lovzm
lovzm

openssl s_client s_server双向认证

1 自建CA-certs目录

[root@localhost ~]# tree tls
tls
├── 1
│   ├── 1.crt
│   ├── 1.csr
│   └── 1.key
├── 2
│   ├── 2.crt
│   ├── 2.csr
│   └── 2.key
├── certs
├── crl
├── index.txt
├── index.txt.attr
├── index.txt.attr.old
├── index.txt.old
├── newcerts
│   ├── 01.pem
│   └── 02.pem
├── serial
├── serial.old
├── server.crt
└── server.key

2 生成CA key及自签发证书

  a 生成server.key

【命令】生成key命令:
[root@localhost ~]# openssl genrsa -out server.key -des3 2048

【结果】
Generating RSA private key, 2048 bit long modulus
.........................................................................+++
.......+++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:

 b 自签发根证书

[root@localhost ~]# openssl req -new -x509 -key server.key -days 7300 -out srv_cacert.pem

【结果】
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:FJ
Locality Name (eg, city) [Default City]:XM
Organization Name (eg, company) [Default Company Ltd]:YL
Organizational Unit Name (eg, section) []:YL
Common Name (eg, your name or your server's hostname) []:www.testlm.com
Email Address []:

3 生成客户端 服务端的私钥/证书

a 服务端

a-1 生成key
【命令】
[root@localhost 1]# openssl genrsa -out 1.key -des3 2048

【结果】
Generating RSA private key, 2048 bit long modulus
......................................+++
............................................................+++
e is 65537 (0x10001)
Enter pass phrase for 1.key:
Verifying - Enter pass phrase for 1.key:
a-2  生成请求文件
【命令】
[root@localhost 1]# openssl req -new -key 1.key -out 1.csr -days 3650

【结果】
Enter pass phrase for 1.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:FJ
Locality Name (eg, city) [Default City]:XM
Organization Name (eg, company) [Default Company Ltd]:YL
Organizational Unit Name (eg, section) []:YL
Common Name (eg, your name or your server's hostname) []:www.testlm.com
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
a-3 签发证书 
【命令】
[root@localhost 1]# openssl ca -in 1.csr -out 1.crt -days 7300 -name my_caset  

【结果】
Using configuration from /etc/pki/tls/openssl.cnf
Enter pass phrase for /root/tls/server.key:
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 6 (0x6)
        Validity
            Not Before: Mar  5 08:20:29 2018 GMT
            Not After : Feb 28 08:20:29 2038 GMT
        Subject:
            countryName               = CN
            stateOrProvinceName       = FJ
            organizationName          = YL
            organizationalUnitName    = YL
            commonName                = www.testlm.com
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                47:34:D8:EF:55:BB:BF:74:16:E1:DD:22:65:00:56:C8:96:26:B9:BC
            X509v3 Authority Key Identifier: 
                keyid:B9:BD:D3:60:79:26:CF:82:E1:FE:1B:6B:DF:F5:A7:7D:35:7F:13:C1

Certificate is to be certified until Feb 28 08:20:29 2038 GMT (7300 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

b 生成client端key及签发证书

b-1 b-2 b-3
[root@localhost ~]# openssl genrsa -out 2.key -des3 2048
[root@localhost 2]# openssl req -new -key 2.key -out 2.csr -days 3650
[root@localhost 2]# openssl ca -in 2.csr -out 2.crt -name my_caset

4 测试

a 单向认证

a-1 server端

在.../tls/1/

【命令】
[root@localhost 1]# openssl s_server -key 1.key -cert 1.crt  -CAfile ../srv_cacert.pem 

【结果】
Enter pass phrase for 1.key:
Using default temp DH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MFUCAQECAgMDBALAMAQABDBQ8pE6Ghvl2EqJF7hD5i7xjGgiMmhrmt2fGUq9r6YV
RAe7dBhKn9+QycUH+g+3jO6hBgIEWpz+t6IEAgIBLKQGBAQBAAAA
-----END SSL SESSION PARAMETERS-----
Shared ciphers:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DH-DSS-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DH-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DH-RSA-AES256-SHA256:DH-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DH-RSA-AES256-SHA:DH-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:DH-RSA-CAMELLIA256-SHA:DH-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DH-DSS-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DH-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DH-RSA-AES128-SHA256:DH-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DH-RSA-AES128-SHA:DH-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DH-RSA-SEED-SHA:DH-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:DH-RSA-CAMELLIA128-SHA:DH-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DH-RSA-DES-CBC3-SHA:DH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:IDEA-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5
Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Shared Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2
Supported Elliptic Curves: P-256:P-521:P-384:secp256k1
Shared Elliptic curves: P-256:P-521:P-384:secp256k1
CIPHER is ECDHE-RSA-AES256-GCM-SHA384
Secure Renegotiation IS supported

test-hello
a-2 client端
在.../tls/2/ 
【命令】
[root@localhost 2]# openssl s_client -CAfile ../srv_cacert.pem  -cert 2.crt -key 2.key -showcerts 

