仓酷云

标题: 来一发CentOS下OpenSSL的装置和利用 [打印本页]

作者: 海妖 时间: 2015-1-14 20:11
标题: 来一发CentOS下OpenSSL的装置和利用
如果您觉得本篇CentOSLinux教程讲得好，请记得点击右边漂浮的分享程序，把好文章分享给你的好朋友们！

1，装置openssl

tarzxvfopenssl-1.0.0a.tar.gz
cdopenssl-1.0.0a
./config--prefix=/usr/local/openssl
make&&makeinstall

2,装置apache

tarzxvfhttpd-2.2.16.tar.gz
cdhttpd-2.2.16
./configure--prefix=/usr/local/apache--enable-ssl--enable-rewrite--enable-so--with-ssl=/usr/local/openssl
make&&makeinstall

假如你是yuminstall,apt-get,pacman如许的软件办理工具举行装置的话，下面的二步能够免却。

3，创立主证书

在/usr/local/apache/conf/上面建个目次ssl

3.1，mkdirssl

3.2，cp/openssl的装置目次/ssl/misc/CA.sh/usr/local/apache/conf/ssl/

3.3用CA.sh来创立证书

检察复制打印

1.[root@BlackGhostssl]#./CA.sh-newca//创建主证书

2.CAcertificatefilename(orentertocreate)

4.MakingCAcertificate...

5.Generatinga1024bitRSAprivatekey

6.............++++++

7.......++++++

8.writingnewprivatekeyto./demoCA/private/./cakey.pem

9.EnterPEMpassphrase:

10.Verifying-EnterPEMpassphrase:

11.Verifyfailure

12.EnterPEMpassphrase:

13.Verifying-EnterPEMpassphrase:

14.-----

15.Youareabouttobeaskedtoenterinformationthatwillbeincorporated

16.intoyourcertificaterequest.

17.WhatyouareabouttoenteriswhatiscalledaDistinguishedNameoraDN.

18.Therearequiteafewfieldsbutyoucanleavesomeblank

19.Forsomefieldstherewillbeadefaultvalue,

20.Ifyouenter.,thefieldwillbeleftblank.

21.-----

22.CountryName(2lettercode)[AU]:cn

23.StateorProvinceName(fullname)[Some-State]:cn

24.LocalityName(eg,city)[]:cn

25.OrganizationName(eg,company)[InternetWidgitsPtyLtd]:cn

26.OrganizationalUnitName(eg,section)[]:cn

27.CommonName(eg,YOURname)[]:localhost

28.EmailAddress[]:xtaying@gmail.com

29.

30.Pleaseenterthefollowingextraattributes

31.tobesentwithyourcertificaterequest

32.Achallengepassword[]:******************

33.Anoptionalcompanyname[]:

34.Usingconfigurationfrom/etc/ssl/openssl.cnf

35.Enterpassphrasefor./demoCA/private/./cakey.pem://填的是下面的PEM暗码

36.Checkthattherequestmatchesthesignature

37.Signatureok

38.CertificateDetails:

39.SerialNumber:

40.89:11:9f:a6:ca:03:63:ab

41.Validity

42.NotBefore:Aug712:35:282010GMT

43.NotAfter:Aug612:35:282013GMT

44.Subject:

45.countryName=cn

46.stateOrProvinceName=cn

47.organizationName=cn

48.organizationalUnitName=cn

49.commonName=localhost

50.emailAddress=xtaying@gmail.com

51.X509v3extensions:

52.X509v3SubjectKeyIdentifier:

53.26:09:F3:D5:26:13:00:1F:3E:CC:86:1D:E4:EE:37:06:65:15:4E:76

54.X509v3AuthorityKeyIdentifier:

55.keyid:26:09:F3:D5:26:13:00:1F:3E:CC:86:1D:E4:EE:37:06:65:15:4E:76

56.DirName:/C=cn/ST=cn/O=cn/OU=cn/CN=localhost/emailAddress=xtaying@gmail.com

57.serial:89:11:9F:A6:CA:03:63:AB

58.

59.X509v3BasicConstraints:

60.CA:TRUE

61.CertificateistobecertifieduntilAug612:35:282013GMT(1095days)

62.

63.Writeoutdatabasewith1newentries

64.DataBaseUpdated

[root@BlackGhostssl]#./CA.sh-newca//创建主证书

CAcertificatefilename(orentertocreate)

MakingCAcertificate...

Generatinga1024bitRSAprivatekey

............++++++

......++++++

writingnewprivatekeyto./demoCA/private/./cakey.pem

EnterPEMpassphrase:

Verifying-EnterPEMpassphrase:

Verifyfailure

EnterPEMpassphrase:

Verifying-EnterPEMpassphrase:

-----

Youareabouttobeaskedtoenterinformationthatwillbeincorporated

intoyourcertificaterequest.

WhatyouareabouttoenteriswhatiscalledaDistinguishedNameoraDN.

Therearequiteafewfieldsbutyoucanleavesomeblank

Forsomefieldstherewillbeadefaultvalue,

Ifyouenter.,thefieldwillbeleftblank.

-----

CountryName(2lettercode)[AU]:cn

StateorProvinceName(fullname)[Some-State]:cn

LocalityName(eg,city)[]:cn

OrganizationName(eg,company)[InternetWidgitsPtyLtd]:cn

OrganizationalUnitName(eg,section)[]:cn

CommonName(eg,YOURname)[]:localhost

EmailAddress[]:xtaying@gmail.com

Pleaseenterthefollowingextraattributes

tobesentwithyourcertificaterequest

Achallengepassword[]:******************

Anoptionalcompanyname[]:

Usingconfigurationfrom/etc/ssl/openssl.cnf

Enterpassphrasefor./demoCA/private/./cakey.pem://填的是下面的PEM暗码

Checkthattherequestmatchesthesignature

Signatureok

CertificateDetails:

SerialNumber:

89:11:9f:a6:ca:03:63:ab

Validity

NotBefore:Aug712:35:282010GMT

NotAfter:Aug612:35:282013GMT

Subject:

countryName=cn

stateOrProvinceName=cn

organizationName=cn

<palign="left"style="word-wrap:break-word;margin:5px0px;padding:0px;color:rgb(102,102,102);font-family:宋体,Arial;font-size:16px;line-height:26px;"><spanstyle="word-wrap:break-word;">

作者: 透明 时间: 2015-1-14 22:56
标题: 来一发CentOS下OpenSSL的装置和利用
路过的帮顶

作者: 兰色精灵 时间: 2015-1-25 18:24
一定要学好命令，shell是命令语言，命令解释程序及程序设计语言的统称，shell也负责用户和操作系统之间的沟通。

作者: 因胸联盟 时间: 2015-2-3 21:14
任何人都可以根据自己的喜好来定制适合自己的操作系统，Linux?是抢占式多任务多用户操作系统.

作者: 小妖女 时间: 2015-2-9 09:46
虽然大家都比较喜欢漂亮的mm，但是在学 linux 的过程中，还是要多和“男人”接触一下：P 遇到问题的时候，出来看说和上网查之外，就是要多用 linux 下的 man 命令找找帮助。

作者: 若相依 时间: 2015-3-9 14:28
Linux只是个内核!这点很重要，你必须理解这一点。只有一个内核是不能构成一个操作系统的。

作者: 飘灵儿 时间: 2015-3-17 02:11
我是学习嵌入式方向的，这学期就选修了这门专业任选课。

作者: 不帅 时间: 2015-3-23 19:48
最好先搜寻一下论坛是否有您需要的文章。这样可以获得事半功倍的效果。

欢迎光临仓酷云 (http://ckuyun.com/)