如何使用OpenSSL创建自签名根证书

最新推荐文章于 2024-05-16 15:37:42 发布

cunjiu9486

最新推荐文章于 2024-05-16 15:37:42 发布

阅读量729

点赞数

文章标签： https css html openssl 区块链

原文链接：https://www.poftut.com/create-self-signed-root-certificate-openssl/

版权

本文详细介绍了如何使用OpenSSL创建自签名证书，包括创建带加密和不加密的自签名证书，并讨论了可能遇到的错误和警告。X509证书是互联网和企业中广泛采用的标准，自签名证书在信任链中可以作为根证书或独立证书使用。

摘要由CSDN通过智能技术生成

OpenSSL provides cryptographic libraries and features. We can use OpenSSL from reading DER files to generate random numbers. But one of the most used feature is creating a Self Signed Certificate. ,

OpenSSL提供了加密库和功能。我们可以使用OpenSSL通过读取DER文件来生成随机数。但是，最常用的功能之一是创建自签名证书。，

自签名证书 (Self Signed Certificate)

X509 is the certificate standard used in internet and corporate today. X509 certificates are designed to create a tree like trust hierarchy between X509 certificates. For example Google is a trusted entity and poftut.com is another entity trusted by Google so we created a chain with this trust relationship. But as we see there is always a root. Self signed certificates are not signed by other certificates which means they may be used as root certificate or as standalone.

X509是当今互联网和企业中使用的证书标准。 X509证书旨在在X509证书之间创建树状信任树。例如，Google是一个受信任的实体，而poftut.com是Google信任的另一个实体，因此我们使用这种信任关系创建了一个链。但正如我们所见，总有根。自签名证书不会被其他证书签名，这意味着它们可以用作根证书或独立证书。

创建自签名证书 (Create Self Signed Certificate)

We can create a self signed X509 certificate by using OpenSSL req verb. Other options are

我们可以使用OpenSSL req动词创建一个自签名X509证书。其他选项是

Algorithm is RSA
算法是RSA
Key size is 4096 bit
密钥大小为4096位
Format is PEM
格式为PEM
Until valid 365 days
直到有效365天

$ openssl req -x509 -newkey rsa:4096 -keyout mycert.pem -out cert.pem -days 360

创建不加密的自签名证书(Create Self Signed Certificate without Encrypting)

In previous step we will be asked for the password with the following phrase

在上一步中，我们将要求您输入以下短语的密码

We can prevent the encrytion of the created Self signed certificate with the -node option like below.

我们可以使用-node选项防止对创建的自签名证书进行加密，如下所示。

$ openssl req -x509 -node -newkey rsa:4096 -keyout mycert.pem -out cert.pem -days 360

自签名证书错误和警告 (Self Signed Certificate Errors and Warnings)

As stated before self signed certificates to not enter a trust relationship with other certificates. This is generally creates some errors and warnings especially by browsers. Browsers uses Certificate Authorities Root Certificates to check trust of the provided certificate. Because self signed certificate is not signed by any of them browser will show a warning message .

如前所述，自签名证书不会与其他证书建立信任关系。通常这会产生一些错误和警告，尤其是浏览器。浏览器使用证书颁发机构根证书来检查对所提供证书的信任。由于自签名证书未被任何人签名，因此浏览器将显示警告消息。

LEARN MORE How To Use Curl with HTTPS Protocol and URLS?

了解更多信息如何在HTTPS协议和URL中使用Curl？