e:d2:9f:d6:79:02:8f:dd:
fb:93:f7:7c:97:a1:60:92:82:7e:35:75:96:93:02:
f6:67:4a:97:90:af:58:06:d3
prime2:
00:c7:0a:4a:8b:b4:0e:e8:7b:ff:4c:b3:dc:89:42:
a3:97:04:96:ed:ba:80:f7:13:96:61:71:33:64:71:
69:a6:c3:30:94:6b:53:4c:c8:e6:c7:d3:ab:4c:f1:
e9:5f:e7:2c:92:f5:50:5a:a8:03:6d:3e:e9:83:9a:
28:5d:f1:d6:5b:34:1a:d0:39:84:12:b6:de:7e:69:
65:a5:2c:11:ff:83:ab:50:4a:41:40:96:aa:02:1f:
0e:1c:86:c1:a8:c3:ca:3c:0e:c3:9f:96:7a:4d:0e:
e0:06:71:fc:5d:c0:81:8f:e3:86:3f:04:4e:c2:de:
01:7a:42:7b:67:ec:d3:f3:c7
exponent1:
5e:8e:3a:83:8d:ab:f2:b2:7c:91:0d:b0:7b:3f:f7:
46:82:49:11:ce:52:9c:74:b3:23:2e:11:01:be:b9:
bc:91:16:87:21:41:c0:16:4e:8f:b4:37:24:3c:6a:
26:55:59:52:f5:c2:e2:60:46:41:2b:e9:08:98:33:
f5:96:7e:92:b9:30:89:9d:d6:33:a9:c5:aa:62:a4:
af:07:fe:c4:23:01:64:11:7d:4f:fb:8d:6e:01:8e:
59:8c:7b:ee:a2:1f:f0:00:a0:bf:de:c2:70:52:f4:
b1:a5:16:8c:9c:36:67:a4:94:ce:b8:97:1e:a5:09:
aa:6f:6f:b9:a3:19:2f:23
exponent2:
37:90:ef:ee:c0:7d:c8:f9:94:f4:5c:e2:1c:8f:b6:
0b:db:04:27:aa:01:86:f8:b8:ea:cb:27:85:cb:03:
ab:c2:a2:35:4d:21:1c:36:99:f6:ff:68:bb:3a:6d:
e4:90:2d:29:79:c2:cd:0c:4a:a8:9c:ff:a3:f5:cd:
7f:2c:9c:a3:29:90:b2:c0:db:d6:3d:a7:2f:b3:4c:
e5:27:c0:7e:8c:cb:ae:c6:8c:20:f3:ee:d2:58:c9:
1f:bd:9f:22:f6:45:e7:2e:57:fe:9d:8b:d7:27:67:
f3:64:af:07:9d:4e:8e:54:fe:8d:69:2e:73:c8:76:
b1:23:0e:40:9d:25:2e:d1
coefficient:
00:a4:e6:97:6e:4e:c7:42:ad:62:e6:30:88:f8:6f:
e3:b6:81:21:64:f7:81:a9:7f:df:de:ae:6e:a5:42:
d9:02:33:05:8c:a5:dd:e3:c0:ed:b3:3c:f6:f6:09:
30:a6:67:fb:82:86:a2:02:5e:58:aa:d1:e9:c0:86:
10:a5:a4:2a:f1:2d:3a:fc:87:11:e7:2f:d9:47:76:
56:ff:ab:36:7b:70:d1:87:6f:0b:ab:3f:e7:47:90:
fc:e6:d8:31:8f:43:85:44:bf:04:28:20:0f:d8:9b:
16:e5:6e:7c:b3:06:00:89:40:b8:4e:1e:59:ba:b5:
1b:e1:9e:db:05:e1:fa:08:c5
writing RSA key
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAn55ZpC4TUt22yysV9W44P1ttD9wAyHzIJUETakXfsVGlN1w3
HRUJu9fu54aR6bcvgueVaYIG3XczWfNlmkeiQ/uNUo6jrXcRrNaItrHN4amLsBND
bBMTrPmMcWf4Pm1V9MfnW6zEC/LeRZFWplBFXtt+m9Z+wqhshd/YcuBmseQjfskY
iWfBKHNsX2+XvlS9xZ34UA7xdRtloiTHWOj/0fRh8l1XHhkFsK3HY1IO87mDjx9E
dA7lHA0OQYgn1BRyrXLZkemhKK0jBFvRBQU4d4VXmxJ6syQYZyPv2ldmtUo11HI6
jSDhTcEAUOm+lpGtNjNbKxhCwAWO1/Ol/9CXBQIDAQABAoIBACXYkuKVtik4vqWv