【结果】
Enter pass phrase for 2.key:
CONNECTED(00000003)
depth=1 C = CN, ST = FJ, L = XM, O = YL, OU = YL, CN = www.testlm.com
verify return:1
depth=0 C = CN, ST = FJ, O = YL, OU = YL, CN = www.testlm.com
verify return:1
---
Certificate chain
 0 s:/C=CN/ST=FJ/O=YL/OU=YL/CN=www.testlm.com
   i:/C=CN/ST=FJ/L=XM/O=YL/OU=YL/CN=www.testlm.com
-----BEGIN CERTIFICATE-----
MIIDnTCCAoWgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJDTjEL
MAkGA1UECAwCRkoxCzAJBgNVBAcMAlhNMQswCQYDVQQKDAJZTDELMAkGA1UECwwC
WUwxFzAVBgNVBAMMDnd3dy50ZXN0bG0uY29tMB4XDTE4MDMwNTA4MjAyOVoXDTM4
MDIyODA4MjAyOVowTTELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkZKMQswCQYDVQQK
DAJZTDELMAkGA1UECwwCWUwxFzAVBgNVBAMMDnd3dy50ZXN0bG0uY29tMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvT12iL5PNWrF/gEp3S3k0lAukOJK
SlsC53xNToUfwFiM14J4Nsh+MZs1foYPycuJTincdh/BH26LEs6M647NsEk4C1Qt
90wPXvq77EZ2bElEIkJRIANP2l0dVtRF4rmMskCuKwMcZ534nEWWKi9fdQ/ebPIy
xF35o1ke+8NDa4E5bBCSLhCuxGHluv1wzHUqTlS6u0T2c+3GpNsZLgRd9aoVFIuF
WrtrZkWvewmDM3aves5/w/nRV1JU8y0Dx/gE8EwFliPXJCZh/4lrS9Q24F4IwsFf
n1nLU0lbxK+5TbK9uPVoSUKx1EluP75VSTtj845wBYWERHbXg69mwINCTwIDAQAB
o3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRl
ZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQURzTY71W7v3QW4d0iZQBWyJYmubwwHwYD
VR0jBBgwFoAUub3TYHkmz4Lh/htr3/WnfTV/E8EwDQYJKoZIhvcNAQELBQADggEB
ABPY3wJYb4wFEbgu/R2nmQKHo8MW14CIcrTtzhXSFip3isvWUreTeiKkV9eVWUp5
notiLaut79bbYgOuGYJy+4Dy/KvjxVH0rbrAFpWeJD93mATFCyO9pNVPbAUJd1XU
87ePG2L32ZCGwuh/11WAdGBx91LWlN0y4aH31WH1cWOThmS9pGnYLEXnpqamn55j
nZ/PVovXmlFtDLf3TOWovGNEFMdpzaUvQnDoqiIJ1cVIixfGTQnMHB4cO/xGpkKR
rU44fPVaNhveWOFIfCwzxG+e7HwfrgA+W810JeSyhgSSxgg7mOpaecmI2vJnuHBs
pwzrpGzPUJDC7R8w9wuzVEU=
-----END CERTIFICATE-----
 1 s:/C=CN/ST=FJ/L=XM/O=YL/OU=YL/CN=www.testlm.com
   i:/C=CN/ST=FJ/L=XM/O=YL/OU=YL/CN=www.testlm.com
-----BEGIN CERTIFICATE-----
MIIDhzCCAm+gAwIBAgIJAIHcfzytTBCmMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV
BAYTAkNOMQswCQYDVQQIDAJGSjELMAkGA1UEBwwCWE0xCzAJBgNVBAoMAllMMQsw
CQYDVQQLDAJZTDEXMBUGA1UEAwwOd3d3LnRlc3RsbS5jb20wHhcNMTgwMzA1MDgw
MzU3WhcNMzgwMjI4MDgwMzU3WjBaMQswCQYDVQQGEwJDTjELMAkGA1UECAwCRkox
CzAJBgNVBAcMAlhNMQswCQYDVQQKDAJZTDELMAkGA1UECwwCWUwxFzAVBgNVBAMM
Dnd3dy50ZXN0bG0uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
tsdBWaR05cjGgIBUE7hVTfq7fI8TpAxEFl0TuCEK/PIB38KJ0e0vZzPufBtwpp5S
VdKuIYOzrU4C71SROnCXgWfVd4EUu8OTqzalzyjbAzJCcHwHX9Bm1TYb7vEPHigI
WiiQwFjtpiQoLcBYbltPyIkdwlRYtlHC1h4P/CO7bzv4EZfWlsyRndf2gA4DVX2f
LnpnWn52tuZBW6jv3Mt0PeUzOj0dswPvKrCRbmA/UTKhVv+NgpjldiXPCd56lHI+
/FBpJ978v+AenafgXym6Btc3qInD5Fw2WzBMq7L7OYAKioNIQnQrlo7lCkUlby6j
bowjd6pR1PsLWw6UPR9raQIDAQABo1AwTjAdBgNVHQ4EFgQUub3TYHkmz4Lh/htr
3/WnfTV/E8EwHwYDVR0jBBgwFoAUub3TYHkmz4Lh/htr3/WnfTV/E8EwDAYDVR0T
BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEANDvEP/G0xsOij8DJR9RP5fu94mrH
P3xuqZjJnr/lSBep4bpoTdpTVILYAZWd0GnskPKxMDxXFE+Mu4NG4J5yhG+9secs
G/JPB2IBvXWeDgCfP8enR2pGUR7g2oElbhsr34bCbN79AEmfQwomfE5m7LWyyd56
bUG4/wQQCxfVZbojOzz/kQpR5dwrVbPGHntSC1jMAIw4GPAXycnX4BtHUw3KOorT
v9xUK6ffhglcnaxLB74tZXfdzmcvopOaWYUe3DVbdzj2J9NP+bcvcsZRznEde8y9
OgUy1tczjdy1OEs2rdp9J39NZzEMdhAwc/X+Knd9R/uoZ6OBddCTQZFBRw==
-----END CERTIFICATE-----
---
Server certificate
subject=/C=CN/ST=FJ/O=YL/OU=YL/CN=www.testlm.com
issuer=/C=CN/ST=FJ/L=XM/O=YL/OU=YL/CN=www.testlm.com
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2498 bytes and written 415 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 9B9930C6610B975D8A00D7B5C94BF267E92CB54395DE65A4DD9A838CADF3F28F
    Session-ID-ctx: 
    Master-Key: 50F2913A1A1BE5D84A8917B843E62EF18C682232686B9ADD9F194ABDAFA6154407BB74184A9FDF90C9C507FA0FB78CEE
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - e0 5e 38 0a ac 9d 08 ec-38 6f 75 06 64 1d b3 70   .^8.....8ou.d..p
    0010 - c3 f9 3f 6f 73 2b 82 4a-e8 7d ff e0 2d ab 33 f0   ..?os+.J.}..-.3.
    0020 - b1 fe ed 75 76 1d fa 22-aa 79 da 00 93 48 d9 36   ...uv..".y...H.6
    0030 - 78 1c 61 ff f4 91 74 77-0e 20 07 c5 55 62 6e 7a   x.a...tw. ..Ubnz
    0040 - bb 0e a8 7a 75 28 b8 67-e5 3d b2 47 c7 b1 ea 32   ...zu(.g.=.G...2
    0050 - d5 1f c3 83 f5 df be 0d-98 8b 70 f3 02 b9 1b 51   ..........p....Q
    0060 - 21 14 dd 78 f9 d8 c6 1b-0a ab e6 57 86 b5 d2 dc   !..x.......W....
    0070 - 6d 3c b5 53 cb 21 81 fd-6e 35 7b 93 33 65 6b 94   m<.S.!..n5{.3ek.
    0080 - 86 e8 cf 49 de bd 21 ff-b3 6f de 06 22 e4 04 30   ...I..!..o.."..0
    0090 - 1e 52 2e 7d e4 28 f6 f6-dc cf 98 25 d6 69 f3 40   .R.}.(.....%.i.@

    Start Time: 1520238263
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

test hello

b 双向认证

b-1 server端
【命令】
[root@localhost 1]# openssl s_server -key 1.key -cert 1.crt  -CAfile ../srv_cacert.pem -Verify 1

