How to manually generate ssl certificate for own site in Linux

最新推荐文章于 2022-07-25 22:43:49 发布
最新推荐文章于 2022-07-25 22:43:49 发布
阅读量4.4k 收藏
点赞数
分类专栏: Linux 文章标签: ubuntu ssl https
知识在分享中升华,思想在交流中沉淀。
本文链接:https://blog.csdn.net/qwfys200/article/details/106477534
版权

How to manually generate ssl certificate for own site in Linux

  最近在玩kubernetes,时常要用到https协议,而https协议又离不开ssl证书,自己弄好了以后,想到可能还会有很多人也会用到,所以这里就写一篇文章介绍一下这一块的东西。

Generate ssl certificate

  • 步骤1 生成伪随机数字节文件

  Openssl rand命令用来产生伪随机字节,随机数字产生器需要一个seed,在没有/dev/srandom系统下的解决方法是自己做一个~/.rnd文件。

lwk@qwfys:~$ openssl rand -writerand ~/.rnd
  • 步骤2 创建目录

  创建目录~/.tmp/3123459_k8s.qwfys.com_nginx

lwk@qwfys:~$ mkdir -p ~/.tmp/3123459_k8s.qwfys.com_nginx
lwk@qwfys:~$ ll .tmp/
total 12
drwxr-xr-x  3 lwk lwk 4096 Jun  2 09:33 ./
drwxr-xr-x 53 lwk lwk 4096 Jun  2 09:32 ../
drwxr-xr-x  2 lwk lwk 4096 Jun  2 09:33 3123459_k8s.qwfys.com_nginx/
lwk@qwfys:~$
  • 步骤3 生成非对称公密钥对

  用OpenSSL的genrsa命令生成一个2048 bit的公钥私钥对,输出到文件~/.tmp/3123459_k8s.qwfys.com_nginx/3123459_k8s.qwfys.com_nginx.key里。

lwk@qwfys:~$ openssl genrsa -out ~/.tmp/3123459_k8s.qwfys.com_nginx/3123459_k8s.qwfys.com_nginx.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
................+++++
........................................+++++
e is 65537 (0x010001)
lwk@qwfys:~$
  • 步骤4 生成身份申请CSR

  用OpenSSL的req命令以上文中的3123459_k8s.qwfys.com_nginx.key为输 入,生成一个身份证申请(certificate signing request,CSR)文件 3123459_k8s.qwfys.com_nginx.csr

lwk@qwfys:~$ openssl req -new -key ~/.tmp/3123459_k8s.qwfys.com_nginx/3123459_k8s.qwfys.com_nginx.key -out ~/.tmp/3123459_k8s.qwfys.com_nginx/3123459_k8s.qwfys.com_nginx.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Hongkong
Locality Name (eg, city) []:Hongkong
Organization Name (eg, company) [Internet Widgits Pty Ltd]:www.qwfys.com
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:k8s.qwfys.com
Email Address []:qwfys200@qq.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
lwk@qwfys:~$
  • 步骤5 生成CA签署的身份证

  以下OpenSSL的x509命令用指定的私钥文件3123459_k8s.qwfys.com_nginx.key签署身份申请(certificate signing request,CSR)文件3123459_k8s.qwfys.com_nginx.csr,输出CA签署的身份证(CA signed certificate,CRT)文件3123459_k8s.qwfys.com_nginx.crt

lwk@qwfys:~$ openssl x509 -req -sha256 -days 365 -in ~/.tmp/3123459_k8s.qwfys.com_nginx/3123459_k8s.qwfys.com_nginx.csr -signkey ~/.tmp/3123459_k8s.qwfys.com_nginx/3123459_k8s.qwfys.com_nginx.key -out ~/.tmp/3123459_k8s.qwfys.com_nginx/3123459_k8s.qwfys.com_nginx.crt
Signature ok
subject=C = CN, ST = Hongkong, L = Hongkong, O = www.qwfys.com, OU = IT, CN = k8s.qwfys.com, emailAddress = qwfys200@qq.com
Getting Private key
lwk@qwfys:~$