gpZd2uJS2CohfOIMjBwhMOxKwv41IJpeuAaiPVuXmGK3CpPCxnYgWNHabaxHHhre
1iFdiMDbvSdtAKwZhkxX1bSTtgAihidqedr/LvQde0pMX5TVscLHPzkCXr2CiWcv
Tb9DWx9hpcRneEjJTGn1qEmcoVzeHhl3YioIuD11bRPoBaUigDYR87gx+SS5I4fb
8bWK+BS9otW3eIWl/IpEKowGfcGVzvtlnvaExUVTi59FGySfXKWuUReUDM58GXE2
qLpdDamRLoAk7wh9DYCcECOfinIEdcnZn4c2w38CBUZ5/IsMcDpqVHKBY56DjKor
WZE9r4UCgYEAzUwGSoQUUt0Gxb72p0RJBpYGogiRwvtKIba+DvD5xwOy0w6jIrae
fl+9t1BTv4GHJdwsv0HTn15WFja9xRPfV2UhS34ruVX3b3xd0H64zYcFxInYcKKt
nrbE8GBkGkZUXtKf1nkCj937k/d8l6FgkoJ+NXWWkwL2Z0qXkK9YBtMCgYEAxwpK
i7QO6Hv/TLPciUKjlwSW7bqA9xOWYXEzZHFppsMwlGtTTMjmx9OrTPHpX+cskvVQ
WqgDbT7pg5ooXfHWWzQa0DmEErbefmllpSwR/4OrUEpBQJaqAh8OHIbBqMPKPA7D
n5Z6TQ7gBnH8XcCBj+OGPwROwt4BekJ7Z+zT88cCgYBejjqDjavysnyRDbB7P/dG
gkkRzlKcdLMjLhEBvrm8kRaHIUHAFk6PtDckPGomVVlS9cLiYEZBK+kImDP1ln6S
uTCJndYzqcWqYqSvB/7EIwFkEX1P+41uAY5ZjHvuoh/wAKC/3sJwUvSxpRaMnDZn
pJTOuJcepQmqb2+5oxkvIwKBgDeQ7+7Afcj5lPRc4hyPtgvbBCeqAYb4uOrLJ4XL
A6vCojVNIRw2mfb/aLs6beSQLSl5ws0MSqic/6P1zX8snKMpkLLA29Y9py+zTOUn
wH6My67GjCDz7tJYyR+9nyL2RecuV/6di9cnZ/NkrwedTo5U/o1pLnPIdrEjDkCd
JS7RAoGBAKTml25Ox0KtYuYwiPhv47aBIWT3gal/396ubqVC2QIzBYyl3ePA7bM8
9vYJMKZn+4KGogJeWKrR6cCGEKWkKvEtOvyHEecv2Ud2Vv+rNntw0YdvC6s/50eQ
/ObYMY9DhUS/BCggD9ibFuVufLMGAIlAuE4eWbq1G+Ge2wXh+gjF
生成 RSA 私钥和自签名证书
openssl req -newkey rsa:2048 -nodes -keyout rsa_private.key -x509 -days 365 -out cert.crt
req是证书请求的子命令,-newkey rsa:2048 -keyout private_key.pem 表示生成私钥(PKCS8格式),-nodes 表示私钥不加密,若不带参数将提示输入密码;
-x509表示输出证书,-days365 为有效期,此后根据提示输入证书拥有者信息;
若执行自动输入,可使用-subj选项:
openssl req -newkey rsa:2048 -nodes -keyout rsa_private.key -x509 -days 365 -out cert.crt -subj "/C=CN/ST=GD/L=SZ/O=vihoo/OU=dev/CN=vivo.com/[email protected]"
使用 已有RSA 私钥生成自签名证书
openssl req -new -x509 -days 365 -key rsa_private.key -out cert.crt
-new 指生成证书请求,加上-x509 表示直接输出证书,-key 指定私钥文件,其余选项与上述命令相同
Enter pass phrase for fd.key: 输入私钥的加密密码,如生成的是加密私钥
Country Name (2 letter code) [XX]:CN 输入国家名,至少两个字符
State or Province Name(ful name) []:JX 输入洲/省的名称
Locality Name(eg,city) [Default City]:GZ 输入地点名称(如城市)[默认城市]
Organization Name (eg, company) [Default Company Ltd]:JXUST 输入组织名称
Organizational Unit Name (eg, section) []:XA 输入部门名称
