# openssl genrsa -des3 -out ca.key 1024
1.产生一个rsa加密算法生成的CA钥,设置私钥长度为1024字节,输入到ca.key文件中。
Generating RSA private key, 1024 bit long modulus
.................++++++
...............................++++++
e is 65537 (0x10001)
Enter pass phrase for ca.key:
Verifying - Enter pass phrase for ca.key:
#openssl rsa -noout -text -in ca.key
2.以打印文本方式查看创建的证书ca.key的内容,该证书未经过签名,其内容如下。
Enter pass phrase for ca.key:
Private-Key: (1024 bit)
modulus:
00:bd:d6:2b:07:8d:f0:0b:30:dc:d1:c6:70:5d:a4:
e7:57:22:62:a2:bb:43:1d:ac:61:c6:08:ed:cf:76:
cc:ee:2c:b4:97:93:18:fa:7b:a8:b9:aa:68:a9:a6:
da:e1:f5:d0:c6:1d:e8:2b:61:db:f2:52:cc:f5:bf:
d4:df:24:16:97:d6:6b:7d:c3:ae:7c:32:a1:20:60:
23:97:cc:fb:7f:dc:93:9c:d6:52:98:02:99:f1:23:
4b:e8:41:97:ea:5e:5f:0c:e5:24:81:2b:27:69:67:
b8:9b:0b:28:b0:9a:d7:b2:2e:b4:57:db:f8:af:66:
e9:46:7f:43:b6:99:6a:bf:6b
publicExponent: 65537 (0x10001)
privateExponent:
00:a8:4d:93:52:9c:45:40:36:ae:df:90:b6:18:5f:
d5:f6:4b:76:f5:5d:5e:90:95:3f:0d:ea:e6:a3:b3:
68:d6:94:6d:fb:a0:1f:5a:1b:7e:28:35:6b:9b:55:
61:e3:49:23:32:32:5b:9e:f2:a0:a4:83:42:51:72:
24:91:3c:96:85:b8:78:94:da:22:7d:ef:98:e2:6b:
bf:57:33:ec:7f:aa:ea:ec:7d:ff:aa:cc:5d:6c:f6:
28:c2:60:6b:02:ea:bc:d4:8e:0d:35:8d:47:6f:7c:
ac:ac:b4:1f:d5:52:54:5b:58:85:fb:fa:98:a4:d5:
cd:54:ac:c7:59:64:9f:f0:49
prime1:
00:f3:50:d4:1d:ac:0b:80:23:a6:c5:2b:00:10:d7:
0f:73:8d:8e:78:c2:e2:73:e2:09:f5:83:be:1c:e5:
c8:7e:1d:9b:8d:ee:6b:ee:09:17:99:26:ca:8f:d7:
e6:ff:4d:e9:d3:06:8a:f3:d2:ab:38:89:90:b3:3c:
6c:d7:0d:b6:a5
prime2:
00:c7:bb:a2:22:15:a1:df:31:a2:8f:7a:18:fa:7b:
d4:31:dd:fc:86:ab:18:fc:a2:11:ed:68:52:d9:6c:
2c:41:ef:e4:31:0b:1b:e0:5a:f0:1a:a4:6f:ce:8b:
de:9e:71:73:2d:95:0b:a4:0f:71:51:c6:6c:a4:ea:
a4:e7:d6:d0:cf
exponent1:
51:37:c5:d6:31:bb:95:06:51:80:b7:1d:ca:81:3f:
13:1f:49:53:5e:1a:20:fc:6e:be:99:3f:38:7e:2b:
32:8d:c7:82:d4:f7:09:f9:d6:fa:b4:4c:21:3f:bc:
47:b4:46:3c:be:8e:5b:5d:12:f2:48:59:18:bb:2e:
c9:8a:36:51
exponent2:
2e:d6:d0:c1:df:82:d3:7d:a7:5a:b0:4e:75:47:5e:
ce:c6:f9:36:77:9f:67:77:76:6e:cf:5d:46:81:b8:
ab:49:df:a0:a4:b3:47:dc:eb:9b:c3:de:38:78:d2:
9f:23:89:d8:31:b0:c6:2b:9c:ee:89:72:e7:05:e3:
e0:3e:9f:3f
coefficient:
08:4e:81:02:42:c1:35:e9:9b:62:78:45:98:ea:f6:
4a:f2:ad:d3:dd:e1:cb:30:96:9a:55:89:4b:2e:ea:
63:b8:29:35:ea:b8:72:13:5c:3f:b1:05:46:8d:cd:
03:39:42:1e:ed:e8:f9:4a:40:56:40:b8:31:71:4f:
fe:aa:f3:d8
#openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
3.使用1步产生的CA密钥自签署CA证书。然后系统提示输入国家代号、省份名称、城市名称、公司名称、部门名称、你的姓名及Email地址,这样一张自签名的CA证书就制作完成。
Enter pass phrase for ca.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:china
