OpenSSL证书生成参考
Posted zh672903
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了OpenSSL证书生成参考相关的知识,希望对你有一定的参考价值。
OpenSSL证书生成参考:
部分参考: https://blog.csdn.net/qq_37979887/article/details/80491849
Microsoft Windows [版本 6.1.7601]
版权所有 (c) 2009 Microsoft Corporation。保留所有权利。
C:UsersXinSai>type server.crt server.key > server.pem
server.crt
server.key
牵涉到密钥的密码是:callcenter(请按你自己的密码设定)
- 第1步:
C:UsersXinSai>openssl
OpenSSL> genrsa -des3 -out server.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
.............+++++
................+++++
e is 65537 (0x010001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
- 第2步:
OpenSSL> req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.‘, the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Beijing
Locality Name (eg, city) []:Beijing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:sjht
Organizational Unit Name (eg, section) []:info technology
Common Name (e.g. server FQDN or YOUR name) []:www.callcenter.com
Email Address []:2043785563@qq.com
Please enter the following ‘extra‘ attributes
to be sent with your certificate request
A challenge password []:callcenter
An optional company name []:sjht
- 第3步:
OpenSSL> rsa -in server.key -out server_no_passwd.key
Enter pass phrase for server.key:
writing RSA key
- 第4步:
OpenSSL> x509 -req -days 365 -in server.csr -signkey server_no_passwd.key -out server.crt
Signature ok
subject=C = CN, ST = Beijing, L = Beijing, O = sjht, OU = info technology, CN =
callcenter.com, emailAddress = 394703489@qq.com
Getting Private key
- 第5步:quit 退出OpenSSL,直接用cmd执行:
OpenSSL> quit
C:UsersXinSai>type server.crt server_no_passwd.key > server.pem.
server.crt
server_no_passwd.key
C:UsersXinSai>
- 第6步:
最后一步记得合成:
type server.crt server_no_passwd.key > server.pem
- 第7步:生成iis要用的证书
OpenSSL> pkcs12 -export -clcerts -in server.crt -inkey server_no_passwd.key -out
iis.pfx
Enter Export Password:
Verifying - Enter Export Password:
OpenSSL>
去掉浏览器开始提示的HTTPS页面:
https://blog.csdn.net/haowai501/article/details/80269807
允许浏览器执行不安全的证书:
https://segmentfault.com/a/1190000021843971
- 找到你的Chrome快捷方式.
- 右键图标,选择属性
- 找到”目标”文本框,里面的内容是你的Chrome程序路径,类似这样C:UsersAdministratorAppDataLocalGoogleChromeApplicationchrome.exe
- 在这段文本的后面输入一个空格,然后输入-ignore-certificate-errors
- 修改后的文本应该类似于这样:C:UsersAdministratorAppDataLocalGoogleChromeApplicationchrome.exe -ignore-certificate-errors
- 点击确定
- 重新打开你的Chrome浏览器
以上是关于OpenSSL证书生成参考的主要内容,如果未能解决你的问题,请参考以下文章