[root@CentOS ~]# openssl --help
Standard commands
asn1parse ca ciphers cms
crl crl2pkcs7 dgst dh
dhparam dsa dsaparam ec
ecparam enc engine errstr
gendh gendsa genpkey genrsa
nseq ocsp passwd pkcs12
pkcs7 pkcs8 pkey pkeyparam
pkeyutl prime rand req
rsa rsautl s_client s_server
s_time sess_id smime speed
spkac ts verify version
x509
Message Digest commands (see the `dgst' command for more details)
md2 md4 md5 rmd160
sha sha1
Cipher commands (see the `enc' command for more details)
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb
aes-256-cbc aes-256-ecb base64 bf
bf-cbc bf-cfb bf-ecb bf-ofb
camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb
camellia-256-cbc camellia-256-ecb cast cast-cbc
cast5-cbc cast5-cfb cast5-ecb cast5-ofb
des des-cbc des-cfb des-ecb
des-ede des-ede-cbc des-ede-cfb des-ede-ofb
des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb
des-ofb des3 desx idea
idea-cbc idea-cfb idea-ecb idea-ofb
rc2 rc2-40-cbc rc2-64-cbc rc2-cbc
rc2-cfb rc2-ecb rc2-ofb rc4
rc4-40 seed seed-cbc seed-cfb
seed-ecb seed-ofb zlib
# 生成私钥讲解(下面是举例而非步骤):
[root@CentOS ~]# openssl genrsa 2048 > server.key #创建私钥
[root@CentOS ~]# openssl genrsa 2048 -out server.key #创建私钥# 生成一对密钥
[root@CentOS ~]# (umask 077; openssl genrsa -out server1024.key 1024) #创建私钥
[root@CentOS ~]# openssl rsa -in server1024.key -pubout #提取公钥# 证书申请、生成的工具:req
[root@CentOS ~]# openssl req -new -x509 -key server1024.key -out server.crt -days 365
You are aboutto be asked to enter information that will be incorporated
into your certificate request.
What you are aboutto enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN #证书拥有者的信息
State or Province Name (full name) []:JL
Locality Name (eg, city) [Default City]:CC
Organization Name (eg, company) [Default Company Ltd]:CJ
Organizational Unit Name (eg, section) []:DQ
Common Name (eg, your nameor your server's hostname) []:ca.centos.tst #要被访问的服务器的主机名
Email Address []:admin@centos.tst
[root@CentOS ~]# ll
total 196
-rw-------. 1 root root 4388 Apr 7 03:38 anaconda-ks.cfg
drwxr-xr-x. 2 root root 4096 Apr 1615:55 ftpuser
-rw-r--r--. 1 root root 34419 Apr 19 13:40 httpd.conf
-rw-r--r--. 1 root root 80547 Apr 7 03:38 install.log
-rw-r--r--. 1 root root 16176 Apr 7 03:34 install.log.syslog
drwxr-xr-x. 2 root root 4096 Apr 703:49 Public
-rw-------. 1 root root 891 Apr 20 22:03 server1024.key
-rw-r--r--. 1 root root 1017 Apr 20 22:07 server.crt
-rw-r--r--. 1 root root 1675 Apr 20 21:43 server.key# 输出证书信息
[root@CentOS ~]# openssl x509 -text -in server.crt # 配置文件
[root@CentOS ~]# vim /etc/pki/tls/openssl.cnf