  接下来,我们查看一下生成的文件及其内容。

lwk@qwfys:~$ ll ~/.tmp/3123459_k8s.qwfys.com_nginx/
total 20
drwxr-xr-x 2 lwk lwk 4096 Jun  2 13:59 ./
drwxr-xr-x 4 lwk lwk 4096 Jun  2 09:53 ../
-rw-r--r-- 1 lwk lwk 1330 Jun  2 13:59 3123459_k8s.qwfys.com_nginx.crt
-rw-r--r-- 1 lwk lwk 1062 Jun  2 13:59 3123459_k8s.qwfys.com_nginx.csr
-rw------- 1 lwk lwk 1675 Jun  2 13:57 3123459_k8s.qwfys.com_nginx.key
lwk@qwfys:~$ cat ~/.tmp/3123459_k8s.qwfys.com_nginx/3123459_k8s.qwfys.com_nginx.key 
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEApKRbB3jKgN1irAJLzZ1o6EdXY6AMx64gDMm5LF4QetDxCFmj
MFi9Pii03Lefsxy7gKVSOUCuyMLkCqOLQwmtBDPN6EY0L+5LLOTO8dPkvuUfxtq+
ge1X0yOSirumFQ/FXA7yFD4FGoLYmUFqLoNYxyySYnbMNNSSlcXEbaxfXWQfrOUu
TG1LOtK8TcZGeLwUCDlx5qP+uxBNsWPJPCxoPpWQ1f+q18F2zZvVRQggQ5U6GwZP
/53O6rUioRFYRNnj+00t8pALS++vPKVNZxM+VczmIwI0/nQZnHv5AlWIUOZBVxf7
NBJju5XV4XpZO1TN0RRKpSWIHGGGqOe2ls/9lwIDAQABAoIBADsMm31djDuVqzsI
A8n2B9cvJx+bGppPUD1l6B0Ki5yQ7bHR/F5tpUny7ZMv5H4n8vPb11ajZUyp4YIT
T/I2OTCFp/cDntoF/D5YvgQrvCHfKXt3ntYYmuQmIPvS+2kYY+91iMtLxybQAQFO
Xdfa0e91g/b+ppTYHM7MxHuVVAq5N88zY68Tlkf73TVkWuXgJZGc0m/RWSLBAzIG
CSB1NFGvsl6Sj6K/a2fXvJu2OojKjp1pN4vcM7tFJRAEwiU3fri3gqCD5TnX3Lv4
ZR1GRNFjUnxt2/NF+xFdeeepHnZViXvIqT/jvpYWl2D1qIfW1SE/qgrEm3Ego0dU
z90qKmECgYEA2F3bgvzdi8nd0avG8EAV4mD2kMMob27A68WDUu9zFAbhYfp0mE2U
dthfAUqbShI72QVMmKcQVxVZCbQP5Vjb0y+6tNVt+WBddFnBy0+bH4dredmwQtS2
Og0tWq9kCS2fSnawquzafm2HXPucGehwthpFi/VZKy24lW1uO5Jm/xECgYEAwsz1
99P2zuwliH/Y2AKpGNtDUIchJs5Lz4q8GvW7RSJjr1FKM5o1CTOqPLQ+Tm64ekbb
odWyRjUg2Favlo72fy/meVTTVCctp0oJ7odwQXzhIsBFZ+sYfv5nQGrvxkOR5gNq
4rSqQpRvJjSGU9OiEeWyZwz0lRGkVLPxNNsRAicCgYBa1EvqWSzIGh48ftgs0zpc
pkfbzZGT9fKXB3txvYOZzKmg7/syVJ8WpQ59BEzcc3scR9U34CpD5HpUUHq71Omz
Zj4C2/Ym0gVpaqSoLOr5+Wds563O4Gz/QbjgcPCVycktAVZ46qVunZxNtHJ7jdCD
IdRAROcB8VejoyS7bWI/gQKBgQCnciMkSpFmwNpqgOrWk0LjWOZ9/AnlH4NO/URA
MGYvQSZK9yc/QBjCtiRpVc4RAV+Vy/7TF6vMabK4A5ufYXhFT9lfBik5twupNx1e
ahF2WW/0vS1r7Ev8LZZ3avR8imyJOPrRsNaBsLHyN0gYGly/4Z/+sMY0tRt6q8p0
0rHGFQKBgF/uVbWLyXnGV+aQiRBZLcxy+MZntJ4IuJm+Wp3tlkPPr/z4qf0QlzS6
7ir8+YsOj68SFwtiJirJ5j8f8bMWRAdVsKtdF+Cp73Wjtf10360Db9Q9IZqZQvhr
EjTwnnHXKqkjqn3sudTpnbpGRorS8jO1537Gf/li5L9UnHqEbikU
-----END RSA PRIVATE KEY-----
lwk@qwfys:~$

