How to create a self-signed SSL Certificate
.........................................................++++++
........++++++
e is 65537 (0x10001)
Enter PEM pass phrase:
Verifying password - Enter PEM pass phrase:(pem子句)这里可以随便写,类似于密码一类的,
State or Province Name (full name) [Berkshire]:Bern
Locality Name (eg, city) [Newbury]:Oberdiessbach
Organization Name (eg, company) [My Company Ltd]:Akadia AG
Organizational Unit Name (eg, section) []:Information Technology
Common Name (eg, your name or your server's hostname) []:public.akadia.com
Email Address []:martin dot zahn at akadia dot ch
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:以上内容可以根据自己需要随便填写
openssl rsa -in server.key.org -out server.key
Enter pass phrase for server.key.org:这里需要重新输入刚才的em子句
第四步:Generating a Self-Signed Certificate(生成一个自签名证书)
linux命令:openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
openssl req -new -x509 -newkey rsa:1024 -out server.pem
其中:-days 365是证书有效期,根据自己需要选填
终端信息:
Signature ok
subject=/C=CH/ST=Bern/L=Oberdiessbach/O=Akadia AG/OU=Information
Technology/CN=public.akadia.com/Email=martin dot zahn at akadia dot ch
Getting Private key
第五步:将证书内容输入到pem文档中
linux命令:
cat server.key >>server.pem
cat server.crt >>server.pem
第六步:将证书文档server.pem拷贝到指定的目录下
linux命令:cp server.pem /usr/local/**
第七步:在ejabberd中使用证书
在ejabberd的配置文件ejabberd.cfg(我的是ejabber.yml)中ejabberd_c2s的监听处加入证书文档
listen:
-
port:5222
module: ejabberd_c2s
starttls:true
certfile:"/usr/local/ejabberd/etc/ejabberd/server.pem"
starttls_required:true