Common Name (eg, your name or your server's hostname) []:last-player 输入常用名称
Email Address []:[email protected] 输入邮箱地址
关于.crt文件
使用vim直接查看如下:
vim cert.crt
显然和私钥文件的时候一样,要用专门的指令查看,才能看到更多信息
-----BEGIN CERTIFICATE-----
MIIDhzCCAm+gAwIBAgIJAL7Tx+5lsceuMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV
BAYTAkNOMQswCQYDVQQIDAJKWDELMAkGA1UEBwwCR1oxDjAMBgNVBAoMBUpYVVNU
MQswCQYDVQQLDAJYQTEUMBIGA1UEAwwLbGFzdC1wbGF5ZXIwHhcNMTgxMjA2MDI0
ODQ1WhcNMTkxMjA2MDI0ODQ1WjBaMQswCQYDVQQGEwJDTjELMAkGA1UECAwCSlgx
CzAJBgNVBAcMAkdaMQ4wDAYDVQQKDAVKWFVTVDELMAkGA1UECwwCWEExFDASBgNV
BAMMC2xhc3QtcGxheWVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
5apZ3FZDueTnsisyxPpsQ9jRY9NIY97+TZ3QQSkOkHqCzWRUFGXZzVs89gY4HV41
Hkby1409G3fU16bNXWyiageQOdYelNoZy4mEwY9f1Fsb/FrHO6Jwye6rrS9EWKTy
RHBjCFjSXJZ9GrZ7SHn5rvbBN05MWT2LliYcNvZxf0Kv8Gb10HCnhF9TivEZ7f4a
p0Jos23ar8GlOlGqiPZ0r64FZge9jarKRJGKPYIS8259eZoAb6/C3b3LN8rTnQG5
teXPxESocOahWFlLoGC27lE4wjtcSiSHwE+ze8Gqtk+mfZf3sRd9GojqiWvOoKB9
hu0xwUJIRMYbto9LgqY4kQIDAQABo1AwTjAdBgNVHQ4EFgQUQXyWVVShzHccuBed
YKd0B1wXiP8wHwYDVR0jBBgwFoAUQXyWVVShzHccuBedYKd0B1wXiP8wDAYDVR0T
BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEACtlDGERQhy1atQxzu51Fn2h3fmHr
12j3CCZ0Ud4JgonDZmSjpO0g903tp9R6kFwZ2rlFRY1uNxKHZ+QGGsCnyiXMt7oK
iq+54NZ98N0xPkGizsQrU8L1K4/IXfTEWt1Gi/7vcjRgTuRv4ontF521aNdH8brQ
7eRDe1Z5hpxnurqndX3/Uuuuses2d0+Z3H38ZcdrwiNDlrbDcTJXjLFERu8DGyZl
0o/Vc9XCtH7rgRlbjg6tj8ie5mp3HPvCnaf98PBiCEfzkcX7L/zwLry5mnvszv4g
8U4XWRagprKznIHU5SIfi2OYhefXYPHSpsAqhSgeW9zKOQqjRZgOQakGqQ==
查看指令
openssl x509 -text -in cert.crt
里面包含生成证书的各种消息,以及公钥及其sha256的hash值
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
be:d3:c7:ee:65:b1:c7:ae
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=CN, ST=JX, L=GZ, O=JXUST, OU=XA, CN=last-player
Validity
Not Before: Dec 6 02:48:45 2018 GMT
Not After : Dec 6 02:48:45 2019 GMT
Subject: C=CN, ST=JX, L=GZ, O=JXUST, OU=XA, CN=last-player
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:e5:aa:59:dc:56:43:b9:e4:e7:b2:2b:32:c4:fa:
6c:43:d8:d1:63:d3:48:63:de:fe:4d:9d:d0:41:29:
0e:90:7a:82:cd:64:54:14:65:d9:cd:5b:3c:f6:06:
38:1d:5e:35:1e:46:f2:d7:8d:3d:1b:77:d4:d7:a6:
cd:5d:6c:a2:6a:07:90:39:d6:1e:94:da:19:cb:89:
84:c1:8f:5f:d4:5b:1b:fc:5a:c7:3b:a2:70:c9:ee:
ab:ad:2f:44:58:a4:f2:44:70:63:08:58:d2:5c:96:
7d:1a:b6:7b:48:79:f9:ae:f6:c1:37:4e:4c:59:3d:
8b:96:26:1c:36:f6:71:7f:42:af:f0:66:f5:d0:70:
a7:84:5f:53:8a:f1:19:ed:fe:1a:a7:42:68:b3:6d:
da:af:c1:a5:3a:51:aa:88:f6:74:af:ae:05:66:07:
bd:8d:aa:ca:44:91:8a:3d:82:12:f3:6e:7d:79:9a:
00:6f:af:c2:dd:bd:cb:37:ca:d3:9d:01:b9:b5:e5:
cf:c4:44:a8:70:e6:a1:58:59:4b:a0:60:b6:ee:51:
38:c2:3b:5c:4a:24:87:c0:4f:b3:7b:c1:aa:b6:4f:
a6:7d:97:f7:b1:17:7d:1a:88:ea:89:6b:ce:a0:a0:
7d:86:ed:31:c1:42:48:44:c6:1b:b6:8f:4b:82:a6:
38:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:7C:96:55:54:A1:CC:77:1C:B8:17:9D:60:A7:74:07:5C:17:88:FF
X509v3 Authority Key Identifier:
keyid:41:7C:96:55:54:A1:CC:77:1C:B8:17:9D:60:A7:74:07:5C:17:88:FF
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
0a:d9:43:18:44:50:87:2d:5a:b5:0c:73:bb:9d:45:9f:68:77:
7e:61:eb:d7:68:f7:08:26:74:51:de:09:82:89:c3:66:64:a3:
a4:ed:20:f7:4d:ed:a7:d4:7a:90:5c:19:da:b9:45:45:8d:6e:
37:12:87:67:e4:06:1a:c0:a7:ca:25:cc:b7:ba:0a:8a:af:b9:
e0:d6:7d:f0:dd:31:3e:41:a2:ce:c4:2b:53:c2:f5:2b:8f:c8:
5d:f4:c4:5a:dd:46:8b:fe:ef:72:34:60:4e:e4:6f:e2:89:ed:
17:9d:b5:68:d7:47:f1:ba:d0:ed:e4:43:7b:56:79:86:9c:67:
ba:ba:a7:75:7d:ff:52:eb:ae:b1:eb:36:77:4f:99:dc:7d:fc:
65:c7:6b:c2:23:43:96:b6:c3:71:32:57:8c:b1:44:46:ef:03:
1b:26:65:d2:8f:d5:73:d5:c2:b4:7e:eb:81:19:5b:8e:0e:ad:
8f:c8:9e:e6:6a:77:1c:fb:c2:9d:a7:fd:f0:f0:62:08:47:f3:
91:c5:fb:2f:fc:f0:2e:bc:b9:9a:7b:ec:ce:fe:20:f1:4e:17:
59:16:a0:a6:b2:b3:9c:81:d4:e5:22:1f:8b:63:98:85:e7:d7:
60:f1:d2:a6:c0:2a:85:28:1e:5b:dc:ca:39:0a:a3:45:98:0e:
41:a9:06:a9
-----BEGIN CERTIFICATE-----
MIIDhzCCAm+gAwIBAgIJAL7Tx+5lsceuMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV
BAYTAkNOMQswCQYDVQQIDAJKWDELMAkGA1UEBwwCR1oxDjAMBgNVBAoMBUpYVVNU
MQswCQYDVQQLDAJYQTEUMBIGA1UEAwwLbGFzdC1wbGF5ZXIwHhcNMTgxMjA2MDI0
ODQ1WhcNMTkxMjA2MDI0ODQ1WjBaMQswCQYDVQQGEwJDTjELMAkGA1UECAwCSlgx
CzAJBgNVBAcMAkdaMQ4wDAYDVQQKDAVKWFVTVDELMAkGA1UECwwCWEExFDASBgNV
BAMMC2xhc3QtcGxheWVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
5apZ3FZDueTnsisyxPpsQ9jRY9NIY97+TZ3QQSkOkHqCzWRUFGXZzVs89gY4HV41
Hkby1409G3fU16bNXWyiageQOdYelNoZy4mEwY9f1Fsb/FrHO6Jwye6rrS9EWKTy
