安装openssl之后的完整代码:
//openssl的安装信息:file文件夹中
xia@ubuntu:~/file$ which openssl
/usr/bin/openssl
xia@ubuntu:~/file$ openssl version
OpenSSL 1.0.1f 6 Jan 2014
xia@ubuntu:~/file$ openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
.............++++++
..............................++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
xia@ubuntu:~/file$
xia@ubuntu:~/file$
xia@ubuntu:~/file$ openssl req -new -key server.key -out server.csr -config openssl.cfgerror on line -1 of openssl.cfg
140202755040928:error:02001002:system library:fopen:No such file or directory:bss_file.c:169:fopen('openssl.cfg','rb')
140202755040928:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:172:
140202755040928:error:0E078072:configuration file routines:DEF_LOAD:no such file:conf_def.c:197:
xia@ubuntu:~/file$ openssl genrsa -des3 -out client.key 1024
Generating RSA private key, 1024 bit long modulus
.........................................++++++
..........................++++++
e is 65537 (0x10001)
Enter pass phrase for client.key:
Verifying - Enter pass phrase for client.key:
xia@ubuntu:~/file$
xia@ubuntu:~/file$
xia@ubuntu:~/file$ openssl req -new -key client.key -out client.csr
Enter pass phrase for client.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:CN
Locality Name (eg, city) []:CN
Organization Name (eg, company) [Internet Widgits Pty Ltd]:CN
Organizational Unit Name (eg, section) []:CN
Common Name (e.g. server FQDN or YOUR name) []:CN
Email Address []:CN@CN.COM
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:THINKDIFFER
An optional company name []:CN
xia@ubuntu:~/file$
xia@ubuntu:~/file$
xia@ubuntu:~/file$ openssl genrsa -des3 -out ca.key 1024
Generating RSA private key, 1024 bit long modulus
............................................................................++++++
.....++++++
e is 65537 (0x10001)
Enter pass phrase for ca.key:
Verifying - Enter pass phrase for ca.key:
Verify failure
User interface error
139650748954272:error:0906906F:PEM routines:PEM_ASN1_write_bio:read key:pem_lib.c:382:
xia@ubuntu:~/file$ openssl genrsa -des3 -out ca.key 1024
Generating RSA private key, 1024 bit long modulus
.....................................................................++++++
......++++++
e is 65537 (0x10001)
Enter pass phrase for ca.key:
Verifying - Enter pass phrase for ca.key:
xia@ubuntu:~/file$
xia@ubuntu:~/file$
xia@ubuntu:~/file$ openssl req -new -x509 -key ca.key -out ca.crt -days 365
Enter pass phrase for ca.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:CN
Locality Name (eg, city) []:CN