【结果】
verify depth is 1, must return a certificate
Enter pass phrase for 1.key:
Using default temp DH parameters
ACCEPT
depth=1 C = CN, ST = FJ, L = XM, O = YL, OU = YL, CN = www.testlm.com
verify return:1
depth=0 C = CN, ST = FJ, O = YL, OU = YL, CN = www.testlm.com
verify return:1
-----BEGIN SSL SESSION PARAMETERS-----
MIID+gIBAQICAwMEAsAwBAAEMAd+sjQFGfb8tCDXYbHZNZ244BI1v1YmkP6elUvE
pPGnlnp+VRcQy1bME3ZrrOgOEKEGAgRanP99ogQCAgEso4IDoTCCA50wggKFoAMC
AQICAQUwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkZK
MQswCQYDVQQHDAJYTTELMAkGA1UECgwCWUwxCzAJBgNVBAsMAllMMRcwFQYDVQQD
DA53d3cudGVzdGxtLmNvbTAeFw0xODAzMDUwODIwMDhaFw0zODAyMjgwODIwMDha
ME0xCzAJBgNVBAYTAkNOMQswCQYDVQQIDAJGSjELMAkGA1UECgwCWUwxCzAJBgNV
BAsMAllMMRcwFQYDVQQDDA53d3cudGVzdGxtLmNvbTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBANbtEsYjE/51Lyl+/RF72AaXk2bXrQIuV6MEXbR9PsIy
UNWps+EWwnZjBqkAwewE01vwMTs1MpuFs0vEdO51cCamhtc3p2sJ1yVA08Q61i3O
ddlOKbN8BomF9ZT9mzYOYxRpbi0ZSeEaVI/oqqi1MerlZWw9AvA8SogpmTJq+761
21gGAOYu1DM0Ph2Q1Xsmsv6nJqc1m8ecqtkoEHGwNAHrTtw/JO0ZWGHCb0Ab70jC
Jjgw8xRC3JDHozkFUe/FJHtQLEZ/SBMEABLJGM4Tzsm2LXnNMXESVIImpN9l9tGY
NlUlh9KLjoWxSslHjDZEXNJ6ygu26FQIYAsCfsHgf30CAwEAAaN7MHkwCQYDVR0T
BAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNh
dGUwHQYDVR0OBBYEFGu571ZmVbjC8jSYUPHjmuNClZpSMB8GA1UdIwQYMBaAFLm9
02B5Js+C4f4ba9/1p301fxPBMA0GCSqGSIb3DQEBCwUAA4IBAQATnYcnmfCf+eS7
8fWbb/gRMTVqLzjmu9Sdae7o+B0daNF+a4fOBmk9qD7zsyKLpwOd6V5BabbhxU+d
pFWu2Nv56hU9M5QdflWH/WIPpBhmcbrrEqZGcm7jrGys3ExZvWDysWiInGFxt9Yu
zUAxFaly57PyIpR+FB8pjPKja2LV8TkIlj7dcUN7LeJRxh76GgGvZiUkJPILM0ou
iCqMnQI3NuXrJz1rsZ2w8AhpqJIHElugrxdY1GB9Jr7KssV91+p5stZ5vPozYX07
bZ54mpJrAZvzMbU0BaKu+4YW0j3rQfJJQibdbtpKrQojMAP1yE/oX70vmOs7DWDt
wOG7SCtApAYEBAEAAAA=
-----END SSL SESSION PARAMETERS-----
Client certificate
-----BEGIN CERTIFICATE-----
MIIDnTCCAoWgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJDTjEL
MAkGA1UECAwCRkoxCzAJBgNVBAcMAlhNMQswCQYDVQQKDAJZTDELMAkGA1UECwwC
WUwxFzAVBgNVBAMMDnd3dy50ZXN0bG0uY29tMB4XDTE4MDMwNTA4MjAwOFoXDTM4
MDIyODA4MjAwOFowTTELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkZKMQswCQYDVQQK
DAJZTDELMAkGA1UECwwCWUwxFzAVBgNVBAMMDnd3dy50ZXN0bG0uY29tMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1u0SxiMT/nUvKX79EXvYBpeTZtet
Ai5XowRdtH0+wjJQ1amz4RbCdmMGqQDB7ATTW/AxOzUym4WzS8R07nVwJqaG1zen
awnXJUDTxDrWLc512U4ps3wGiYX1lP2bNg5jFGluLRlJ4RpUj+iqqLUx6uVlbD0C
8DxKiCmZMmr7vrXbWAYA5i7UMzQ+HZDVeyay/qcmpzWbx5yq2SgQcbA0AetO3D8k
7RlYYcJvQBvvSMImODDzFELckMejOQVR78Uke1AsRn9IEwQAEskYzhPOybYtec0x
cRJUgiak32X20Zg2VSWH0ouOhbFKyUeMNkRc0nrKC7boVAhgCwJ+weB/fQIDAQAB
o3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRl
ZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUa7nvVmZVuMLyNJhQ8eOa40KVmlIwHwYD
VR0jBBgwFoAUub3TYHkmz4Lh/htr3/WnfTV/E8EwDQYJKoZIhvcNAQELBQADggEB
ABOdhyeZ8J/55Lvx9Ztv+BExNWovOOa71J1p7uj4HR1o0X5rh84GaT2oPvOzIoun
A53pXkFptuHFT52kVa7Y2/nqFT0zlB1+VYf9Yg+kGGZxuusSpkZybuOsbKzcTFm9
YPKxaIicYXG31i7NQDEVqXLns/IilH4UHymM8qNrYtXxOQiWPt1xQ3st4lHGHvoa
Aa9mJSQk8gszSi6IKoydAjc25esnPWuxnbDwCGmokgcSW6CvF1jUYH0mvsqyxX3X
6nmy1nm8+jNhfTttnniakmsBm/MxtTQFoq77hhbSPetB8klCJt1u2kqtCiMwA/XI
T+hfvS+Y6zsNYO3A4btIK0A=
-----END CERTIFICATE-----
subject=/C=CN/ST=FJ/O=YL/OU=YL/CN=www.testlm.com
issuer=/C=CN/ST=FJ/L=XM/O=YL/OU=YL/CN=www.testlm.com
Shared ciphers:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DH-DSS-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DH-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DH-RSA-AES256-SHA256:DH-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DH-RSA-AES256-SHA:DH-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:DH-RSA-CAMELLIA256-SHA:DH-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DH-DSS-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DH-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DH-RSA-AES128-SHA256:DH-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DH-RSA-AES128-SHA:DH-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DH-RSA-SEED-SHA:DH-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:DH-RSA-CAMELLIA128-SHA:DH-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DH-RSA-DES-CBC3-SHA:DH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:IDEA-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5
Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Shared Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Peer signing digest: SHA512
Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2
Supported Elliptic Curves: P-256:P-521:P-384:secp256k1
Shared Elliptic curves: P-256:P-521:P-384:secp256k1
CIPHER is ECDHE-RSA-AES256-GCM-SHA384
Secure Renegotiation IS supported

test-hello

b-2 client端
【命令】
[root@localhost 2]# openssl s_client -CAfile ../srv_cacert.pem  -cert 2.crt -key 2.key -showcerts 

