certificate & encryption
openssl commonly used commands
before use Configure to generate Makefile, should notice follow options
--prefix=DIR // install dir
--libdir=DIR // install dir
--openssldir=DIR // Directory for OpenSSL configuration files, and also the default certificate and key store
use no-[option] or enable-[option] to turn off/on certion function. # openssl genrsa -des3 -out private.key 2048
# public key is also contained by private.key
openssl genrsa -out private.key 2048
openssl req -new -key private.key -out cert.csr -subj "/C=CN/ST=sh/O=Internet Widgits Pty Ltd/CN=www.baidu.com"
openssl x509 -days 360 -req -in cert.csr -signkey private.key -out cert.crt
openssl x509 -in cert.crt -noout -text
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout private.key -out cert.crt -subj "/C=CN/ST=sh/O=Internet Widgits Pty Ltd/CN=www.baidu.com" -extensions v3_ca # CA
# if we want to sign a self-signed certificate we can use command:
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout private.key -out cert.crt "/C=CN/ST=sh/O=Internet Widgits Pty Ltd/CN=www.baidu.com" # -extensions v3_ca
# if not, we use step 2), for which we must build an CA first.
echo "create CA"
mkdir demoCA
cd demoCA
mkdir certs crl private newcerts
touch index.txt index.txt.attr
echo "01" > serial
cd ..
openssl genrsa -out demoCA/private/cakey.pem 2048
openssl req -new -key demoCA/private/cakey.pem -out cert.csr -subj "/C=CN/ST=sh/O=Internet Widgits Pty Ltd/CN=www.baidu.com"
yes|openssl ca -selfsign -in cert.csr -extensions v3_ca
cp demoCA/newcerts/01.pem demoCA/cacert.pem
echo "Done" echo " using CA sign a certificate, same countryName, provinceName, OrganizationName"
openssl genrsa -out private.key 2048
openssl req -new -key private.key -out cert.csr -subj "/C=CN/ST=sh/O=Internet Widgits Pty Ltd/CN=www.bing.com"
yes|openssl ca -in cert.csr # install CA or certificates to openssl's default stroe
# if dont do so, when test, we should use -CAfile or -CApath to specify CA sudo cp demoCA/newcerts/01.pem /usr/local/ssl/certs
cd /usr/local/ssl/certs
sudo ln -s 01.pem `openssl x509 -noout -hash -in 01.pem`.0
openssl verify -CApath ./ 01.pem # test
openssl s_server -key key.pem -cert cert.pem -CAfile demoCA/cacert.pem -accept 44330 -www -Verify 2
# or through browser
# here we can generate another certificate for client
openssl s_client -key key.pem -cert cert.pem -CAfile demoCA/cacert.pem -connect localhost:44330 # add extention to certificate
# or we can create a extion file
https://comm.support.ca.com/kb/adding-custom-x509-extensions-to-certificate-signing-requests/kb000042912 # is common name mandatory?
https://security.stackexchange.com/questions/55414/is-the-common-name-mandatory-for-digital-certificates
certificate & encryption的更多相关文章
- The encryption certificate of the relying party trust identified by thumbprint is not valid
CRM2013部署完ADFS后通过url在浏览器中訪问測试是否成功,成功进入登陆界面但在登陆界面输入username和password后始终报身份验证失败,系统中的报错信息例如以下:Microsoft ...
- SQL Server 2014 Backup Encryption
转载自: Microsoft MVP Award Program Blog 来源:Microsoft MVP Award Program Blog 的博客:https://blogs.msdn.mic ...
- SQL Server安全(9/11):透明数据加密(Transparent Data Encryption)
在保密你的服务器和数据,防备当前复杂的攻击,SQL Server有你需要的一切.但在你能有效使用这些安全功能前,你需要理解你面对的威胁和一些基本的安全概念.这篇文章提供了基础,因此你可以对SQL Se ...
- SQL Server安全(8/11):数据加密(Data Encryption)
在保密你的服务器和数据,防备当前复杂的攻击,SQL Server有你需要的一切.但在你能有效使用这些安全功能前,你需要理解你面对的威胁和一些基本的安全概念.这篇文章提供了基础,因此你可以对SQL Se ...