Organization Name (eg, company) [Internet Widgits Pty Ltd]:CN
Organizational Unit Name (eg, section) []:CN
Common Name (e.g. server FQDN or YOUR name) []:CN
Email Address []:CN@CN.COM
xia@ubuntu:~/file$
xia@ubuntu:~/file$
xia@ubuntu:~/file$ openssl ca -in client.csr -out client.crt -cert ca.crt -keyfile ca.key -config /home/xia/file/openssl-1.0.1t/apps/openssl.cnf
Using configuration from /home/xia/file/openssl-1.0.1t/apps/openssl.cnf
Enter pass phrase for ca.key:
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 286 (0x11e)
Validity
Not Before: Aug 19 02:49:36 2016 GMT
Not After : Aug 19 02:49:36 2017 GMT
Subject:
countryName = CN
stateOrProvinceName = CN
organizationName = CN
organizationalUnitName = CN
commonName = CN
emailAddress = CN@CN.COM
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
93:60:FC:DF:AC:54:04:C7:7E:2D:2C:5C:FD:F0:A7:1D:A3:65:D3:B6
X509v3 Authority Key Identifier:
keyid:40:F0:C5:15:9C:A1:F6:3D:91:AF:6B:55:FF:CA:5E:74:35:D2:63:AC
Certificate is to be certified until Aug 19 02:49:36 2017 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
xia@ubuntu:~/file$
xia@ubuntu:~/file$
//建立会话过程 服务器IP36.128.0.40,监听默认端口4433
xia@ubuntu:~/file$ s_client -state -msg -cert client.crt -key client.key -connect 36.128.0.40:4433
No command 's_client' found, did you mean:
Command 'sb_client' from package 'spambayes' (universe)
Command 'as_client' from package 'code-aster-gui' (universe)
s_client: command not found
xia@ubuntu:~/file$ openssl s_client -state -msg -cert client.crt -key client.key -connect 36.128.0.40:4433
Enter pass phrase for client.key:
CONNECTED(00000003)
SSL_connect:before/connect initialization
>>> TLS 1.2 Handshake [length 0122], ClientHello
01 00 01 1e 03 03 42 f5 ec 27 67 bc 55 f8 1b b1
f9 e3 6e f7 72 21 8e 9f 7e 45 5f 16 e6 a5 e7 af
7d f3 99 30 67 65 00 00 88 c0 30 c0 2c c0 28 c0
24 c0 14 c0 0a 00 a3 00 9f 00 6b 00 6a 00 39 00
38 00 88 00 87 c0 32 c0 2e c0 2a c0 26 c0 0f c0
05 00 9d 00 3d 00 35 00 84 c0 12 c0 08 00 16 00
13 c0 0d c0 03 00 0a c0 2f c0 2b c0 27 c0 23 c0
13 c0 09 00 a2 00 9e 00 67 00 40 00 33 00 32 00
9a 00 99 00 45 00 44 c0 31 c0 2d c0 29 c0 25 c0
0e c0 04 00 9c 00 3c 00 2f 00 96 00 41 c0 11 c0
07 c0 0c c0 02 00 05 00 04 00 15 00 12 00 09 00
ff 01 00 00 6d 00 0b 00 04 03 00 01 02 00 0a 00
34 00 32 00 0e 00 0d 00 19 00 0b 00 0c 00 18 00
09 00 0a 00 16 00 17 00 08 00 06 00 07 00 14 00
15 00 04 00 05 00 12 00 13 00 01 00 02 00 03 00
0f 00 10 00 11 00 23 00 00 00 0d 00 20 00 1e 06
01 06 02 06 03 05 01 05 02 05 03 04 01 04 02 04
03 03 01 03 02 03 03 02 01 02 02 02 03 00 0f 00
01 01
SSL_connect:unknown state