【结果】
Enter pass phrase for 2.key:
CONNECTED(00000003)
depth=1 C = CN, ST = FJ, L = XM, O = YL, OU = YL, CN = www.testlm.com
verify return:1
depth=0 C = CN, ST = FJ, O = YL, OU = YL, CN = www.testlm.com
verify return:1
---
Certificate chain
 0 s:/C=CN/ST=FJ/O=YL/OU=YL/CN=www.testlm.com
   i:/C=CN/ST=FJ/L=XM/O=YL/OU=YL/CN=www.testlm.com
-----BEGIN CERTIFICATE-----
MIIDnTCCAoWgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJDTjEL
MAkGA1UECAwCRkoxCzAJBgNVBAcMAlhNMQswCQYDVQQKDAJZTDELMAkGA1UECwwC
WUwxFzAVBgNVBAMMDnd3dy50ZXN0bG0uY29tMB4XDTE4MDMwNTA4MjAyOVoXDTM4
MDIyODA4MjAyOVowTTELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkZKMQswCQYDVQQK
DAJZTDELMAkGA1UECwwCWUwxFzAVBgNVBAMMDnd3dy50ZXN0bG0uY29tMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvT12iL5PNWrF/gEp3S3k0lAukOJK
SlsC53xNToUfwFiM14J4Nsh+MZs1foYPycuJTincdh/BH26LEs6M647NsEk4C1Qt
90wPXvq77EZ2bElEIkJRIANP2l0dVtRF4rmMskCuKwMcZ534nEWWKi9fdQ/ebPIy
xF35o1ke+8NDa4E5bBCSLhCuxGHluv1wzHUqTlS6u0T2c+3GpNsZLgRd9aoVFIuF
WrtrZkWvewmDM3aves5/w/nRV1JU8y0Dx/gE8EwFliPXJCZh/4lrS9Q24F4IwsFf
n1nLU0lbxK+5TbK9uPVoSUKx1EluP75VSTtj845wBYWERHbXg69mwINCTwIDAQAB
o3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRl
ZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQURzTY71W7v3QW4d0iZQBWyJYmubwwHwYD
VR0jBBgwFoAUub3TYHkmz4Lh/htr3/WnfTV/E8EwDQYJKoZIhvcNAQELBQADggEB
ABPY3wJYb4wFEbgu/R2nmQKHo8MW14CIcrTtzhXSFip3isvWUreTeiKkV9eVWUp5
notiLaut79bbYgOuGYJy+4Dy/KvjxVH0rbrAFpWeJD93mATFCyO9pNVPbAUJd1XU
87ePG2L32ZCGwuh/11WAdGBx91LWlN0y4aH31WH1cWOThmS9pGnYLEXnpqamn55j
nZ/PVovXmlFtDLf3TOWovGNEFMdpzaUvQnDoqiIJ1cVIixfGTQnMHB4cO/xGpkKR
rU44fPVaNhveWOFIfCwzxG+e7HwfrgA+W810JeSyhgSSxgg7mOpaecmI2vJnuHBs
pwzrpGzPUJDC7R8w9wuzVEU=
-----END CERTIFICATE-----
 1 s:/C=CN/ST=FJ/L=XM/O=YL/OU=YL/CN=www.testlm.com
   i:/C=CN/ST=FJ/L=XM/O=YL/OU=YL/CN=www.testlm.com
-----BEGIN CERTIFICATE-----
MIIDhzCCAm+gAwIBAgIJAIHcfzytTBCmMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV
BAYTAkNOMQswCQYDVQQIDAJGSjELMAkGA1UEBwwCWE0xCzAJBgNVBAoMAllMMQsw
CQYDVQQLDAJZTDEXMBUGA1UEAwwOd3d3LnRlc3RsbS5jb20wHhcNMTgwMzA1MDgw
MzU3WhcNMzgwMjI4MDgwMzU3WjBaMQswCQYDVQQGEwJDTjELMAkGA1UECAwCRkox
CzAJBgNVBAcMAlhNMQswCQYDVQQKDAJZTDELMAkGA1UECwwCWUwxFzAVBgNVBAMM
Dnd3dy50ZXN0bG0uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
tsdBWaR05cjGgIBUE7hVTfq7fI8TpAxEFl0TuCEK/PIB38KJ0e0vZzPufBtwpp5S
VdKuIYOzrU4C71SROnCXgWfVd4EUu8OTqzalzyjbAzJCcHwHX9Bm1TYb7vEPHigI
WiiQwFjtpiQoLcBYbltPyIkdwlRYtlHC1h4P/CO7bzv4EZfWlsyRndf2gA4DVX2f
LnpnWn52tuZBW6jv3Mt0PeUzOj0dswPvKrCRbmA/UTKhVv+NgpjldiXPCd56lHI+
/FBpJ978v+AenafgXym6Btc3qInD5Fw2WzBMq7L7OYAKioNIQnQrlo7lCkUlby6j
bowjd6pR1PsLWw6UPR9raQIDAQABo1AwTjAdBgNVHQ4EFgQUub3TYHkmz4Lh/htr
3/WnfTV/E8EwHwYDVR0jBBgwFoAUub3TYHkmz4Lh/htr3/WnfTV/E8EwDAYDVR0T
BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEANDvEP/G0xsOij8DJR9RP5fu94mrH
P3xuqZjJnr/lSBep4bpoTdpTVILYAZWd0GnskPKxMDxXFE+Mu4NG4J5yhG+9secs
G/JPB2IBvXWeDgCfP8enR2pGUR7g2oElbhsr34bCbN79AEmfQwomfE5m7LWyyd56
bUG4/wQQCxfVZbojOzz/kQpR5dwrVbPGHntSC1jMAIw4GPAXycnX4BtHUw3KOorT
v9xUK6ffhglcnaxLB74tZXfdzmcvopOaWYUe3DVbdzj2J9NP+bcvcsZRznEde8y9
OgUy1tczjdy1OEs2rdp9J39NZzEMdhAwc/X+Knd9R/uoZ6OBddCTQZFBRw==
-----END CERTIFICATE-----
---
Server certificate
subject=/C=CN/ST=FJ/O=YL/OU=YL/CN=www.testlm.com
issuer=/C=CN/ST=FJ/L=XM/O=YL/OU=YL/CN=www.testlm.com
---
Acceptable client certificate CA names
/C=CN/ST=FJ/L=XM/O=YL/OU=YL/CN=www.testlm.com
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Shared Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3562 bytes and written 2538 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 92E6A8CB65CE360934807E75B5F7F93A0F966F1BBAD765A6AE60EBDA3CE9A223
    Session-ID-ctx: 
    Master-Key: 077EB2340519F6FCB420D761B1D9359DB8E01235BF562690FE9E954BC4A4F1A7967A7E551710CB56CC13766BACE80E10
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 77 8a 5f e5 98 90 90 8e-d9 ba f1 74 dc 33 d3 31   w._........t.3.1
    0010 - 29 7e e8 e6 46 4c f4 26-28 be 35 3d f3 13 81 39   )~..FL.&(.5=...9
    0020 - b5 e9 19 07 03 7b de be-02 1d e0 52 1a cd 3d 96   .....{.....R..=.
