使用OpenSSL转换X509 PEM与PFX证书
openssl pkcs12 -in user.pfx -nodes -out server.pem
openssl rsa -in server.pem -out server.key
openssl x509 -in server.pem -out server.crt
openssl pkcs12 -in public.pfx -nodes -out client.pem
openssl rsa -in client.pem -out client.key
openssl x509 -in client.pem -out client.crt
参考: http://blog.csdn.net/u014389822/article/details/48296957
openssl s_server -cert server.crt -key server.key -CAfile cacert.crt -tls1_2 -accept 443
openssl s_client -cert client.crt -key client.key -CAfile cacert.crt -tls1_2 -host 127.0.0.1 -port 443
利用s_server的 -accept 将端口调整为443,重新用s_client连接测试,发现wireshark可以正常显示TLSv1.2协议内容。
参考指令:
sudo openssl s_server -cert demoCA/sslservercert.pem -key demoCA/sslserverkey.pem -CAfile demoCA/cacert.pem
openssl pkcs12 -in user.pfx -nodes -out server.pem
openssl rsa -in server.pem -out server.key
openssl x509 -in server.pem -out server.crt
openssl pkcs12 -in public.pfx -nodes -out client.pem
openssl rsa -in client.pem -out client.key
openssl x509 -in client.pem -out client.crt
参考: http://blog.csdn.net/u014389822/article/details/48296957
openssl s_server -cert server.crt -key server.key -CAfile cacert.crt -tls1_2 -accept 443
openssl s_client -cert client.crt -key client.key -CAfile cacert.crt -tls1_2 -host 127.0.0.1 -port 443
利用s_server的 -accept 将端口调整为443,重新用s_client连接测试,发现wireshark可以正常显示TLSv1.2协议内容。
参考指令:
sudo openssl s_server -cert demoCA/sslservercert.pem -key demoCA/sslserverkey.pem -CAfile demoCA/cacert.pem