虽说文件头尾都标注着RSA PRIVATE KEY,但实际上这个文件里面包含了公钥与私钥。

lwk@qwfys:~$ cat ~/.tmp/3123459_k8s.qwfys.com_nginx/3123459_k8s.qwfys.com_nginx.csr
-----BEGIN CERTIFICATE REQUEST-----
MIIC1jCCAb4CAQAwgZAxCzAJBgNVBAYTAkNOMREwDwYDVQQIDAhIb25na29uZzER
MA8GA1UEBwwISG9uZ2tvbmcxFjAUBgNVBAoMDXd3dy5xd2Z5cy5jb20xCzAJBgNV
BAsMAklUMRYwFAYDVQQDDA1rOHMucXdmeXMuY29tMR4wHAYJKoZIhvcNAQkBFg9x
d2Z5czIwMEBxcS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCk
pFsHeMqA3WKsAkvNnWjoR1djoAzHriAMybksXhB60PEIWaMwWL0+KLTct5+zHLuA
pVI5QK7IwuQKo4tDCa0EM83oRjQv7kss5M7x0+S+5R/G2r6B7VfTI5KKu6YVD8Vc
DvIUPgUagtiZQWoug1jHLJJidsw01JKVxcRtrF9dZB+s5S5MbUs60rxNxkZ4vBQI
OXHmo/67EE2xY8k8LGg+lZDV/6rXwXbNm9VFCCBDlTobBk//nc7qtSKhEVhE2eP7
TS3ykAtL7688pU1nEz5VzOYjAjT+dBmce/kCVYhQ5kFXF/s0EmO7ldXhelk7VM3R
FEqlJYgcYYao57aWz/2XAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEANCYbhGQW
hWuKwOVX1PWrokFTuCCbWQHkrUXNGxABAYg879ulZsjYCqamPdGdKbIkA6qZzfDR
aB9VpOcuWKLkIm4i95XeSiLRIfYDhbpqGvCRi8hNsqMqeBPSBUVusawMY8RQk8LK
/51qCQA4vV1HkwA+yxLSADqC7qJLJALdGZZFfZXpAZS/s/nNyUx6Lov1L+2+mClu
hvwidn4mYJ3CsL7+B8iXDio3RkCW5CAsyALgojb7CE83UOXA8R8eRWEDqC8ZD8dD
Sh0G3q6qz+MyNkP0E9HprbSfLbXF6OT33CvkjddQNtOPI4l6gVBmDm4iwfKq0wZL
M4KG/iAXw07ybA==
-----END CERTIFICATE REQUEST-----
lwk@qwfys:~$ cat ~/.tmp/3123459_k8s.qwfys.com_nginx/3123459_k8s.qwfys.com_nginx.crt 
-----BEGIN CERTIFICATE-----
MIIDqTCCApECFCIleg+v7vC+7qoPPbiKf/ouV99KMA0GCSqGSIb3DQEBCwUAMIGQ
MQswCQYDVQQGEwJDTjERMA8GA1UECAwISG9uZ2tvbmcxETAPBgNVBAcMCEhvbmdr
b25nMRYwFAYDVQQKDA13d3cucXdmeXMuY29tMQswCQYDVQQLDAJJVDEWMBQGA1UE
AwwNazhzLnF3ZnlzLmNvbTEeMBwGCSqGSIb3DQEJARYPcXdmeXMyMDBAcXEuY29t
MB4XDTIwMDYwMjA1NTk0M1oXDTIxMDYwMjA1NTk0M1owgZAxCzAJBgNVBAYTAkNO
MREwDwYDVQQIDAhIb25na29uZzERMA8GA1UEBwwISG9uZ2tvbmcxFjAUBgNVBAoM
DXd3dy5xd2Z5cy5jb20xCzAJBgNVBAsMAklUMRYwFAYDVQQDDA1rOHMucXdmeXMu
Y29tMR4wHAYJKoZIhvcNAQkBFg9xd2Z5czIwMEBxcS5jb20wggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQCkpFsHeMqA3WKsAkvNnWjoR1djoAzHriAMybks
XhB60PEIWaMwWL0+KLTct5+zHLuApVI5QK7IwuQKo4tDCa0EM83oRjQv7kss5M7x
0+S+5R/G2r6B7VfTI5KKu6YVD8VcDvIUPgUagtiZQWoug1jHLJJidsw01JKVxcRt
rF9dZB+s5S5MbUs60rxNxkZ4vBQIOXHmo/67EE2xY8k8LGg+lZDV/6rXwXbNm9VF
CCBDlTobBk//nc7qtSKhEVhE2eP7TS3ykAtL7688pU1nEz5VzOYjAjT+dBmce/kC
VYhQ5kFXF/s0EmO7ldXhelk7VM3RFEqlJYgcYYao57aWz/2XAgMBAAEwDQYJKoZI
hvcNAQELBQADggEBAIPLP1nb/LTPpjERfiNzFh0p2KTkLuE8n4d7dV3uPcEbJ7g6
c7dIIZp192fQ0FCo+0MmoIXd8+7I0bmaOupD/eA1VuJKjcXgQUvbx4AJiAWBgaUl
Sg+dzFSoTykdk6idbK7zbHfYhSnt7eCw5z4ffmWFcEaEpmXUFJnTo6A6FWY26rxx
MK7Xpzkwa6OGHRlGaCBgTRR4aNjDHUktMhZzyS/RKazit6bGltGt1p7U+qJjD58h
yvfbhB+GJ9DRhoellxTVUoCAH3E60goO4qVj0HQz2yU0IiIR4fmjaaRKhpapsHyF
VYRupsEviwQ2WxFSJAPz3jVSOTW0ogK9fCZQA0Y=
-----END CERTIFICATE-----
lwk@qwfys:~$

