Windows 生成双向认证的自签证书（本地测试使用）

最新推荐文章于 2024-04-29 10:00:00 发布

瘦身小蚂蚁

最新推荐文章于 2024-04-29 10:00:00 发布

阅读量1.5k

点赞数 3

分类专栏： Golang 文章标签： golang

本文链接：https://blog.csdn.net/ling1998/article/details/122054367

版权

Golang 专栏收录该内容

25 篇文章 1 订阅

订阅专栏

生成服务端证书与客户端证书

1. 生成根证书

根证书（Root Certificate）是属于根证书颁发机构（CA）的公钥证书。用来验证它所签发的证书（服务端、客户端）

（1）打开openssl

执行openssl

（2）生成根证书私钥文件

执行 genrsa -out ca.key 2048，生成ca.key私钥文件

（3）生成根证书公钥文件

执行 req -new -x509 -days 3650 -key ca.key -out ca.pem ，生成ca.pem公钥文件

注：此步骤生成时Common Name填写localhost

以上执行命令如下所示：

#（1）打开openssl
E:\Program Files\OpenSSL-Win64\bin>openssl

#（2）生成根证书私钥文件
OpenSSL> genrsa -out ca.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
...................................+++++
......................................................................................+++++
e is 65537 (0x010001)

#（3）生成根证书公钥文件
OpenSSL> req -new -x509 -days 3650 -key ca.key -out ca.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:cn
State or Province Name (full name) [Some-State]:beijing
Locality Name (eg, city) []:beijing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:tracy
Organizational Unit Name (eg, section) []:tracy
Common Name (e.g. server FQDN or YOUR name) []:localhost
Email Address []:

2. 生成服务端证书

（1）生成服务端私钥文件

执行 genrsa -out server.key 2048 ，生成server.key私钥文件

（2）请求创建服务端证书

执行 req -new -key server.key -out server.csr ，生成server.csr证书文件

若出现以下错误，打开一个新窗囗再执行命令注：此步骤生成时Common Name填写localhost

（3）生成服务端公钥文件

执行 x509 -req -sha256 -CA ca.pem -CAkey ca.key -CAcreateserial -days 3650 -in server.csr -out server.pem ，根据server.csr签发生成server.pem公钥文件

以上执行命令如下所示：

E:\Program Files\OpenSSL-Win64\bin>openssl

#（1）生成服务端私钥文件
OpenSSL> genrsa -out server.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
..........................+++++
.............+++++
e is 65537 (0x010001)

#（2）请求创建服务端证书
OpenSSL> req -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:cn
State or Province Name (full name) [Some-State]:beijing
Locality Name (eg, city) []:beijing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:tracy
Organizational Unit Name (eg, section) []:tracy
Common Name (e.g. server FQDN or YOUR name) []:localhost
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

#（3）生成服务端公钥文件
OpenSSL> x509 -req -sha256 -CA ca.pem -CAkey ca.key -CAcreateserial -days 3650 -in server.csr -out server.pem
Signature ok
subject=C = cn, ST = beijing, L = beijing, O = tracy, OU = tracy, CN = localhost
Getting CA Private Key

3. 生成客户端证书

（1）生成客户端私钥文件

执行 ecparam -genkey -name secp384r1 -out client.key ，生成client.key私钥文件

（2）请求创建客户端证书

执行 req -new -key client.key -out client.csr ，生成client.csr证书文件

注：此步骤生成时Common Name填写localhost

（3）生成客户端公钥文件

执行 x509 -req -sha256 -CA ca.pem -CAkey ca.key -CAcreateserial -days 3650 -in client.csr -out client.pem，根据client.csr签发生成client.pem公钥文件

以上执行命令如下所示：

E:\Program Files\OpenSSL-Win64\bin>openssl

#（1）生成客户端私钥文件
OpenSSL> ecparam -genkey -name secp384r1 -out client.key

#（2）请求创建客户端证书
OpenSSL> req -new -key client.key -out client.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:cn
State or Province Name (full name) [Some-State]:beijing
Locality Name (eg, city) []:beijing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:tracy
Organizational Unit Name (eg, section) []:tracy
Common Name (e.g. server FQDN or YOUR name) []:localhost
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

#（3）生成客户端公钥文件
OpenSSL> x509 -req -sha256 -CA ca.pem -CAkey ca.key -CAcreateserial -days 3650 -in client.csr -out client.pem
Signature ok
subject=C = cn, ST = beijing, L = beijing, O = tracy, OU = tracy, CN = localhost
Getting CA Private Key

生成文件如下图所示：

参考视频:

go语言grpc框架实战_哔哩哔哩_bilibili

瘦身小蚂蚁

关注

3
点赞
踩
1

收藏

觉得还不错? 一键收藏
0
评论
Windows 生成双向认证的自签证书（本地测试使用）

生成服务端证书与客户端证书1. 生成根证书根证书（Root Certificate）是属于根证书颁发机构（CA）的公钥证书。用来验证它所签发的证书（服务端、客户端）（1）打开openssl 执行openssl（2）生成根证书私钥文件执行 genrsa -out ca.key 2048，生成ca.key私钥文件（3）生成根证书公钥文件执行 req -new -x509 -days 3650 -key ca.key -out c...
复制链接

扫一扫