    0030 - 38 5b 41 93 26 61 07 ff-37 5e c8 67 9f 65 22 60   8[A.&a..7^.g.e"`
    0040 - 29 1b 4f ad ff 0f 2d c7-49 92 eb 32 d0 7c a5 d4   ).O...-.I..2.|..
    0050 - 29 73 47 a5 cf f4 e6 09-73 cc c6 20 36 b6 28 22   )sG.....s.. 6.("
    0060 - 2e c5 2f ae d5 d1 91 bf-54 ea fa d9 c0 27 31 b0   ../.....T....'1.
    0070 - a5 c1 6b 32 0d cf 10 75-2b f0 bb e6 d4 67 b3 dc   ..k2...u+....g..
    0080 - f6 e9 4f 13 ac f3 2d f7-e3 52 90 7f 6f 8f ce ed   ..O...-..R..o...
    0090 - 4c 70 b8 d1 0c aa d6 bb-ed 10 b8 6e aa e5 af 20   Lp.........n... 
    00a0 - 2c 0a fe 7f 9b 1c c8 07-0e 44 1a 39 09 25 db ef   ,........D.9.%..
    00b0 - 45 4d 28 c9 d9 1d 59 31-0c eb 2a c5 80 0e c2 1f   EM(...Y1..*.....
    00c0 - 29 1f a6 09 29 a1 44 20-9d de 17 17 b7 79 41 01   )...).D .....yA.
    00d0 - 91 8d b8 b2 8f f9 a0 02-a2 3a 87 ed d2 d6 4f ec   .........:....O.
    00e0 - 27 72 69 a6 24 b8 40 29-5f 1c 26 0b ac 3a 66 76   'ri.$.@)_.&..:fv
    00f0 - fd 0a 06 7c 74 3e ec 97-2a 82 da fb 2f 3b 2f f4   ...|t>..*.../;/.
    0100 - c8 84 0f 45 7e 1e 7b bd-09 5d b6 79 06 f9 a3 bf   ...E~.{..].y....
    0110 - d2 6f 38 3b 33 47 97 94-c5 a6 8f cc 95 8e 11 aa   .o8;3G..........
    0120 - ba d6 a8 77 19 28 e6 79-a3 1a 74 dc 91 a1 38 55   ...w.(.y..t...8U
    0130 - 2b 9d e8 87 9f b3 9e 54-59 45 3f e5 34 b2 23 7c   +......TYE?.4.#|
    0140 - 0c d1 9a 5b 56 a7 69 4e-ea 4a 77 f9 87 53 22 c8   ...[V.iN.Jw..S".
    0150 - 26 5d 0b f1 09 9b 10 b5-7d be 51 d7 02 90 81 95   &]......}.Q.....
    0160 - 47 ba 70 a5 e9 12 4a 85-a6 57 47 2e 73 98 8e 58   G.p...J..WG.s..X
    0170 - 71 76 4c b8 4c 07 18 de-4a a9 e4 8a cb e5 4c 07   qvL.L...J.....L.
    0180 - e5 23 16 77 8c a0 a4 7c-c5 71 15 8d 0f c5 36 6c   .#.w...|.q....6l
    0190 - 6b fb 95 43 f1 6d d3 01-04 e2 a1 0c 72 d3 80 89   k..C.m......r...
    01a0 - 0c 3a 74 e4 72 4e 8a e7-fa ad 8f bc 95 c6 2f 43   .:t.rN......../C
    01b0 - ca 32 7a bc 49 d1 5b e9-db 7e 33 b6 9d a5 58 2e   .2z.I.[..~3...X.
    01c0 - 0d 56 3c 47 74 61 98 4e-95 f6 42 e6 54 0f ce 9f   .V]F!.......j1..
    02a0 - ad e6 32 c3 1f 5f d3 7f-69 19 bc 6f 5a ce 2a 1a   ..2.._..i..oZ.*.
    02b0 - 12 f4 bb 50 08 51 de 10-67 7e 1d 4f 84 36 3f e6   ...P.Q..g~.O.6?.
    02c0 - 3b ee 78 5e c3 b8 50 91-2d 0d 87 83 13 74 9f 21   ;.x^..P.-....t.!
    02d0 - 81 45 fe 07 eb 56 a9 71-be 32 b6 5b 0d 7b ba 95   .E...V.q.2.[.{..
    02e0 - 2d 67 89 6b 87 a7 5b 2f-fb 41 10 2b 8f 3f 09 f9   -g.k..[/.A.+.?..
    02f0 - 44 53 00 fd 90 74 dd 95-40 d1 34 e7 7f 3e cb f2   [email protected]..>..
    0300 - 50 b0 1a db 2c 87 e0 21-ae b4 77 4e c3 d8 3f 78   P...,..!..wN..?x
    0310 - c4 2a 45 ed cb d2 6c 31-bd c9 e6 dc 91 5c 13 02   .*E...l1.....\..
    0320 - 99 21 8d 3f 09 20 f3 e8-b9 9c 2a b3 ae 69 74 2c   .!.?. ....*..it,
    0330 - 8d 57 7e eb 5a c6 03 da-94 08 0f 87 04 e5 55 dd   .W~.Z.........U.
    0340 - 2c dc 8f c9 75 e9 6b 44-c4 69 f3 8d ae 7c d5 dc   ,...u.kD.i...|..
    0350 - f3 97 d4 87 24 75 a1 ee-eb b9 3a 60 07 83 7e b1   ....$u....:`..~.
    0360 - 94 5c bd 77 b7 e7 2a 17-87 c0 a5 e9 9b 07 a0 8f   .\.w..*.........
    0370 - 8c 8b d3 f9 78 eb 88 9d-00 a0 88 50 04 72 e8 ce   ....x......P.r..
    0380 - df 09 13 67 c2 47 e4 e0-f4 87 cc 68 f3 07 6d 10   ...g.G.....h..m.
    0390 - d5 21 f7 fc 50 81 5b 33-4e 0b e6 01 cb 17 10 e5   .!..P.[3N.......
    03a0 - d6 d9 19 da f9 4f ab 27-c8 06 c6 a0 f8 48 75 4b   .....O.'.....HuK
    03b0 - 9b b8 8f 39 94 7c 2f 9c-9e fa e7 d1 da 54 7e 1c   ...9.|/......T~.
    03c0 - dc 3b 98 40 b0 80 db 23-85 69 bc 7a dd e0 87 4b   .;.@...#.i.z...K
    03d0 - 36 1a 1f a1 3a d5 0f 3d-bf 97 ed d7 3a 5c 13 bc   6...:..=....:\..
    03e0 - 6e 5c fe d2 a9 61 dd 6b-ba 26 2c e5 a2 52 01 a7   n\...a.k.&,..R..
    03f0 - c8 c1 98 34 1a 5a 7b 74-46 bd df 0c c1 fb 7a b7   ...4.Z{tF.....z.
    0400 - 80 96 16 5c ea 8d 30 aa-17 51 08 73 07 db 38 ea   ...\..0..Q.s..8.
    0410 - 96 92 1b d3 b7 7d ac e2-6f 1b 1c 6c b9 7e 0a 04   .....}..o..l.~..
    0420 - 46 99 a8 7e 0a 41 73 f5-84 b5 e5 59 c9 2f 45 24   F..~.As....Y./E$
    0430 - 62 bb 7c f4 1e 46 b5 8b-4e e7 b6 f4 27 ce 90 1b   b.|..F..N...'...