Use the ssl certificate in Nginx

至些,我们就为自己的站点生成了相应的数字证书。那么如何使用呢?这里我们以CentOS 7、Nginx 1.15.6为例给大家简要介绍一下。

  • 步骤 1 安装nginx
yum install -y nginx
  • 步骤 2 在nginx配置目录添加子目录ssl,并将先前生成的文件3123459_k8s.qwfys.com_nginx.key、3123459_k8s.qwfys.com_nginx.crt复制到该目录
[root@xtwj73 ~]#  mkdir -p /etc/nginx/ssl

 lwk@qwfys:~$ scp ~/.tmp/3123459_k8s.qwfys.com_nginx/3123459_k8s.qwfys.com_nginx.key root@inner73.qwfys.com:/etc/nginx/ssl/
 lwk@qwfys:~$ scp ~/.tmp/3123459_k8s.qwfys.com_nginx/3123459_k8s.qwfys.com_nginx.crt root@inner73.qwfys.com:/etc/nginx/ssl/
  • 步骤3 编辑nginx配置文件,追来ssl功能

修改Nginx安装目录/conf/nginx.conf文件。找到以下配置信息:

# HTTPS server
server {
    listen 443;
    server_name localhost;

    ssl on;
    ssl_certificate cert.pem;
    ssl_certificate_key cert.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers on;

    location / {

按照下文中注释内容修改nginx.conf文件:

server {
    listen 443 ssl;   #SSL协议访问端口号为443。此处如未添加ssl,可能会造成Nginx无法启动。
    server_name k8s.qwfys.com;  #将localhost修改为您证书绑定的域名,例如:www.example.com。
    root html;
    index index.html index.htm;

    ssl_certificate ssl/3123459_k8s.qwfys.com_nginx.crt;   #将domain name.pem替换成您证书的文件名。
    ssl_certificate_key ssl/3123459_k8s.qwfys.com_nginx.key;   #将domain name.key替换成您证书的密钥文件名。
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;  #使用此加密套件。
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;   #使用该协议进行配置。
    ssl_prefer_server_ciphers on;
   
    location / {
        root html;   #站点目录。
        index index.html index.htm;   
    }
}
  • 步骤 4 重启nginx以使配置生效
[root@xtwj73 ~]# systemctl restart nginx.service