- How To Set Up Apache with a Free Signed SSL Certificate on a VPS
Prerequisites Before we get started, here are the web tools you need for this tutorial: Google Chrom ...
- (转)pem, cer, p12 and the pains of iOS Push Notifications encryption
转自:http://cloudfields.net/blog/ios-push-notifications-encryption/ The serious pains of setting up a ...
- freeradius 错误: error:140890C7:SSL routines:ssl3_get_client_certificate:peer did not return a certificate
在进行802.1x 测试时遇到如下问题: Waking up in 4.6 seconds.(156) Received Access-Request Id 82 from 192.168.1.126 ...
- Certificate Formats | Converting Certificates between different Formats
Different Platforms & Devices requires SSL certificates in different formatseg:- A Windows Serve ...
- Initializing the FallBack certificate failed . TDSSNIClient initialization failed
安装SQL后服务不能启动,报错: 2014-03-24 14:33:10.06 spid13s Error: 17190, Severity: 16, State: 1.2014-03-24 ...
随机推荐
- Windows系统下的TCP参数优化(注册表\TCPIP\Parameters)
转自:https://blog.csdn.net/libaineu2004/article/details/49054261 Windows系统下的TCP参数优化 TCP连接的状态与关闭方式及其对 ...
- ABP中的Filter(下)
接着上面的一个部分来叙述,这一篇我们来重点看ABP中的AbpUowActionFilter.AbpExceptionFilter.AbpResultFilter这三个部分也是按照之前的思路来一个个介绍 ...
- ILRuntime_NewbieGuide—进阶
进阶篇其实要求你应该拥有一个云服务器才有意思,但你用本地电脑也是一样的道理,只是没有这么有趣了. 笔者大一的时候,腾讯云搞活动,学生认证可以抢到1元的云主机,配置很低,但是平时练练手还是可以的,现在没 ...
- Educational Codeforces Round 63 (Rated for Div. 2) D. Beautiful Array 分类讨论连续递推dp
题意:给出一个 数列 和一个x 可以对数列一个连续的部分 每个数乘以x 问该序列可以达到的最大连续序列和是多少 思路: 不是所有区间题目都是线段树!!!!!! 这题其实是一个很简单的dp 使用的是分 ...
- 【THUSC2017】【LOJ2978】杜老师 高斯消元
题目大意 给你 \(l,r\),求从 \(l\) 到 \(r\) 这 \(r-l+1\) 个数中能选出多少个不同的子集,满足子集中所有的数的乘积是一个完全平方数. 对 \(998244353\) 取模 ...
- [leetcode] 5.Longest Palindromic Substring-2
想了很多方法 搞轴对称,算对称轴,偶数都高出了一堆0.5在那加加减减,最后发现在移轴之前可能就返回了. class Solution: def longestPalindrome(self, s: s ...
- Neovim中NERDTree等多处cursorline不高亮
标题表达的不是很清楚,看下图把 解决方法 添加下面内容到init.vim " 针对NERDTree " https://github.com/scrooloose/nerdtree ...
- 基于Redis缓存几十万条记录的快速模糊检索的功能实现(c#)
在开发一套大型的信息系统中,发现很多功能需要按公司查询,各个模块在实现时都是直接查数据库进行模糊检索,虽然对表进行向各个应用的库中进行了同步,但是在使用中发现,模糊检索公司时还是比较卡,原始的查询数据 ...
- 野路子码农系列(1) 创建Web API
新工作正式开始了2天,由于客户暂时还没交接数据过来,暂时无事可做.恰逢政佬给某超市做的商品图像识别的项目客户催收了,老板要求赶紧搞个API,于是我就想我来试试吧. 说起API,我其实是一窍不通的,我对 ...
- CentOS使用@Value注解为属性赋值的时候出现乱码
在本地开发用windows的没有出现乱码,在CentOS上运行的时候出现乱码. 1.修改中文的编码方式 (成功) env.properties为ANSI格式 先设置idea编码格式,utf-8, 将 ...