    Start Time: 1520238461
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

test-hello

参考:https://stackoverflow.com/questions/16646557/verify-incoming-ssl-using-openssl-s-server

你可能感兴趣的:(openssl,openssl,双向认证)

  • telnet yum linux安装,CentOS 7 LINUX下安装telnet服务 WebWarrior telnetyumlinux安装
    在CentOS7下升级了openssl和openssh,顺便装了下telnet服务。#安装telnet避免ssh无法登录yum-yinstallxinetdtelnettelnet-server在telnet情况下root登录提示loginincorrectlinux默认情况下root用户使用telnet是登录不了的,需要修改/etc/secruetty文件#允许root账号登陆vi/etc/se
  • 普通用户下Nginx 安装与启动教程 ascarl2010 Nginxnginx运维linux
    Nginx安装与启动教程本教程介绍如何在Linux环境中,通过root和qrcode用户进行Nginx的安装、配置与管理。1.以root用户登录并执行以下命令安装依赖sudoyuminstall-ygccmakepcre-develzlib-developenssl-develwget这些依赖是为了编译和安装Nginx所必需的库和工具。2.切换到qrcode用户接下来,我们将切换到qrcode用户
  • macOS 安装 Homebrew 玉梅小洋 macOS工具使用macos
    Homebrew是macOS上非常流行的包管理工具,可以用来安装各种软件和库。Homebrew安装/bin/bash-c"$(curl-fsSLhttps://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"使用Homebrew安装库例如,如果你想安装openssl库,可以使用以下命令:brewinstallopenssl
  • ubuntu编译安装python_Ubuntu16 编译安装Python3.6 weixin_39623671
    一、下载替换Ubuntu16的阿里源,参考官方配置apt-getupate#安装必要组件apt-getinstallopensslhtopiftoplibssl-devzlib1g-devmakegccwgetpython3-pipwgethttps://www.python.org/ftp/python/3.6.9/Python-3.6.9.tar.xz二、解压xz-dPython-3.6.9.
  • paramiko和cryptography的关系 0914_h 安全python3cryptography
    1、错误:fromcryptography.hazmat.bindings._constant_timeimportlibModuleNotFoundError:解答:先安装:sudoapt-getinstalllibffi-dev之后安装:sudopip3installcryptographysudoapt-getinstallopenssl还得安装:pipinstallparamiko2、
  • Anaconda 没办法安装和更新(CondaHTTPError: HTTP 000 CONNECTION FAILED for url) HappyJoo
    CondaHTTPError:HTTP000CONNECTIONFAILEDforurl不知道为什么,在window10更新之后,亦或者是不知道什么时候,很久没有用anaconda了,反正就是不能update或者install任何东西,会出现上面这个提示,下面还有一堆错误我没有贴上来,现在问题解决了,之前的错误忘了复制~解决方法:反正就是去安装个openssl就可以了。我贴一个知乎的回答~Cond
  • 使用 OpenSSL 创建自签名证书 乐优刘@0724 nginx运维
    mkdir-p/etc/nginx/conf.d/cert#2、创建私钥opensslgenrsa-des3-outhttps.key1024提示输入字符:输入字符:rancher[root@ocean-app-1a-01cert]#opensslgenrsa-des3-outhttps.key1024GeneratingRSAprivatekey,1024bitlongmodulus…+++++
  • fastdfs 04 安装fastdfs-nginx-module支持http Herman7z
    在余大的GitHub上下载好fastdfs-nginx-module上传到我们的CentOS中就可以开始安装了,在安装nginx之前需要先安装一些模块依赖的lib库,直接贴出安装代码:yum-yinstallpcrepcre-develyum-yinstallzlibzlib-develyum-yinstallopensslopenssl-devel依次装好这些依赖之后就可以开始安装nginx了。
  • openssl生成数字证书 wacpguo 网络服务器运维
    openssl生成CA证书_opensslindex.txt:nosuchfileordirectory-CSDN博客https://blog.csdn.net/cowbin2012/article/details/100134114
  • 在 Windows下用 Visual Studio 编译 OpenSSL 1.1.0 Oo璀璨星海oO PKI
    到OpenSSL官方网站下载OpenSSL源代码包1、下载openssl-1.1.0.tar.gz2、安装ActivePerl,可以到http://www.activestate.com/activeperl/downloads下载最新版本,需要用到perl解释器。注:Perl最低版本要求5.10以上,WindowsXP用户最后支持版本ActivePerl5.20.2.2002版本3、使用VS20
  • nginx正向代理-内网服务器通过代理服务器访问外部网络 kiboyiscoming JAVAnginx正向代理nginxjavalinux
    #1.安装编译工具yuminstallgccgcc-c++make-yyuminstallrpm-buildrpmdevtools-y2.安装依赖yuminstallpcre-develpcre-yyuminstallzlib-develzlib-yyuminstallopenssl-developenssl-yyuminstallredhat-lsb-core-yyuminstallgit-y3
  • centos7安装python3.11 林光虚霁晓 补充python3.11
    1安装依赖sudoyum-yupdatesudoyum-yinstallopenssl-develbzip2-develexpat-develgdbm-develreadline-develsqlite-develpsmisclibffi-devel-ysudoyum-ygroupinstall"DevelopmentTools"2安装必需的openssl>=1.1.1wgethttps://ww
  • Node:解决Error: error:0308010C:digital envelope routines::unsupported的解决方法 码上言 分享vue
    问题描述在使用vuepress搭建博客的时候,运行项目发现报错了,检查了node的版本是18+,之前用的是16或14的版本,现在报:Error:error:0308010C:digitalenveloperoutines::unsupported错误。查找了一些资料,大致明白了报错的原因:主要是因为node17版本发布了OpenSSL3.0对算法和秘钥大小增加了更为严格的限制,node17之前版本
  • error:0308010C:digital envelope routines::unsupported【超详细图解】 舊時王謝堂前燕 前端node.jsnpm
    目录一、报错信息二、分析原因三、解决方案一、报错信息二、分析原因node.js18不兼容oppsll,node.jsv17以上版本中最近发布的OpenSSL3.0,而OpenSSL3.0对允许算法和密钥大小增加了严格的限制三、解决方案方案1:打开终端,直接输入Linux&MacOS:exportNODE_OPTIONS=--openssl-legacy-providerWindows:setNOD
  • Win生成git的公私钥 J不A秃V头A Javagitjava
    在Windows上生成Git的公钥和私钥,可以通过几种不同的方法实现,以下是使用最常见工具(如GitBash、PuTTYgen和OpenSSL)的详细步骤:一、使用GitBash生成密钥对安装GitforWindows:如果尚未安装Git,请从Git官网下载并安装GitforWindows。安装过程中,请确保选择包含GitBash的选项。打开GitBash:安装完成后,找到并打开GitBash。生
  • HTTPSS证书制作笔记 yangc91
    参考资料AndroidHTTPS自制证书实现双向认证制作证书keytool-genkeypair-aliasclient-keyalgRSA-validity3650-keypass123456-storepass123456-keystoreclient.jks#keytool-genkeypair-aliasclient-keyalgRSA-validity3650-dname"CN=127.
  • 关于SM2算法 ASN.1编码 踩过的坑 - 加密 softt c语言密码学
    在某些项目开发过程中,或多或少很多底层安全OS系统或者算法库,都引入了openssl或者gmssl的一些内容来实现算法,这样就导致算法运算结果并不是完全按照国密标准的裸数据,而是经过编码之后的数据,编码之间的对齐对上层业务系统互通带来的一些挑战。以一个手机TEE里面TA实际出现的场景举例,APP应用访问TA进行算法运算,在TA里面进行SM2算法加密之后,正常情况下TA结果为C1x+C1y+C3(H
  • openssl从p12提取公钥、私钥和证书 promise524 网络协议openssl证书经验分享bashlinuxtcp/ip
    OpenSSL可以很方便地从.p12(PKCS#12)文件中提取公钥、私钥和证书,并以适当的格式保存它们,方便进一步使用。提取私钥从.p12文件中提取私钥,并将其保存到一个.key文件中opensslpkcs12-inyourfile.p12-nocerts-nodes-outprivate.key-inyourfile.p12:指定要提取的.p12文件。-nocerts:不提取证书,仅提取私钥。
  • linux安装python3.11.9 BUG记录机 pythonlinuxpython3.11运维