<<< TLS 1.2 Handshake [length 0042], ServerHello
02 00 00 3e 03 03 6d e9 2f ac c7 23 ce 6f 47 a2
cf 85 65 95 ac a2 e9 5a b7 de 3c 8f 50 03 67 7e
9a 66 41 44 23 1a 00 c0 30 00 00 16 ff 01 00 01
00 00 0b 00 04 03 00 01 02 00 23 00 00 00 0f 00
01 01
SSL_connect:SSLv3 read server hello A
<<< TLS 1.2 Handshake [length 02c3], Certificate
0b 00 02 bf 00 02 bc 00 02 b9 30 82 02 b5 30 82
02 1e a0 03 02 01 02 02 02 01 1e 30 0d 06 09 2a
86 48 86 f7 0d 01 01 0b 05 00 30 68 31 0b 30 09
06 03 55 04 06 13 02 43 4e 31 0b 30 09 06 03 55
04 08 0c 02 43 4e 31 0b 30 09 06 03 55 04 07 0c
02 43 4e 31 0b 30 09 06 03 55 04 0a 0c 02 43 4e
31 0b 30 09 06 03 55 04 0b 0c 02 43 4e 31 0b 30
09 06 03 55 04 03 0c 02 43 4e 31 18 30 16 06 09
2a 86 48 86 f7 0d 01 09 01 16 09 43 4e 40 43 4e
2e 43 4f 4d 30 1e 17 0d 31 36 30 38 31 39 31 38
31 38 34 30 5a 17 0d 31 37 30 38 31 39 31 38 31
38 34 30 5a 30 5b 31 0b 30 09 06 03 55 04 06 13
02 43 4e 31 0b 30 09 06 03 55 04 08 0c 02 43 4e
31 0b 30 09 06 03 55 04 0a 0c 02 43 4e 31 0b 30
09 06 03 55 04 0b 0c 02 43 4e 31 0b 30 09 06 03
55 04 03 0c 02 43 4e 31 18 30 16 06 09 2a 86 48
86 f7 0d 01 09 01 16 09 43 4e 40 43 4e 2e 43 4f
4d 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01
01 05 00 03 81 8d 00 30 81 89 02 81 81 00 ca 03
1f f1 96 ae d4 fc 55 81 d3 62 05 c1 45 63 ec 59
a7 e8 c1 3f 5f cc 5f c2 bd f1 6f c9 1d 5b fd 85
f1 17 a8 b4 2a 18 82 74 cc e4 6b 9f 1c 84 80 11
b9 e3 95 86 1e 65 81 82 34 d0 61 da 0b 59 d7 41
5b 7a 46 40 0a aa 28 2e 89 47 c9 df 34 02 cd cd
fe 4d 6b 68 f1 44 08 cd 72 80 70 1f d3 ac a3 7e
45 f2 e6 1d 0d 72 34 b9 e5 9f 6c 10 12 28 95 d4
8c 9f 50 51 06 a3 c7 6f 3e 01 2f 7e e7 01 02 03
01 00 01 a3 7b 30 79 30 09 06 03 55 1d 13 04 02
30 00 30 2c 06 09 60 86 48 01 86 f8 42 01 0d 04
1f 16 1d 4f 70 65 6e 53 53 4c 20 47 65 6e 65 72
61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 65
30 1d 06 03 55 1d 0e 04 16 04 14 3d 77 0c 83 e0
25 0f d3 d0 10 d1 e3 d1 0c ef e7 4a 02 8b 42 30
1f 06 03 55 1d 23 04 18 30 16 80 14 4e 9f 6a 2c
27 bb 83 6b 98 94 7d df 10 bd ec bb 2e c3 5e 6d
30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03
81 81 00 18 ba 03 7d c0 83 be 78 4d e0 07 1f 0b
27 78 db af b8 fc d9 69 cf 79 00 ca 12 5b 45 00
3a fa 66 0d ce 5f 4a 18 04 d0 e2 94 3c 4e 2d 39
96 ff 3c 59 1d 0b 13 28 de 4b 77 aa 10 42 2a b3
9e 99 ca 91 7e af 52 6b a0 ae 71 34 2b 0c 40 08
02 30 3e 75 35 c9 76 a3 be 83 bb 24 54 7f 3a fb
37 3e dc 2a c2 da 0a 07 de 9d 6d 13 94 9f 5c c0
b2 66 64 fe 09 a9 eb de 66 57 c5 22 9f 5a 55 76
01 f8 31
depth=0 C = CN, ST = CN, O = CN, OU = CN, CN = CN, emailAddress = CN@CN.COM