Summary

  上面我们给大家介绍的关于生成非对称公密钥、身份证申请这些操作步骤是以交互方式完成的,但是在一些特殊场合,我们希望以参数形式来完成,其实,这样也是可以的。接下来,我们就给大家演示这方面的操作步骤。

lwk@qwfys:~$ openssl rand -writerand ~/.rnd
lwk@qwfys:~$ mkdir -p ~/.tmp/3723459_k8s.qwfys.com_nginx
lwk@qwfys:~$ openssl req -new -newkey rsa:2048 -nodes -out ~/.tmp/3723459_k8s.qwfys.com_nginx/3723459_k8s.qwfys.com_nginx.csr -keyout ~/.tmp/3723459_k8s.qwfys.com_nginx/3723459_k8s.qwfys.com_nginx.key -subj "/C=CN/ST=Hongkong/L=Hongkong/O=www.qwfys.com Inc./OU=IT/CN=k8s.qwfys.com_nginx"
Generating a RSA private key
........................+++++
............+++++
writing new private key to '/home/lwk/.tmp/3723459_k8s.qwfys.com_nginx/3723459_k8s.qwfys.com_nginx.key'
-----
lwk@qwfys:~$ ll ~/.tmp/3723459_k8s.qwfys.com_nginx/
total 16
drwxr-xr-x 2 lwk lwk 4096 Jun  2 09:53 ./
drwxr-xr-x 4 lwk lwk 4096 Jun  2 09:53 ../
-rw-r--r-- 1 lwk lwk 1029 Jun  2 09:53 3723459_k8s.qwfys.com_nginx.csr
-rw------- 1 lwk lwk 1704 Jun  2 09:53 3723459_k8s.qwfys.com_nginx.key
lwk@qwfys:~$ cat ~/.tmp/3723459_k8s.qwfys.com_nginx/3723459_k8s.qwfys.com_nginx.key 
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC0EPBk10wcAj57
nDThCBv/KJN8NCQX2wHI0ppOuTpOrEQoO2Bc75QLGVw6RHuAOPXwzhn6+t08k3rm
wdDeecxfAd0vxunu5P+NoavDfHeG3wHmU0n3wW+iY/0/GJpFNEElFcV0h6YXiFFK
XkijI+y0ayQ9xbtHKCyJ1j7KN3u3nadrWaft2jQ4E+MoavjfVvc+21UKHNObHzjh
/tozwIwkGX6/EGjfyq8q7OsPVJRJiXdmCURyfgXgSuUzdnXGbG6NZxWi30/hG2Yw
ejcmg6a1pja7hl3P57WInZKdk3Uj1ZhsRgarQbCpu7gDWe2j1/E0Ly14Z+aNZ/Gb
viOtsEbXAgMBAAECggEARtkrXOIBRjvzzbsGa0w/h8O1U/dIBELdjuCeaj8jG/VX
0+SY47g4La3KxfpQBYFj812Eh2XRSpZUkxrLTd3qda9MEhJX1PExQ87KwF3mwaBZ
JQC8Z8kqXWCuMfdCK9yFjUvlpxYAWd3+7h3uwpHN/qbxWYTFTRgXfhxYFESEXxf1
uXKzQzQbkqQQWzZSAb8cdxcj0itEDwo7a/Pf5renYQBQXMw+psy2o3Nt3/VEKA9x
7PNfEpZFnw3Y3KNJxg13L+hBhH7PQ5CPVbhIPXp5fJT204DwFNwHQ7wnM6msxSVf
qHS2PlB70pefvj8tm1nH9Svgq34uAvFHiRscKPj/wQKBgQDglQb37y+fuoFtLnBd
+rKcnMp+fBeA8q7BRWcUBqX4XZjePC8OEY0r3Ii238fyQuS7Or8JH9Sb/6p83tNB