    下载wgethttps://www.python.org/ftp/python/3.11.9/Python-3.11.9.tgz解压tar-zxfPython.tgz准备编译环境yum-yinstallgccmakezlibzlib-devellibffilibffi-develreadline-developenssl-developenssl11openssl11-devel安装openssl
  • aes加密字符串 openssl_aes加解密(openssl方式) Yufeng Bai aes加密字符串openssl
    /***说明:**User:胡熔*Date:2018/11/5*Time:15:47*/include'aes.class.php';$str='这是加密前的字符';$key='http://www.hu-rong.com';$aes=newAes($key);$encrypted=$aes->encrypt($str);echo'要加密的字符串:'.$str.'加密key为'.$key.'加密后
  • Nginx使用命令安装说明 lytcreate. Linuxnginx服务器运维
    1.获取安装包wgethttps://nginx.org/download/nginx-1.20.2.tar.gz2.解压安装包tar-zxvfnginx-1.20.2.tar.gz3.安装依赖yum-yinstallgccpcre-develzlib-developensslopenssl-devel4.安装nginxcdnginx-1.20.2/./configure--prefix=/usr
  • FastDFS的安装(分布式项目中的图片管理) 菜到极致就是渣 环境搭建Java项目实用知识分布式架构分布式java
    分布式项目中我们将图片存放在FastDFS中,也是用它来管理图片的,但是还需要使用Nginx的代理功能才能访问FastDFS中存放的图片(也就是说还要安装Nginx)一、FastDfs的安装(1)安装gcc编译器yuminstallgcc-c++perl-develpcre-developenssl-develzlib-develwget(2)上传FastDFS和FastDFS依赖包(压缩包资源放
  • 移远5G平台交叉编译C++、OpenSSL 初级代码游戏 工业5G交叉编译openssl
    初级代码游戏的专栏介绍与文章目录-CSDN博客我的github:codetoys,所有代码都将会位于ctfc库中。已经放入库中我会指出在库中的位置。这些代码大部分以Linux为目标但部分代码是纯C++的,可以在任何平台上使用。这是操作记录。移远的某款5G平台,arm64,简化版linux系统。交叉编译环境为ubuntu18(我用的是最小安装的liveserver)。交叉编译工具:unisoc-in
  • CentOS 系统上将 Python 更新到 3.9 版本 (x²+y²-1)³+x²y³ = 0 centospythonlinux
    1.首先,更新系统包并安装必要的开发工具sudoyumupdatesudoyumgroupinstall"DevelopmentTools"-ysudoyuminstallopenssl-develbzip2-devellibffi-devel-y2.下载Python3.9源代码:cd/optsudowgethttps://www.python.org/ftp/python/3.9.13/Pyth
  • 内网IP使用Https小记 G-MDMA httpstcp/ip网络协议
    本文章记录使用Nginx,给内网IP地址提供Https协议功能1.使用openssl生成自签证书2.将证书配置在Nginx中3.使用443端口出现的一些问题1.Chrome浏览器,会提示不安全.可以忽略,或者本地浏览器添加证书信任2.通过JavaHttps请求接口此处Https请求时需要忽略证书验证.就可以访问到请求了
  • 【CentOS7】【Nginx】CentOS7源码编译并安装nginx 小丛的知识窝 nginx运维服务器
    更新yumsudoyumupdate-y安装必要的编译工具和依赖项sudoyuminstall-ygccpcre-developenssl-develzlib-devel下载Nginx源代码wgethttp://nginx.org/download/nginx-1.20.1.tar.gz解压源代码包tar-zxvfnginx-1.20.1.tar.gz进入解压后的目录cdnginx-1.20.1配
  • Kafka-SSL笔记整理 yicj kafkassl笔记
    创建密钥仓库以及CA创建密匙仓库,用户存储证书文件keytool-keystoreserver.keystore.jks-aliashello_kafka-validity100000-genkey创建CAopensslreq-new-x509-keyoutca-key-outca-cert-days100000将生成的CA添加到客户端信任库keytool-keystoreclient.trust
  • wrk安装及使用 Loren_云淡风轻 自动化测试junit
    一,mac安装官网地址:https://github.com/wg/wrk/blob/master/README.mdmac安装:brewinstallwrk查看是否安装成功:wrk-vcentos安装:sudoyumgroupinstall'DevelopmentTools'sudoyuminstall-yopenssl-develgitgitcloneGitHub-wg/wrk:ModernH
  • CentOS 7 基于官方源码制作openssh 9.7p1版本rpm包(含ssh-copy-id和显示openssl版本信息)—— 筑梦之路 筑梦之路 linux系统运维centossshlinux
    制作过程参考之前的文章,CentOS7基于官方源码和openssl制作openssh9.6rpm包(含ssh-copy-id)——筑梦之路_openssh9.6-CSDN博客几乎没啥差别2023年3月12日,已经制作好的二进制rpm包和src包见我的资源。
  • Linux 制作 OpenSSH RPM 包 dongsong1117 linux运维服务器OpenSSH
    文章目录1.安装依赖2.建立编译目录3.下载源码包并解压4.复制编译配置5.修改编译配置6.编译制作RPM包本文适用系统:RockyLinux9、AWSAmazonLinux20231.安装依赖RockyLinux:dnf-yinstallepel-releasegccinitscriptskrb5-develmakeopensslopenssl-develpam-develperlrpm-bui
  • jQuery 跨域访问的三种方式 No 'Access-Control-Allow-Origin' header is present on the reque qiaolevip 每天进步一点点学习永无止境跨域众观千象
    XMLHttpRequest cannot load http://v.xxx.com. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:63342' is therefore not allowed access. test.html:1
  • mysql 分区查询优化 annan211 java分区优化mysql
    分区查询优化 引入分区可以给查询带来一定的优势,但同时也会引入一些bug. 分区最大的优点就是优化器可以根据分区函数来过滤掉一些分区,通过分区过滤可以让查询扫描更少的数据。 所以,对于访问分区表来说,很重要的一点是要在where 条件中带入分区,让优化器过滤掉无需访问的分区。 可以通过查看explain执行计划,是否携带 partitions
  • MYSQL存储过程中使用游标 chicony Mysql存储过程
    DELIMITER $$ DROP PROCEDURE IF EXISTS getUserInfo $$ CREATE PROCEDURE getUserInfo(in date_day datetime)-- -- 实例-- 存储过程名为:getUserInfo-- 参数为:date_day日期格式:2008-03-08--    BEGINdecla
  • mysql 和 sqlite 区别 Array_06 sqlite
    转载: http://www.cnblogs.com/ygm900/p/3460663.html mysql 和 sqlite 区别 SQLITE是单机数据库。功能简约,小型化,追求最大磁盘效率 MYSQL是完善的服务器数据库。功能全面,综合化,追求最大并发效率 MYSQL、Sybase、Oracle等这些都是试用于服务器数据量大功能多需要安装,例如网站访问量比较大的。而sq
  • pinyin4j使用 oloz pinyin4j
    首先需要pinyin4j的jar包支持;jar包已上传至附件内 方法一:把汉字转换为拼音;例如:编程转换后则为biancheng      /** * 将汉字转换为全拼 * @param src 你的需要转换的汉字 * @param isUPPERCASE 是否转换为大写的拼音; true:转换为大写;fal
  • 微博发送私信 随意而生 微博
    在前面文章中说了如和获取登陆时候所需要的cookie,现在只要拿到最后登陆所需要的cookie,然后抓包分析一下微博私信发送界面 http://weibo.com/message/history?uid=****&name=**** 可以发现其发送提交的Post请求和其中的数据, 让后用程序模拟发送POST请求中的数据,带着cookie发送到私信的接入口,就可以实现发私信的功能了。
  • jsp 香水浓 jsp
    JSP初始化     容器载入JSP文件后,它会在为请求提供任何服务前调用jspInit()方法。如果您需要执行自定义的JSP初始化任务,复写jspInit()方法就行了 JSP执行     这一阶段描述了JSP生命周期中一切与请求相关的交互行为,直到被销毁。     当JSP网页完成初始化后
  • 在 Windows 上安装 SVN Subversion 服务端 AdyZhang SVN
    在 Windows 上安装 SVN Subversion 服务端2009-09-16高宏伟哈尔滨市道里区通达街291号   最佳阅读效果请访问原地址:http://blog.donews.com/dukejoe/archive/2009/09/16/1560917.aspx   现在的Subversion已经足够稳定,而且已经进入了它的黄金时段。我们看到大量的项目都在使
  • android开发中如何使用 alertDialog从listView中删除数据? aijuans android
    我现在使用listView展示了很多的配置信息,我现在想在点击其中一条的时候填出 alertDialog,点击确认后就删除该条数据,( ArrayAdapter ,ArrayList,listView 全部删除),我知道在 下面的onItemLongClick 方法中 参数 arg2  是选中的序号,但是我不知道如何继续处理下去 1 2 3