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = CN, ST = CN, O = CN, OU = CN, CN = CN, emailAddress = CN@CN.COM
verify error:num=27:certificate not trusted
verify return:1
depth=0 C = CN, ST = CN, O = CN, OU = CN, CN = CN, emailAddress = CN@CN.COM
verify error:num=21:unable to verify the first certificate
verify return:1
SSL_connect:SSLv3 read server certificate A
<<< TLS 1.2 Handshake [length 00cd], ServerKeyExchange
0c 00 00 c9 03 00 17 41 04 9a af 26 d6 aa 89 c0
54 b5 f8 c3 2c 78 a3 63 63 6d d6 06 14 6b 84 53
fa 20 78 85 0e 71 b4 b6 b5 80 9a 98 56 ec 0d 08
65 b8 47 05 2f aa c5 2f cf 56 06 00 3c 59 94 57
5b 7c 2e 63 bf 6c 03 08 e7 06 01 00 80 77 d4 4e
0d 34 1f b4 b8 18 3c c0 af 8c 2f 0f 9e ee 18 5f
3f 98 de 67 eb a8 d5 c2 d7 fc 3f 48 ee d1 9a 9e
4d 9e 5a da 20 ac 4f 77 1f 26 b5 5a d8 00 b7 6c
4e df 3c c5 9e cf 6c c7 8f 0f 32 1f aa 50 8c 70
e8 c8 ba 6a 3f 2c 19 c8 3c b2 3f 80 e2 09 4a e2
4c 9d b2 7b 8a df 67 7b df a4 a0 fe 5e 90 86 2b
8d b7 80 11 4c 78 75 ea 81 d7 00 93 77 4e a7 1d
f5 3e ed 94 12 39 fe 32 ac 79 cf 87 61
SSL_connect:SSLv3 read server key exchange A
<<< TLS 1.2 Handshake [length 0004], ServerHelloDone
0e 00 00 00
SSL_connect:SSLv3 read server done A
>>> TLS 1.2 Handshake [length 0046], ClientKeyExchange
10 00 00 42 41 04 86 59 4b 67 a4 4a 41 6c 30 11
60 91 d0 8d c6 d1 5d 6b 78 98 de f1 13 53 45 5d
66 19 bf bd 6e d1 88 d9 44 4a 88 69 af ab 2b df
b6 13 eb 98 52 f8 20 89 29 4e 4c 4a 10 b5 58 f5
fe 43 7e 4c 42 fd
SSL_connect:SSLv3 write client key exchange A
>>> TLS 1.2 ChangeCipherSpec [length 0001]
01
SSL_connect:SSLv3 write change cipher spec A
>>> TLS 1.2 Handshake [length 0010], Finished
14 00 00 0c c1 a9 cb 72 cd 40 e1 08 7d 8a 4b 1b
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
<<< TLS 1.2 Handshake [length 00aa]???
04 00 00 a6 00 00 01 2c 00 a0 46 fc 3a 8e 3e 4c
f9 49 6b 36 af f8 d9 7e 44 de bb a2 12 02 3c 6e
43 b6 8e 8a 4a 3f 46 db a2 a5 98 dd 32 6d e5 eb
49 a1 5a 0a d7 b8 16 78 d4 1e 14 8f 64 de 2d 41
89 e4 59 3d 92 4b f5 e2 30 b5 b1 08 2a 78 77 02
ed f1 ca 49 1a 46 11 e0 74 7a da c8 72 76 09 74
05 f2 40 70 13 78 d8 bc dc 70 dc 91 35 f9 8e 08
b4 d0 72 05 48 0a a1 ae ec 03 17 bb 59 17 af 4e
71 bb cc 17 59 b1 e5 63 38 2b 09 01 78 6e 6a 53
36 04 ad f0 16 dd 34 bd 8a 7a 6c e4 35 bc 47 16
48 c7 d8 91 a8 e6 de 4c 36 40
SSL_connect:SSLv3 read server session ticket A
<<< TLS 1.2 ChangeCipherSpec [length 0001]
01
<<< TLS 1.2 Handshake [length 0010], Finished
14 00 00 0c 3c f0 49 96 06 60 79 5c a2 a3 16 65
SSL_connect:SSLv3 read finished A
---
Certificate chain
0 s:/C=CN/ST=CN/O=CN/OU=CN/CN=CN/emailAddress=CN@CN.COM