RHBjCFjSXJZ9GrZ7SHn5rvbBN05MWT2LliYcNvZxf0Kv8Gb10HCnhF9TivEZ7f4a
p0Jos23ar8GlOlGqiPZ0r64FZge9jarKRJGKPYIS8259eZoAb6/C3b3LN8rTnQG5
teXPxESocOahWFlLoGC27lE4wjtcSiSHwE+ze8Gqtk+mfZf3sRd9GojqiWvOoKB9
hu0xwUJIRMYbto9LgqY4kQIDAQABo1AwTjAdBgNVHQ4EFgQUQXyWVVShzHccuBed
YKd0B1wXiP8wHwYDVR0jBBgwFoAUQXyWVVShzHccuBedYKd0B1wXiP8wDAYDVR0T
BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEACtlDGERQhy1atQxzu51Fn2h3fmHr
12j3CCZ0Ud4JgonDZmSjpO0g903tp9R6kFwZ2rlFRY1uNxKHZ+QGGsCnyiXMt7oK
iq+54NZ98N0xPkGizsQrU8L1K4/IXfTEWt1Gi/7vcjRgTuRv4ontF521aNdH8brQ
7eRDe1Z5hpxnurqndX3/Uuuuses2d0+Z3H38ZcdrwiNDlrbDcTJXjLFERu8DGyZl
0o/Vc9XCtH7rgRlbjg6tj8ie5mp3HPvCnaf98PBiCEfzkcX7L/zwLry5mnvszv4g
8U4XWRagprKznIHU5SIfi2OYhefXYPHSpsAqhSgeW9zKOQqjRZgOQakGqQ==
-----END CERTIFICATE-----
根证书我们已经有了,下面进证书签名
使用RSA私钥生成CSR签名请求
安全考虑,我们要重新生成一份rsa密钥
openssl genrsa -aes256 -out server.key
这里要重复输入两次密码
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
下面用新生成的rsa私钥生成csr签名请求
openssl req -new -key server.key -out server.csr
输入密码,按照要求把信息写上,这次多了一个
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:extra 挑战密码,数字签名认证是用的,话说是一个固定值是不是不太好
An optional company name []:JXUST
到此我们就有了一个csr签名请求文件,打开看一下,直接打开还是没什么信息,用下面命令打开
openssl req -text -in server.csr
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=CN, ST=JX, L=GZ, O=JXUST, OU=XA, CN=last-player/[email protected]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:aa:5f:ba:4b:cd:02:08:72:17:4a:e5:61:86:69:
af:00:da:ea:b1:23:bb:e2:13:0d:22:b1:5e:dd:d2:
f1:46:e2:30:f9:82:5d:04:be:4e:26:44:5d:a7:e6:
6a:07:1b:f8:6f:bb:eb:89:ec:2d:08:75:4a:1e:b8:
df:c2:48:ab:b1:2e:fc:0c:ff:53:5d:28:42:d2:7f:
81:af:bc:ea:4a:a9:e8:96:a0:20:b6:7f:fa:fb:32:
51:3a:53:3b:23:45:95:ac:b0:9d:98:90:81:5d:10:
46:15:c1:8c:7c:4f:68:4f:a6:c6:b8:85:b7:0a:26:
74:ed:48:b5:e6:e7:93:65:fa:d0:fd:ac:ea:4f:51:
72:ea:50:9a:bf:29:c3:f2:5e:ac:8c:8a:86:d0:17:
d5:4b:1c:ae:74:2b:7c:25:fd:0b:93:23:e5:bd:69:
8c:a9:9f:7f:59:11:4a:3c:3a:75:67:ee:34:45:a5:
5d:3b:cc:97:fc:ac:05:7a:25:8e:a5:81:d5:b0:5b:
37:91:3a:09:de:2e:83:54:f8:19:7f:16:d7:4a:b6:
ac:9a:f8:40:06:7c:f7:75:6d:b9:09:8b:35:ee:11:
9b:e6:d4:09:8b:50:aa:48:20:fe:36:cc:93:dd:6b:
1b:34:76:a2:39:fd:fb:ee:64:b8:26:ff:51:3f:b6:
4b:55
Exponent: 65537 (0x10001)
Attributes:
unstructuredName :JXUST
challengePassword :extra
Signature Algorithm: sha256WithRSAEncryption
a1:54:f9:f8:ba:b2:80:ea:42:1a:18:eb:f8:73:96:12:35:19:
59:74:75:94:fc:31:2b:d8:36:79:c8:56:a0:bf:de:e6:73:23:
31:be:6d:96:86:73:4f:bc:1e:1a:cc:79:b0:26:bd:92:2f:df:
61:91:94:7e:49:60:05:13:89:25:d9:14:50:6b:d3:54:c5:20:
80:c7:04:69:cf:79:06:45:56:c1:51:46:a2:81:35:7f:08:b8:
3f:05:69:72:cc:14:02:93:8d:da:61:d6:01:72:56:02:08:98:
35:89:f5:d7:80:e5:bf:7e:90:fa:e6:c2:ca:4b:82:e2:75:66:
80:f8:3e:aa:5b:21:bc:66:07:e1:67:f4:76:4e:50:ad:dc:0e:
fc:a6:e1:98:25:4c:30:18:c5:16:9f:87:32:46:be:27:ff:32:
d2:38:67:6b:5d:e3:27:2f:ef:75:1f:cc:ae:3b:8a:ba:2d:66:
08:b5:6c:5f:27:38:41:cb:6c:30:5a:32:37:1e:2a:bc:93:e8:
7e:01:b4:d5:c5:7c:b4:f4:6d:b5:42:e8:80:26:4e:eb:49:c0:
27:24:8d:3b:16:fb:a3:0e:63:eb:a2:a2:af:b0:0d:d2:ee:1e:
dc:cb:a3:fa:df:f7:64:80:88:5b:0d:2a:76:b1:91:0f:f7:60:
75:90:1f:4f
-----BEGIN CERTIFICATE REQUEST-----
MIIC7DCCAdQCAQAwezELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkpYMQswCQYDVQQH
DAJHWjEOMAwGA1UECgwFSlhVU1QxCzAJBgNVBAsMAlhBMRQwEgYDVQQDDAtsYXN0
LXBsYXllcjEfMB0GCSqGSIb3DQEJARYQODM4MzMxNjM0QHFxLmNvbTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKpfukvNAghyF0rlYYZprwDa6rEju+IT
DSKxXt3S8UbiMPmCXQS+TiZEXafmagcb+G+764nsLQh1Sh6438JIq7Eu/Az/U10o
QtJ/ga+86kqp6JagILZ/+vsyUTpTOyNFlaywnZiQgV0QRhXBjHxPaE+mxriFtwom
dO1Itebnk2X60P2s6k9RcupQmr8pw/JerIyKhtAX1UscrnQrfCX9C5Mj5b1pjKmf
f1kRSjw6dWfuNEWlXTvMl/ysBXoljqWB1bBbN5E6Cd4ug1T4GX8W10q2rJr4QAZ8
93VtuQmLNe4Rm+bUCYtQqkgg/jbMk91rGzR2ojn9++5kuCb/UT+2S1UCAwEAAaAs
MBQGCSqGSIb3DQEJAjEHDAVKWFVTVDAUBgkqhkiG9w0BCQcxBwwFZXh0cmEwDQYJ
KoZIhvcNAQELBQADggEBAKFU+fi6soDqQhoY6/hzlhI1GVl0dZT8MSvYNnnIVqC/
3uZzIzG+bZaGc0+8HhrMebAmvZIv32GRlH5JYAUTiSXZFFBr01TFIIDHBGnPeQZF
VsFRRqKBNX8IuD8FaXLMFAKTjdph1gFyVgIImDWJ9deA5b9+kPrmwspLguJ1ZoD4
PqpbIbxmB+Fn9HZOUK3cDvym4ZglTDAYxRafhzJGvif/MtI4Z2td4ycv73UfzK47
irotZgi1bF8nOEHLbDBaMjceKryT6H4BtNXFfLT0bbVC6IAmTutJwCckjTsW+6MO
Y+uioq+wDdLuHtzLo/rf92SAiFsNKnaxkQ/3YHWQH08=
-----END CERTIFICATE REQUEST-----
有了csr请求文件,现在就查ca签名了
openssl x509 -req -days 3650 -in server.csr -CA cert.crt -CAkey fd.key -CAcreateserial -out server.crt
