要生成新的公钥/私钥对:
openssl req -x509 -newkey rsa:2048 -keyout privatekey.pem -out cert.pem -days 3650 -nodes
提示:请确保“通用名称”是您的主机名或FQDN,无论您要连接到nsqd。
允许nsqd接受TLS升级请求:
nsqd -tls-cert="cert.pem" -tls-key="privatekey.pem"
执行TLS:
nsqd -tls-cert="cert.pem" -tls-key="privatekey.pem" -tls-required=1
注意:-tls-required=1有效地关闭HTTP端点。
要在HTTPS上侦听:
nsqd -tls-cert="cert.pem" -tls-key="privatekey.pem" -tls-required=1 -https-address=0.0.0.0:4152
要将PEM格式的公钥/私钥对转换为PKCS#12:
openssl pkcs12 -inkey privatekey.pem -in cert.pem -export -out nsq.pfx
将PKSC#12转换为PEM:
openssl pkcs12 -in nsq.pfx -out keystore.pem -nodes
openssl pkcs12 -in nsq.pfx -out cert.pem -nodes -nokeys
openssl pkcs12 -in nsq.pfx -out privatekey.pem -nodes -nocerts
资源:
- https://en.wikipedia.org/wiki/Public-key_cryptography
- https://www.sslshopper.com/article-most-common-openssl-commands.html
- https://jamielinux.com/docs/openssl-certificate-authority
- http://tools.ietf.org/html/rfc5280#page-71
视窗:
- http://stackoverflow.com/questions/7331666/c-sharp-how-can-i-validate-a-root-ca-cert-certificate-x509-chain
- http://stackoverflow.com/questions/23935820/how-can-i-create-a-p12-file-without-a-private-key
更多Windows
6333
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
