码迷,mamicode.com
首页 > 其他好文 > 详细

OpenSSL证书生成参考

时间:2020-05-24 21:09:50      阅读:75      评论:0      收藏:0      [点我收藏+]

标签:section   int   challenge   des   windows   exp   路径   with   是你   

OpenSSL证书生成参考:

部分参考: https://blog.csdn.net/qq_37979887/article/details/80491849

Microsoft Windows [版本 6.1.7601]
版权所有 (c) 2009 Microsoft Corporation。保留所有权利。

C:\Users\XinSai>type server.crt server.key > server.pem

server.crt

server.key

牵涉到密钥的密码是:callcenter(请按你自己的密码设定)

  • 第1步:
C:\Users\XinSai>openssl
OpenSSL> genrsa -des3 -out server.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
.............+++++
................+++++
e is 65537 (0x010001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
  • 第2步:
OpenSSL> req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.‘, the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Beijing
Locality Name (eg, city) []:Beijing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:sjht
Organizational Unit Name (eg, section) []:info technology
Common Name (e.g. server FQDN or YOUR name) []:www.callcenter.com
Email Address []:2043785563@qq.com

Please enter the following ‘extra‘ attributes
to be sent with your certificate request
A challenge password []:callcenter
An optional company name []:sjht

  • 第3步:
OpenSSL> rsa -in server.key -out server_no_passwd.key
Enter pass phrase for server.key:
writing RSA key

  • 第4步:
OpenSSL> x509 -req -days 365 -in server.csr -signkey server_no_passwd.key -out server.crt
Signature ok
subject=C = CN, ST = Beijing, L = Beijing, O = sjht, OU = info technology, CN =
callcenter.com, emailAddress = 394703489@qq.com
Getting Private key

  • 第5步:quit 退出OpenSSL,直接用cmd执行:
OpenSSL> quit
C:\Users\XinSai>type server.crt server_no_passwd.key > server.pem.
server.crt
server_no_passwd.key
C:\Users\XinSai>
  • 第6步:
    最后一步记得合成:
type server.crt server_no_passwd.key > server.pem
  • 第7步:生成iis要用的证书
OpenSSL> pkcs12 -export -clcerts -in server.crt -inkey server_no_passwd.key -out
 iis.pfx
Enter Export Password:
Verifying - Enter Export Password:
OpenSSL>

去掉浏览器开始提示的HTTPS页面:
https://blog.csdn.net/haowai501/article/details/80269807

允许浏览器执行不安全的证书:
https://segmentfault.com/a/1190000021843971

  1. 找到你的Chrome快捷方式.
  2. 右键图标,选择属性
  3. 找到”目标”文本框,里面的内容是你的Chrome程序路径,类似这样C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
  4. 在这段文本的后面输入一个空格,然后输入-ignore-certificate-errors
  5. 修改后的文本应该类似于这样:C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe -ignore-certificate-errors
  6. 点击确定
  7. 重新打开你的Chrome浏览器

OpenSSL证书生成参考

标签:section   int   challenge   des   windows   exp   路径   with   是你   

原文地址:https://www.cnblogs.com/zh672903/p/12952431.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!