  • jdk-6u26-linux-x64.bin 安装 baalwolf linux
    1.上传安装文件(jdk-6u26-linux-x64.bin) 2.修改权限 [root@localhost ~]# ls -l /usr/local/jdk-6u26-linux-x64.bin 3.执行安装文件 [root@localhost ~]# cd /usr/local [root@localhost local]# ./jdk-6u26-linux-x64.bin&nbs
  • MongoDB经典面试题集锦 BigBird2012 mongodb
    1.什么是NoSQL数据库?NoSQL和RDBMS有什么区别?在哪些情况下使用和不使用NoSQL数据库? NoSQL是非关系型数据库,NoSQL = Not Only SQL。 关系型数据库采用的结构化的数据,NoSQL采用的是键值对的方式存储数据。 在处理非结构化/半结构化的大数据时;在水平方向上进行扩展时;随时应对动态增加的数据项时可以优先考虑使用NoSQL数据库。 在考虑数据库的成熟
  • JavaScript异步编程Promise模式的6个特性 bijian1013 JavaScriptPromise
            Promise是一个非常有价值的构造器,能够帮助你避免使用镶套匿名方法,而使用更具有可读性的方式组装异步代码。这里我们将介绍6个最简单的特性。         在我们开始正式介绍之前,我们想看看Javascript Promise的样子: var p = new Promise(function(r
  • [Zookeeper学习笔记之八]Zookeeper源代码分析之Zookeeper.ZKWatchManager bit1129 zookeeper
    ClientWatchManager接口 //接口的唯一方法materialize用于确定那些Watcher需要被通知 //确定Watcher需要三方面的因素1.事件状态 2.事件类型 3.znode的path public interface ClientWatchManager { /** * Return a set of watchers that should
  • 【Scala十五】Scala核心九:隐式转换之二 bit1129 scala
    隐式转换存在的必要性,   在Java Swing中,按钮点击事件的处理,转换为Scala的的写法如下:   val button = new JButton button.addActionListener( new ActionListener { def actionPerformed(event: ActionEvent) {
  • Android JSON数据的解析与封装小Demo ronin47
    转自:http://www.open-open.com/lib/view/open1420529336406.html package com.example.jsondemo; import org.json.JSONArray; import org.json.JSONException; import org.json.JSONObject;    impor
  • [设计]字体创意设计方法谈 brotherlamp UIui自学ui视频ui教程ui资料
      从古至今,文字在我们的生活中是必不可少的事物,我们不能想象没有文字的世界将会是怎样。在平面设计中,UI设计师在文字上所花的心思和功夫最多,因为文字能直观地表达UI设计师所的意念。在文字上的创造设计,直接反映出平面作品的主题。 如设计一幅戴尔笔记本电脑的广告海报,假设海报上没有出现“戴尔”两个文字,即使放上所有戴尔笔记本电脑的图片都不能让人们得知这些电脑是什么品牌。只要写上“戴尔笔
  • 单调队列-用一个长度为k的窗在整数数列上移动,求窗里面所包含的数的最大值 bylijinnan java算法面试题
    import java.util.LinkedList; /* 单调队列 滑动窗口 单调队列是这样的一个队列:队列里面的元素是有序的,是递增或者递减 题目:给定一个长度为N的整数数列a(i),i=0,1,...,N-1和窗长度k. 要求:f(i) = max{a(i-k+1),a(i-k+2),..., a(i)},i = 0,1,...,N-1 问题的另一种描述就
  • struts2处理一个form多个submit chiangfai struts2
    web应用中,为完成不同工作,一个jsp的form标签可能有多个submit。如下代码: <s:form action="submit" method="post" namespace="/my"> <s:textfield name="msg" label="叙述:">
  • shell查找上个月,陷阱及野路子 chenchao051 shell
    date -d "-1 month" +%F     以上这段代码,假如在2012/10/31执行,结果并不会出现你预计的9月份,而是会出现八月份,原因是10月份有31天,9月份30天,所以-1 month在10月份看来要减去31天,所以直接到了8月31日这天,这不靠谱。     野路子解决:假设当天日期大于15号
  • mysql导出数据中文乱码问题 daizj mysql中文乱码导数据
    解决mysql导入导出数据乱码问题方法: 1、进入mysql,通过如下命令查看数据库编码方式: mysql>  show variables like 'character_set_%'; +--------------------------+----------------------------------------+ | Variable_name&nbs
  • SAE部署Smarty出现:Uncaught exception 'SmartyException' with message 'unable to write dcj3sjt126com PHPsmartysae
      对于SAE出现的问题:Uncaught exception 'SmartyException' with message 'unable to write file...。 官方给出了详细的FAQ:http://sae.sina.com.cn/?m=faqs&catId=11#show_213 解决方案为:   01 $path 
  • 《教父》系列台词 dcj3sjt126com
    Your love is also your weak point. 你的所爱同时也是你的弱点。   If anything in this life is certain, if history has taught us anything, it is that you can kill anyone.   不顾家的人永远不可能成为一个真正的男人。 &
  • mongodb安装与使用 dyy_gusi mongo
    一.MongoDB安装和启动,widndows和linux基本相同 1.下载数据库,     linux:mongodb-linux-x86_64-ubuntu1404-3.0.3.tgz 2.解压文件,并且放置到合适的位置     tar -vxf mongodb-linux-x86_64-ubun
  • Git排除目录 geeksun git
    在Git的版本控制中,可能有些文件是不需要加入控制的,那我们在提交代码时就需要忽略这些文件,下面讲讲应该怎么给Git配置一些忽略规则。   有三种方法可以忽略掉这些文件,这三种方法都能达到目的,只不过适用情景不一样。 1.  针对单一工程排除文件 这种方式会让这个工程的所有修改者在克隆代码的同时,也能克隆到过滤规则,而不用自己再写一份,这就能保证所有修改者应用的都是同一
  • Ubuntu 创建开机自启动脚本的方法 hongtoushizi ubuntu
    转载自: http://rongjih.blog.163.com/blog/static/33574461201111504843245/ Ubuntu 创建开机自启动脚本的步骤如下: 1) 将你的启动脚本复制到 /etc/init.d目录下 以下假设你的脚本文件名为 test。   2) 设置脚本文件的权限 $ sudo chmod 755
  • 第八章 流量复制/AB测试/协程 jinnianshilongnian nginxluacoroutine
    流量复制 在实际开发中经常涉及到项目的升级,而该升级不能简单的上线就完事了,需要验证该升级是否兼容老的上线,因此可能需要并行运行两个项目一段时间进行数据比对和校验,待没问题后再进行上线。这其实就需要进行流量复制,把流量复制到其他服务器上,一种方式是使用如tcpcopy引流;另外我们还可以使用nginx的HttpLuaModule模块中的ngx.location.capture_multi进行并发
  • 电商系统商品表设计 lkl
    DROP TABLE IF EXISTS `category`; -- 类目表 /*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `category` ( `id` int(11) NOT NUL
  • 修改phpMyAdmin导入SQL文件的大小限制 pda158 sqlmysql
     用phpMyAdmin导入mysql数据库时,我的10M的 数据库不能导入,提示mysql数据库最大只能导入2M。    phpMyAdmin数据库导入出错:   You probably tried to upload too large file. Please refer to documentation for ways to workaround this limit.
  • Tomcat性能调优方案 Sobfist apachejvmtomcat应用服务器
    一、操作系统调优 对于操作系统优化来说,是尽可能的增大可使用的内存容量、提高CPU的频率,保证文件系统的读写速率等。经过压力测试验证,在并发连接很多的情况下,CPU的处理能力越强,系统运行速度越快。。 【适用场景】 任何项目。 二、Java虚拟机调优 应该选择SUN的JVM,在满足项目需要的前提下,尽量选用版本较高的JVM,一般来说高版本产品在速度和效率上比低版本会有改进。 J
  • SQLServer学习笔记 vipbooks 数据结构xml
    1、create database school 创建数据库school 2、drop database school 删除数据库school 3、use school 连接到school数据库,使其成为当前数据库 4、create table class(classID int primary key identity not null) 创建一个名为class的表,其有一
按字母分类: ABCDEFGHIJKLMNOPQRSTUVWXYZ其他