Qdn9/ioqX/FUA1vHNAONDDesfkd+j0G8omBAg4oXWZcrDEw7NR91bXUq7aHnDhiO
DwFCanlydeS2OHPhDwZNLJAAkQKBgQDNQais9TOOmxTS3mmWJZ5lLKmonY6aad76
y/SuOWs13wHp/H2a3qW9wobmBREMt65ik3rgx/nY25u+Be2KetmrdTZuj1nh3w+N
IhL4HkfbkYK0Mncljtxg/NySM2WzAGIkHK3lqGWrF7NquN1ryZTeLJK/C/mnLVkl
PEvFOqWE5wKBgDZSVbkq1a4hAqVSEkPpG8Ld+ezWPyklijedfe1OHl8Q5KT8kbUp
cagmU7tILajfnUvcTdD7LgX9tVM24opqTzwsei59vnW/yjdI0YMQbXb/pHNsW04x
SG7SYlh7hyEWfGnl05Inw6t6hyrIMhBKeNeDwZR6B7Q7u2u4oqGQIdTBAoGBALS6
MHQB/uB86mv1jBC5lOtO1R/zgwGxYLWBajMRubWYY44MVOhNTLB2HONh6K5C+Vgw
tUxAqFxqmYpKm+qH2yseLMxSinjYOFAzhXJU7z6EtApIOSKn1KHNY8WTXeOr3b4g
RnnluYdZeg/pMIVc3Ch4JMn1GGA8DLc9jRXfWqhXAoGBAJRAFnOMFL5CNWwI/Z1K
Q+zp48Zdi67xAP312YyOOroVH0qaDd+H4OOqHfYjqRSVVHjHMcoNnY+qv/EYFkr+
wuRDPw4EQHmRJWTdn7Ew15GMOETz0DkZcsvdd7qh0xxIZMdhG2fAI+hdUVz3z2XM
otj6Yb9/XW4rUyQzYx+sdoOM
-----END PRIVATE KEY-----
lwk@qwfys:~$ cat ~/.tmp/3723459_k8s.qwfys.com_nginx/3723459_k8s.qwfys.com_nginx.csr 
-----BEGIN CERTIFICATE REQUEST-----
MIICwDCCAagCAQAwezELMAkGA1UEBhMCQ04xETAPBgNVBAgMCEhvbmdrb25nMREw
DwYDVQQHDAhIb25na29uZzEbMBkGA1UECgwSd3d3LnF3ZnlzLmNvbSBJbmMuMQsw
CQYDVQQLDAJJVDEcMBoGA1UEAwwTazhzLnF3ZnlzLmNvbV9uZ2lueDCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBALQQ8GTXTBwCPnucNOEIG/8ok3w0JBfb
AcjSmk65Ok6sRCg7YFzvlAsZXDpEe4A49fDOGfr63TyTeubB0N55zF8B3S/G6e7k
/42hq8N8d4bfAeZTSffBb6Jj/T8YmkU0QSUVxXSHpheIUUpeSKMj7LRrJD3Fu0co
LInWPso3e7edp2tZp+3aNDgT4yhq+N9W9z7bVQoc05sfOOH+2jPAjCQZfr8QaN/K
ryrs6w9UlEmJd2YJRHJ+BeBK5TN2dcZsbo1nFaLfT+EbZjB6NyaDprWmNruGXc/n
tYidkp2TdSPVmGxGBqtBsKm7uANZ7aPX8TQvLXhn5o1n8Zu+I62wRtcCAwEAAaAA
MA0GCSqGSIb3DQEBCwUAA4IBAQCJv0/4iJJ6OIex2IfosrS/1szZO1z4rVdwwz1V
jtRhMdXZnOmIzFfkG4EI2COonA56rABm9o3GPRIXW7P2aXxRWhb7um1zLQFp7RoC
CBaqm+1YPpbxDc7ifcuPlzcgRfHW+2fjqwqXifSCrcdqH7+cf6hs9gRFOm0Fucp6
nucQrYuhtXrAv6tUyx1YJYxwUyScnMsJej32iomtPkwCJSW1eKSBUeL+9t5th28U
g2jxgsf0Kobxc6oFmqBfUNsy5HeX4GWDHnmq5lWbDD3OAhovvT3agLeopzTHCqN/
zE0EOItSYef5dTy5ck0Ac58Bb86hQfxblICHa3TfSqy77hYo
-----END CERTIFICATE REQUEST-----
lwk@qwfys:~$

