20220909
生成ssl证书给路由器用
1.generate csr file from blow web site:
https://www.chinassl.net/ssltools/generator-csr.html
2.download csr and key file
3.use openssl cmd generate crt file
openssl x509 -req -days 3650 -in ./router.ctc_csr.txt -signkey ./router.ctc_key.txt -out ./router_ctc.crt
ssl_certificate cert.crt; ssl_certificate_key cert.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5:!DES:!3DES;
---------------------------------------------------------------
openssl genrsa -des3 -out jack.key 2048
openssl req -new -key jack.key -out jack.csr
openssl req -new -x509 -days 3650 -key jack.key -out jack.crt
openssl rsa -in jack.key -out jack1.key # 用上面长生的jack.key作为输入,输出新的key就可以不用密码,直接启动了。
---------有些证书需要合成-------(以色列客户)
ssl
RapidSSL RSA CA
首先在桌面空白处,鼠标右键新建文本文档,把域名证书及中级证书,合并在一起,最后生成命名为server,后缀为crt的文件
cat STAR_2proof_co_il.crt SectigoRSADomainValidationSecureServerCA.crt USERTrustRSAAAACA.crt AAACertificateServices.crt > final.crt
注意:顺序不能调动,上面为域名证书,下面为中级证书,中间不留空。
-----