OpenSSL证书生成参考

Posted zh672903

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了OpenSSL证书生成参考相关的知识,希望对你有一定的参考价值。

OpenSSL证书生成参考:

部分参考: https://blog.csdn.net/qq_37979887/article/details/80491849

Microsoft Windows [版本 6.1.7601]
版权所有 (c) 2009 Microsoft Corporation。保留所有权利。

C:UsersXinSai>type server.crt server.key > server.pem

server.crt

server.key

牵涉到密钥的密码是:callcenter(请按你自己的密码设定)

  • 第1步:
C:UsersXinSai>openssl
OpenSSL> genrsa -des3 -out server.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
.............+++++
................+++++
e is 65537 (0x010001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
  • 第2步:
OpenSSL> req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.‘, the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Beijing
Locality Name (eg, city) []:Beijing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:sjht
Organizational Unit Name (eg, section) []:info technology
Common Name (e.g. server FQDN or YOUR name) []:www.callcenter.com
Email Address []:2043785563@qq.com

Please enter the following ‘extra‘ attributes
to be sent with your certificate request
A challenge password []:callcenter
An optional company name []:sjht

  • 第3步:
OpenSSL> rsa -in server.key -out server_no_passwd.key
Enter pass phrase for server.key:
writing RSA key

  • 第4步:
OpenSSL> x509 -req -days 365 -in server.csr -signkey server_no_passwd.key -out server.crt
Signature ok
subject=C = CN, ST = Beijing, L = Beijing, O = sjht, OU = info technology, CN =
callcenter.com, emailAddress = 394703489@qq.com
Getting Private key

  • 第5步:quit 退出OpenSSL,直接用cmd执行:
OpenSSL> quit
C:UsersXinSai>type server.crt server_no_passwd.key > server.pem.
server.crt
server_no_passwd.key
C:UsersXinSai>
  • 第6步:
    最后一步记得合成:
type server.crt server_no_passwd.key > server.pem
  • 第7步:生成iis要用的证书
OpenSSL> pkcs12 -export -clcerts -in server.crt -inkey server_no_passwd.key -out
 iis.pfx
Enter Export Password:
Verifying - Enter Export Password:
OpenSSL>

去掉浏览器开始提示的HTTPS页面:
https://blog.csdn.net/haowai501/article/details/80269807

允许浏览器执行不安全的证书:
https://segmentfault.com/a/1190000021843971

  1. 找到你的Chrome快捷方式.
  2. 右键图标,选择属性
  3. 找到”目标”文本框,里面的内容是你的Chrome程序路径,类似这样C:UsersAdministratorAppDataLocalGoogleChromeApplicationchrome.exe
  4. 在这段文本的后面输入一个空格,然后输入-ignore-certificate-errors
  5. 修改后的文本应该类似于这样:C:UsersAdministratorAppDataLocalGoogleChromeApplicationchrome.exe -ignore-certificate-errors
  6. 点击确定
  7. 重新打开你的Chrome浏览器




以上是关于OpenSSL证书生成参考的主要内容,如果未能解决你的问题,请参考以下文章

OpenSSL证书生成参考

openssl生成.pem证书

OpenSSL生成HTTPS自签名证书

用openssl 和 keytool 生成 SSL证书

openssl 自签名证书 - 安装openssl(一)

为啥openssl自建证书只能局域网访问