在这里插入图片描述

Reference

qwfys200
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 打赏
    打赏
  • 0
    评论
专栏目录
test
xiaogou56a的专栏
08-07 35万+
[=====[UEsDBAoAAAAAAGd2B0kAAAAAAAAAAAAAAAAJABAAemlwLXRlc3QvVVgMADrapldi 2qZX9QEUAFBLAwQUAAgACABndgdJAAAAAAAAAAAAAAAAEgAQAHppcC10ZXN0Ly5E U19TdG9yZVVYDABi2qZXYtqmV/UBFADtmD1uwkAQhd8YR7JE45Jyr8ANV
How to generate self-signed SSL certificates
gujing001的专栏
08-17 1309
Create a key file $ openssl genrsa -out key.pem 1024 To create a certificate request with that key, you will need to answer some questions. The most important one is "Common Name" which MUST b
生成SSL证书
yeisman的专栏
10-28 602
一、下载安装mkcert,截止至2020-5-9,最新版本为1.4.1 1、windows系统:直接下载解压即可。 下载:https://download.csdn.net/download/alinathz/12402537 2、linux系统: 在CentOS和Fedora中安装mkcert类似于Ubuntu/Debian安装,只需要先安装nss-tools工具: sudo yum install nss-tools 1 安装完成后,下载二进制包,截止至2020-5-9,最新版本为1.4.1:
X509 证书详解
blue0bird的专栏
12-01 2万+
X509 证书详解 1 Certificates 1-1 Structure of a Certificate 1-2 Extensions informing a specific usage of a certficate 1-3 Certificate filename extensions 2 Certificate chains and cross-certifica
http://95u.free.fr/index.php,Electronic Software Distribution Service
weixin_39603327的博客
03-19 32万+
Content-Type: multipart/related; start=; boundary=----------OH5LlQ9dynBJGqR8E2AiMRContent-Location: https://software.pitt.edu/software/software.aspSubject: =?utf-8?Q?Electronic=20Software=20Distributi...
for linux PyV8-0.7.zip
05-05
标题中的"for linux PyV8-0.7.zip"指的是适用于Linux操作系统的PyV8库的版本0.7的压缩包。PyV8是Python的一个扩展模块,它封装了Google的V8 JavaScript引擎,允许Python程序与JavaScript代码进行交互。在Python环境...
WARN Failed to install dependencies. Please run ‘npm install’ manually!解决方案
01-07
1.git安装 2.nodejs安装 node -v npm -v #换镜像 ...# 少空格也会报错 cnpm #查看镜像 #用cnpm 全局安装 hexo客户端 cnpm install -g hexo-...WARN Failed to install dependencies. Please run ‘npm install’ manually!
frpc-linux-amd64
最新发布
05-23
Please check your internet connection. This can happen if your antivirus software blocks...3. Move the file to this location: /home/gaojiaran/anaconda3/envs/python3.10/lib/python3.10/site-packages/gradio
linux idea不支持中文输入解决
05-24
linux idea不支持中文输入...3. In the popup dialog, type b765.53 manually in the input field to find the jbrsdk-11_0_7-linux-x64-b765.53.tar.gz item. 4. Click the "Install" button, and restart the IDE.
UNEXPECTED INCONSISTENCY: RUN fsck MANUALLY
01-20
天有不测风云,机房断电或者电源有出现问题的时候,会造成死机或者直接断电的现象,这个是比较正常的情况了。这些莫名其妙的死机会造成邮件系统的错乱,错乱了可使用下面的步骤进行紧急检查一下,切记只可在紧急的...
ubuntu下证书详细生成脚本
11-29
ubuntu下证书详细生成脚本,用于使用ESP32模组或芯片的用户测试SSL握手时候需要用到的证书
iOS 开发中的各种证书
weixin_34320724的博客
07-03 2062
公钥和私钥 转载自:http://www.samirchen.com/ios-certificates/ 先简单的介绍一下公钥和私钥。我们常见的加密算法有两类:对称加密算法(Symmetric Cryptographic Algorithm) 和 非对称加密算法(asymmetric cryptographic algorithm)。 对于对称加密算法,一般只有一个秘钥。通过这个秘钥对一份数...
OA项目之我的会议(会议排座&送审)
彭于晏的博客
07-25 1万+
今天是继OA项目会议发布功能后的会议排座&送审功能,一起来看看吧!
http://www.htsjpt.com/admin.php,webshell/php/xiao.php.txt at f875e7b78085777b8a10c3456478dbd192d851a...
热门推荐
weixin_39980575的博客
03-13 60万+
eval(gzuncompress(base64_decode("eJzsvfl3G8eROP6z/J7/h9GYK4AmiIP3IVDiTUq8RJA6qceHY0BABDDQAOAhW/u/MNpNvLJ2I0qkLoq6SJsUZVEUSUmOnnP4WCeO1slGzsd2rDjvW9XHTA8wACnFye7nky9tkUAf1dXV1dXV1dXViqap2rCmJFUtHU2M2Ku...
ZLAN_ACC 安装代码
盈于心胸,充塞天地
04-30 11万+