i:/C=CN/ST=CN/L=CN/O=CN/OU=CN/CN=CN/emailAddress=CN@CN.COM
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICtTCCAh6gAwIBAgICAR4wDQYJKoZIhvcNAQELBQAwaDELMAkGA1UEBhMCQ04x
CzAJBgNVBAgMAkNOMQswCQYDVQQHDAJDTjELMAkGA1UECgwCQ04xCzAJBgNVBAsM
AkNOMQswCQYDVQQDDAJDTjEYMBYGCSqGSIb3DQEJARYJQ05AQ04uQ09NMB4XDTE2
MDgxOTE4MTg0MFoXDTE3MDgxOTE4MTg0MFowWzELMAkGA1UEBhMCQ04xCzAJBgNV
BAgMAkNOMQswCQYDVQQKDAJDTjELMAkGA1UECwwCQ04xCzAJBgNVBAMMAkNOMRgw
FgYJKoZIhvcNAQkBFglDTkBDTi5DT00wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
AoGBAMoDH/GWrtT8VYHTYgXBRWPsWafowT9fzF/CvfFvyR1b/YXxF6i0KhiCdMzk
a58chIARueOVhh5lgYI00GHaC1nXQVt6RkAKqiguiUfJ3zQCzc3+TWto8UQIzXKA
cB/TrKN+RfLmHQ1yNLnln2wQEiiV1IyfUFEGo8dvPgEvfucBAgMBAAGjezB5MAkG
A1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRp
ZmljYXRlMB0GA1UdDgQWBBQ9dwyD4CUP09AQ0ePRDO/nSgKLQjAfBgNVHSMEGDAW
gBROn2osJ7uDa5iUfd8Qvey7LsNebTANBgkqhkiG9w0BAQsFAAOBgQAYugN9wIO+
eE3gBx8LJ3jbr7j82WnPeQDKEltFADr6Zg3OX0oYBNDilDxOLTmW/zxZHQsTKN5L
d6oQQiqznpnKkX6vUmugrnE0KwxACAIwPnU1yXajvoO7JFR/Ovs3PtwqwtoKB96d
bROUn1zAsmZk/gmp695mV8Uin1pVdgH4MQ==
-----END CERTIFICATE-----
subject=/C=CN/ST=CN/O=CN/OU=CN/CN=CN/emailAddress=CN@CN.COM
issuer=/C=CN/ST=CN/L=CN/O=CN/OU=CN/CN=CN/emailAddress=CN@CN.COM
---
No client certificate CA names sent
---
SSL handshake has read 1228 bytes and written 421 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 9D32CADE09E51DEF7599A29500526563974EE09C05831C11AEF2DE497A60DF40
Session-ID-ctx:
Master-Key: CE3322537135069673F528A0772BE80518A837A5CB45E2725A93F9D4257D2D11452756EC5E2A52FFDE0E431FC12ADC06
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 46 fc 3a 8e 3e 4c f9 49-6b 36 af f8 d9 7e 44 de F.:.>L.Ik6...~D.
0010 - bb a2 12 02 3c 6e 43 b6-8e 8a 4a 3f 46 db a2 a5 ....<nC...J?F...
0020 - 98 dd 32 6d e5 eb 49 a1-5a 0a d7 b8 16 78 d4 1e ..2m..I.Z....x..
0030 - 14 8f 64 de 2d 41 89 e4-59 3d 92 4b f5 e2 30 b5 ..d.-A..Y=.K..0.
0040 - b1 08 2a 78 77 02 ed f1-ca 49 1a 46 11 e0 74 7a ..*xw....I.F..tz
0050 - da c8 72 76 09 74 05 f2-40 70 13 78 d8 bc dc 70 ..rv.t..@p.x...p
0060 - dc 91 35 f9 8e 08 b4 d0-72 05 48 0a a1 ae ec 03 ..5.....r.H.....
0070 - 17 bb 59 17 af 4e 71 bb-cc 17 59 b1 e5 63 38 2b ..Y..Nq...Y..c8+
0080 - 09 01 78 6e 6a 53 36 04-ad f0 16 dd 34 bd 8a 7a ..xnjS6.....4..z
0090 - 6c e4 35 bc 47 16 48 c7-d8 91 a8 e6 de 4c 36 40 l.5.G.H......L6@
Start Time: 1471590292
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
hello server! --from client
hello client! --from server
what can i do for you?
wait me, now, i have no need~
460
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
