海妖 发表于 2015-1-14 20:11:47

来一发CentOS下OpenSSL的装置和利用

如果您觉得本篇CentOSLinux教程讲得好,请记得点击右边漂浮的分享程序,把好文章分享给你的好朋友们!1,装置openssl
tarzxvfopenssl-1.0.0a.tar.gz
cdopenssl-1.0.0a
./config--prefix=/usr/local/openssl
make&&makeinstall
2,装置apache
tarzxvfhttpd-2.2.16.tar.gz
cdhttpd-2.2.16
./configure--prefix=/usr/local/apache--enable-ssl--enable-rewrite--enable-so--with-ssl=/usr/local/openssl
make&&makeinstall
假如你是yuminstall,apt-get,pacman如许的软件办理工具举行装置的话,下面的二步能够免却。
3,创立主证书
在/usr/local/apache/conf/上面建个目次ssl
3.1,mkdirssl
3.2,cp/openssl的装置目次/ssl/misc/CA.sh/usr/local/apache/conf/ssl/
3.3用CA.sh来创立证书
检察复制打印
1.#./CA.sh-newca//创建主证书
2.CAcertificatefilename(orentertocreate)
3.
4.MakingCAcertificate...
5.Generatinga1024bitRSAprivatekey
6.............++++++
7.......++++++
8.writingnewprivatekeyto./demoCA/private/./cakey.pem
9.EnterPEMpassphrase:
10.Verifying-EnterPEMpassphrase:
11.Verifyfailure
12.EnterPEMpassphrase:
13.Verifying-EnterPEMpassphrase:
14.-----
15.Youareabouttobeaskedtoenterinformationthatwillbeincorporated
16.intoyourcertificaterequest.
17.WhatyouareabouttoenteriswhatiscalledaDistinguishedNameoraDN.
18.Therearequiteafewfieldsbutyoucanleavesomeblank
19.Forsomefieldstherewillbeadefaultvalue,
20.Ifyouenter.,thefieldwillbeleftblank.
21.-----
22.CountryName(2lettercode):cn
23.StateorProvinceName(fullname):cn
24.LocalityName(eg,city)[]:cn
25.OrganizationName(eg,company):cn
26.OrganizationalUnitName(eg,section)[]:cn
27.CommonName(eg,YOURname)[]:localhost
28.EmailAddress[]:xtaying@gmail.com
29.
30.Pleaseenterthefollowingextraattributes
31.tobesentwithyourcertificaterequest
32.Achallengepassword[]:******************
33.Anoptionalcompanyname[]:
34.Usingconfigurationfrom/etc/ssl/openssl.cnf
35.Enterpassphrasefor./demoCA/private/./cakey.pem://填的是下面的PEM暗码
36.Checkthattherequestmatchesthesignature
37.Signatureok
38.CertificateDetails:
39.SerialNumber:
40.89:11:9f:a6:ca:03:63:ab
41.Validity
42.NotBefore:Aug712:35:282010GMT
43.NotAfter:Aug612:35:282013GMT
44.Subject:
45.countryName=cn
46.stateOrProvinceName=cn
47.organizationName=cn
48.organizationalUnitName=cn
49.commonName=localhost
50.emailAddress=xtaying@gmail.com
51.X509v3extensions:
52.X509v3SubjectKeyIdentifier:
53.26:09:F3:D5:26:13:00:1F:3E:CC:86:1D:E4:EE:37:06:65:15:4E:76
54.X509v3AuthorityKeyIdentifier:
55.keyid:26:09:F3:D5:26:13:00:1F:3E:CC:86:1D:E4:EE:37:06:65:15:4E:76
56.DirName:/C=cn/ST=cn/O=cn/OU=cn/CN=localhost/emailAddress=xtaying@gmail.com
57.serial:89:11:9F:A6:CA:03:63:AB
58.
59.X509v3BasicConstraints:
60.CA:TRUE
61.CertificateistobecertifieduntilAug612:35:282013GMT(1095days)
62.
63.Writeoutdatabasewith1newentries
64.DataBaseUpdated

#./CA.sh-newca//创建主证书
CAcertificatefilename(orentertocreate)

MakingCAcertificate...
Generatinga1024bitRSAprivatekey
............++++++
......++++++
writingnewprivatekeyto./demoCA/private/./cakey.pem
EnterPEMpassphrase:
Verifying-EnterPEMpassphrase:
Verifyfailure
EnterPEMpassphrase:
Verifying-EnterPEMpassphrase:
-----
Youareabouttobeaskedtoenterinformationthatwillbeincorporated
intoyourcertificaterequest.
WhatyouareabouttoenteriswhatiscalledaDistinguishedNameoraDN.
Therearequiteafewfieldsbutyoucanleavesomeblank
Forsomefieldstherewillbeadefaultvalue,
Ifyouenter.,thefieldwillbeleftblank.
-----
CountryName(2lettercode):cn
StateorProvinceName(fullname):cn
LocalityName(eg,city)[]:cn
OrganizationName(eg,company):cn
OrganizationalUnitName(eg,section)[]:cn
CommonName(eg,YOURname)[]:localhost
EmailAddress[]:xtaying@gmail.com

Pleaseenterthefollowingextraattributes
tobesentwithyourcertificaterequest
Achallengepassword[]:******************
Anoptionalcompanyname[]:
Usingconfigurationfrom/etc/ssl/openssl.cnf
Enterpassphrasefor./demoCA/private/./cakey.pem://填的是下面的PEM暗码
Checkthattherequestmatchesthesignature
Signatureok
CertificateDetails:
SerialNumber:
89:11:9f:a6:ca:03:63:ab
Validity
NotBefore:Aug712:35:282010GMT
NotAfter:Aug612:35:282013GMT
Subject:
countryName=cn
stateOrProvinceName=cn
organizationName=cn
<palign="left"style="word-wrap:break-word;margin:5px0px;padding:0px;color:rgb(102,102,102);font-family:宋体,Arial;font-size:16px;line-height:26px;"><spanstyle="word-wrap:break-word;">

透明 发表于 2015-1-14 22:56:40

来一发CentOS下OpenSSL的装置和利用

路过的帮顶

兰色精灵 发表于 2015-1-25 18:24:00

一定要学好命令,shell是命令语言,命令解释程序及程序设计语言的统称,shell也负责用户和操作系统之间的沟通。

因胸联盟 发表于 2015-2-3 21:14:32

任何人都可以根据自己的喜好来定制适合自己的操作系统,Linux?是抢占式多任务多用户操作系统.

小妖女 发表于 2015-2-9 09:46:25

虽然大家都比较喜欢漂亮的mm,但是在学 linux 的过程中,还是要多和“男人”接触一下:P 遇到问题的时候,出来看说和上网查之外,就是要多用 linux 下的 man 命令找找帮助。

若相依 发表于 2015-3-9 14:28:09

Linux只是个内核!这点很重要,你必须理解这一点。只有一个内核是不能构成一个操作系统的。

飘灵儿 发表于 2015-3-17 02:11:14

我是学习嵌入式方向的,这学期就选修了这门专业任选课。

不帅 发表于 2015-3-23 19:48:38

最好先搜寻一下论坛是否有您需要的文章。这样可以获得事半功倍的效果。
页: [1]
查看完整版本: 来一发CentOS下OpenSSL的装置和利用