ZLAN_ACC程序管理工具 使用说明 https://blog.csdn.net/cylcylcylcylwo/article/details/80146608 下面是安装代码,SE38创建程序 ZLAN_ACC,全选清空代码,复制粘贴进去,注意程序名一定是ZLAN_ACC DEFINE RKXIBJP18N. &16HX2J4FYH &1. END-OF-DEF...
openssl req和x509命令及配置文件
ayang1986的专栏
09-08 3375
1. req 命令及配置 openssl req -utf8 -new -config client/req.cnf -key client/client-key.pem -sha1 -out client/client-req.csr  client/req.cnf文件内容:  [req] prompt = no distinguished_name = dn input
用openssl验证证书和私钥是否有效
wqs1106的博客
05-12 1万+
1.openssl s_server -msg -verify -tls1_2 -state -cert cert.cer -key ..\privkey -accept 18444 使用上面的命令开启一个ssl测试服务器 2.openssl s_client -msg -verify -tls1_2  -state -showcerts -cert cert.cer -key ..\priv
OPERATION
weixin_33713350的博客
01-07 2781
运维最佳集中化自动化标准化虚拟化分布式 1)使用yum安装squid软件包:2)修改/etc/squid/squid.conf配置文件:[root@svr5 ~]# vim /etc/squid/squid.conf.. ..http_port 80 vhost //设置反向代理visible_hostname svr5.tarena.com ...
https//cl.oecl.me/index.php,Open Connector Groupware
weixin_39799290的博客
03-22 21万+
Revision: 517http://otlkcon.svn.sourceforge.net/otlkcon/?rev=517&view=revAuthor: kervinDate: 2007-12-07 11:48:32 -0800 (Fri, 07 Dec 2007)Log Message:-----------Working towards 0.5 Milestone ...
how to parse a complex, densely nested object graph into a more straightforward model for use in another domain.
05-30
To parse a complex, densely nested object graph into a more straightforward model for use in another domain, you can use a technique called "object mapping" or "object transformation". This involves mapping the complex object graph to a simpler model that is more appropriate for the other domain. Here are the general steps for object mapping: 1. Define the target model: Define the simpler model that you want to map to. This model should have only the properties that are relevant to the other domain. 2. Define the mapping rules: Define the rules for mapping the properties from the complex object graph to the properties in the target model. This may involve combining or filtering properties, renaming properties, or converting data types. 3. Implement the mapping: Implement the mapping rules using a mapping library or manually. One popular mapping library for Java is MapStruct, but there are many others available. Here's an example of object mapping using MapStruct: Suppose you have a complex object graph representing a library with many books, authors, and publishers. You want to map this to a simpler model that only includes the title, author name, and publisher name for each book. 1. Define the target model: ``` public class BookInfo { private String title; private String authorName; private String publisherName; // getters and setters } ``` 2. Define the mapping rules: ``` @Mapper public interface LibraryMapper { @Mapping(source = "book.title", target = "title") @Mapping(source = "book.author.name", target = "authorName") @Mapping(source = "book.publisher.name", target = "publisherName") BookInfo mapBookToBookInfo(Book book); } ``` 3. Implement the mapping: ``` LibraryMapper mapper = Mappers.getMapper(LibraryMapper.class); List<BookInfo> bookInfos = library.getBooks().stream() .map(mapper::mapBookToBookInfo) .collect(Collectors.toList()); ``` This will map the complex object graph to a simpler model that is more appropriate for use in another domain.

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

qwfys200

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值