出现如下结果,证明签名成功,我们得到一个由cert.crt签名认证的证书server.crt
Signature ok
subject=/C=CN/ST=JX/L=GZ/O=JXUST/OU=XA/CN=last-player/[email protected]
Getting CA Private Key
Enter pass phrase for fd.key:
打开看一下 -noout指令就是不输出,vim指令可以看到的内容
openssl req -text -in server.csr -noout
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=CN, ST=JX, L=GZ, O=JXUST, OU=XA, CN=last-player/[email protected]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:aa:5f:ba:4b:cd:02:08:72:17:4a:e5:61:86:69:
af:00:da:ea:b1:23:bb:e2:13:0d:22:b1:5e:dd:d2:
f1:46:e2:30:f9:82:5d:04:be:4e:26:44:5d:a7:e6:
6a:07:1b:f8:6f:bb:eb:89:ec:2d:08:75:4a:1e:b8:
df:c2:48:ab:b1:2e:fc:0c:ff:53:5d:28:42:d2:7f:
81:af:bc:ea:4a:a9:e8:96:a0:20:b6:7f:fa:fb:32:
51:3a:53:3b:23:45:95:ac:b0:9d:98:90:81:5d:10:
46:15:c1:8c:7c:4f:68:4f:a6:c6:b8:85:b7:0a:26:
74:ed:48:b5:e6:e7:93:65:fa:d0:fd:ac:ea:4f:51:
72:ea:50:9a:bf:29:c3:f2:5e:ac:8c:8a:86:d0:17:
d5:4b:1c:ae:74:2b:7c:25:fd:0b:93:23:e5:bd:69:
8c:a9:9f:7f:59:11:4a:3c:3a:75:67:ee:34:45:a5:
5d:3b:cc:97:fc:ac:05:7a:25:8e:a5:81:d5:b0:5b:
37:91:3a:09:de:2e:83:54:f8:19:7f:16:d7:4a:b6:
ac:9a:f8:40:06:7c:f7:75:6d:b9:09:8b:35:ee:11:
9b:e6:d4:09:8b:50:aa:48:20:fe:36:cc:93:dd:6b:
1b:34:76:a2:39:fd:fb:ee:64:b8:26:ff:51:3f:b6:
4b:55
Exponent: 65537 (0x10001)
Attributes:
unstructuredName :JXUST
challengePassword :extra
Signature Algorithm: sha256WithRSAEncryption
a1:54:f9:f8:ba:b2:80:ea:42:1a:18:eb:f8:73:96:12:35:19:
59:74:75:94:fc:31:2b:d8:36:79:c8:56:a0:bf:de:e6:73:23:
31:be:6d:96:86:73:4f:bc:1e:1a:cc:79:b0:26:bd:92:2f:df:
61:91:94:7e:49:60:05:13:89:25:d9:14:50:6b:d3:54:c5:20:
80:c7:04:69:cf:79:06:45:56:c1:51:46:a2:81:35:7f:08:b8:
3f:05:69:72:cc:14:02:93:8d:da:61:d6:01:72:56:02:08:98:
35:89:f5:d7:80:e5:bf:7e:90:fa:e6:c2:ca:4b:82:e2:75:66:
80:f8:3e:aa:5b:21:bc:66:07:e1:67:f4:76:4e:50:ad:dc:0e:
fc:a6:e1:98:25:4c:30:18:c5:16:9f:87:32:46:be:27:ff:32:
d2:38:67:6b:5d:e3:27:2f:ef:75:1f:cc:ae:3b:8a:ba:2d:66:
08:b5:6c:5f:27:38:41:cb:6c:30:5a:32:37:1e:2a:bc:93:e8:
7e:01:b4:d5:c5:7c:b4:f4:6d:b5:42:e8:80:26:4e:eb:49:c0:
27:24:8d:3b:16:fb:a3:0e:63:eb:a2:a2:af:b0:0d:d2:ee:1e:
dc:cb:a3:fa:df:f7:64:80:88:5b:0d:2a:76:b1:91:0f:f7:60:
75:90:1f:4f