string is too long, it needs to be less than 2 bytes long
Country Name (2 letter code) [GB]:beijing
string is too long, it needs to be less than 2 bytes long
Country Name (2 letter code) [GB]:beijing
string is too long, it needs to be less than 2 bytes long
Country Name (2 letter code) [GB]:bj
State or Province Name (full name) [Berkshire]:haidian
Locality Name (eg, city) [Newbury]:zhichunlu
Organization Name (eg, company) [My Company Ltd]:beijingzhongkeyuan
Organizational Unit Name (eg, section) []:zhongkefangde
Common Name (eg, your name or your server's hostname) []:zhongguo
Email Address []:zhongguo@sina.com
#openssl x509 -noout -text -in ca.crt
4.查看签名后的证书内容,其中包含版本号,证书标识码,数字签名算法,发行者,有效期,主题,主题公钥信息,公钥算法,RSA公钥长度,解编码格式格式,证书主密码标识符,证书授权密钥标识符,证书基础强制。其内容如下
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
84:77:79:c1:e4:dc:23:68
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=bj, ST=haidian, L=zhichunlu, O=beijingzhongkeyuan, OU=zhongkefangde, CN=nancy/emailAddress=xiaonan@nfs-china.com
Validity
Not Before: Jan 18 05:25:31 2010 GMT
Not After : Jan 16 05:25:31 2020 GMT
Subject: C=bj, ST=haidian, L=zhichunlu, O=beijingzhongkeyuan, OU=zhongkefangde, CN=nancy/emailAddress=xiaonan@nfs-china.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:bd:d6:2b:07:8d:f0:0b:30:dc:d1:c6:70:5d:a4:
e7:57:22:62:a2:bb:43:1d:ac:61:c6:08:ed:cf:76:
cc:ee:2c:b4:97:93:18:fa:7b:a8:b9:aa:68:a9:a6:
da:e1:f5:d0:c6:1d:e8:2b:61:db:f2:52:cc:f5:bf:
d4:df:24:16:97:d6:6b:7d:c3:ae:7c:32:a1:20:60:
23:97:cc:fb:7f:dc:93:9c:d6:52:98:02:99:f1:23:
4b:e8:41:97:ea:5e:5f:0c:e5:24:81:2b:27:69:67:
b8:9b:0b:28:b0:9a:d7:b2:2e:b4:57:db:f8:af:66:
e9:46:7f:43:b6:99:6a:bf:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:E2:24:B8:68:AD:77:53:FF:A6:F3:CB:2A:4E:47:9A:6E:A7:7B:C0
X509v3 Authority Key Identifier:
keyid:96:E2:24:B8:68:AD:77:53:FF:A6:F3:CB:2A:4E:47:9A:6E:A7:7B:C0
DirName:/C=bj/ST=haidian/L=zhichunlu/O=beijingzhongkeyuan/OU=zhongkefangde/CN=nancy/emailAddress=xiaonan@nfs-china.com
serial:84:77:79:C1:E4:DC:23:68
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
3a:09:7c:ba:a4:12:55:a5:ac:cc:80:b5:fe:a1:0a:f8:b0:9e:
60:24:c9:b1:41:d9:04:cd:5a:44:fe:40:6e:9c:5c:5e:c7:b4:
bc:2f:56:72:26:f7:13:3b:3d:8b:fb:9a:c6:8f:0a:7c:d3:58:
38:ba:79:e1:67:c9:4a:06:da:56:6d:9d:2a:f9:a9:33:91:77:
d7:b8:55:39:f0:f6:54:a3:a6:dc:c0:e0:20:3c:fa:26:b0:01:
1a:66:1e:6a:72:1c:6a:0b:71:b8:51:08:3b:20:58:50:a3:a9:
c6:7f:bb:7f:a1:98:71:09:8b:6e:a8:eb:df:99:ea:d8:84:23:
13:eb
735
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
