centos下搭建openssl测试环境

最新推荐文章于 2022-10-25 16:57:33 发布
最新推荐文章于 2022-10-25 16:57:33 发布
阅读量1.1k 收藏 2
点赞数 1
分类专栏: Network
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/u011354817/article/details/105273642
版权

文章目录

创建CA

进入OPENSSLDIR

$ openssl version
OpenSSL 1.0.2k-fips  26 Jan 2017


$ openssl version -d
OPENSSLDIR: "/etc/pki/tls"


$ cd /etc/pki/tls
$ ll
total 12
lrwxrwxrwx 1 root root    49 Dec 30  2016 cert.pem -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
drwxr-xr-x 2 root root   117 Apr 22  2019 certs
drwxr-xr-x 2 root root    74 Apr 22  2019 misc
-rw-r--r-- 1 root root 10923 May 17  2017 openssl.cnf
drwxr-xr-x 2 root root     6 Sep 19  2017 private


$ cd misc/
$ ll
total 24
-rwxr-xr-x 1 root root 5178 Sep 19  2017 CA
-rwxr-xr-x 1 root root  119 Sep 19  2017 c_hash
-rwxr-xr-x 1 root root  152 Sep 19  2017 c_info
-rwxr-xr-x 1 root root  112 Sep 19  2017 c_issuer
-rwxr-xr-x 1 root root  110 Sep 19  2017 c_name

新建CA

执行./CA -newca,具体示范输入内容请见右侧注释:

$ ./CA -newca
CA certificate filename (or enter to create)    # 这里直接回车即可

Making CA certificate ...
Generating a 2048 bit RSA private key
.................................................
..............+++
..................+++
writing new private key to '/etc/pki/CA/private/./ca                                                                                                                  key.pem'
Enter PEM pass phrase:    # 输入密码,例如1234
Verifying - Enter PEM pass phrase:    # 重新输入1234
-----
You are about to be asked to enter information that                                                                                                                   will be incorporated
into your certificate request.
What you are about to enter is what is called a Dist                                                                                                                  inguished Name or a DN.
There are quite a few fields but you can leave some                                                                                                                   blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:AU    # AU
State or Province Name (full name) []:Some-State    # Some-State
Locality Name (eg, city) [Default City]:    # 回车
Organization Name (eg, company) [Default Company Ltd]:Internet Widgits Pty Ltd    # Internet Widgits Pty Ltd
Organizational Unit Name (eg, section) []:    # 回车
Common Name (eg, your name or your server's hostname) []:CA    # CA
Email Address []:    # 回车

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:    # 回车
An optional company name []:    # 回车
Using configuration from /etc/pki/tls/openssl.cnf
Enter pass phrase for /etc/pki/CA/private/./cakey.pem:    # 1234
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number:
            bc:3a:03:87:ac:bc:1d:71
        Validity
            Not Before: Apr  1 15:19:36 2020 GMT
            Not After : Apr  1 15:19:36 2023 GMT
        Subject:
            countryName               = AU
            stateOrProvinceName       = Some-State
            organizationName          = Internet Wid                                                                                                                  gits Pty Ltd
            commonName                = CA
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:65:6B:F4:FE:63:97:38:11:04:2A:6D:                                                                                                                  76:08:4D:81:55:20:0D:6B
            X509v3 Authority Key Identifier:
                keyid:E7:65:6B:F4:FE:63:97:38:11:04:                                                                                                                  2A:6D:76:08:4D:81:55:20:0D:6B

            X509v3 Basic Constraints:
                CA:TRUE
Certificate is to be certified until Apr  1 15:19:36                                                                                                                   2023 GMT (1095 days)

Write out database with 1 new entries
Data Base Updated

CA创建完毕,存放在:/etc/pki/CA。如果想重新创建,需要删除/etc/pki/CA。

$ cd /etc/pki/CA
$ ll
total 14
-rw------- 1 root root 4315 Apr  1 23:19 cacert.pem
-rw------- 1 root root 1005 Apr  1 23:19 careq.pem
drwx------ 2 root root    6 Apr  1 23:18 certs
drwx------ 2 root root    6 Apr  1 23:18 crl
-rw------- 1 root root  392 Apr  2 16:22 index.txt
drwx------ 2 root root  118 Apr  2 16:22 newcerts
drwx------ 2 root root   23 Apr  1 23:18 private
-rw------- 1 root root   17 Apr  2 16:22 serial

创建CA认证的服务器证书

创建未经CA认证的服务器证书与服务器CA认证请求文件

输入类似,Common Name要输入(SNI会用到),比如BUPT。

$ openssl req -newkey rsa:1024 -out req2.pem -keyout sslserverkey.pem
Generating a 1024 bit RSA private key
..........++++++
...++++++
writing new private key to 'sslserverkey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:AU
State or Province Name (full name) []:Some-State
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:Internet Widgits Pty Ltd
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:BUPT
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

CA对服务器的CA认证请求文件进行认证生成sslservercert.pem

# openssl ca -in req2.pem -out sslservercert.pem
Using configuration from /etc/pki/tls/openssl.cnf
Enter pass phrase for /etc/pki/CA/private/cakey.pem:    # 输入1234
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number:
            bc:3a:03:87:ac:bc:1d:72
        Validity
            Not Before: Apr  1 15:27:04 2020 GMT
            Not After : Apr  1 15:27:04 2021 GMT
        Subject:
            countryName               = AU
            stateOrProvinceName       = Some-State
            organizationName          = Internet Widgits Pty Ltd
            commonName                = BUPT
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Comment:
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier:
                AD:62:A1:74:00:86:72:D4:24:03:3E:F1:9D:51:90:7B:11:43:01:00
            X509v3 Authority Key Identifier:
                keyid:E7:65:6B:F4:FE:63:97:38:11:04:2A:6D:76:08:4D:81:55:20:0D:6B

Certificate is to be certified until Apr  1 15:27:04 2021 GMT (365 days)
Sign the certificate? [y/n]:y    # 输入y


1 out of 1 certificate requests certified, commit? [y/n]y    # y
Write out database with 1 new entries
Data Base Updated

到此,服务器需要的证书都已经具备了。

生成CA认证的客户端证书

创建未经CA认证的客户端证书与客户端CA认证请求文件

Common Name可以输入BUPT-Client。

$ openssl req -newkey rsa:1024 -out req1.pem -keyout sslclientkey.pem
Generating a 1024 bit RSA private key
.............++++++
...............................................................................++++++
writing new private key to 'sslclientkey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:AU
State or Province Name (full name) []:Some-State
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:Internet Widgits Pty Ltd
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:BUPT-Client
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

CA对客户端的CA认证请求文件进行认证生成sslclientcert.pem

$ openssl ca -in req1.pem -out sslclientcert.pem
Using configuration from /etc/pki/tls/openssl.cnf
Enter pass phrase for /etc/pki/CA/private/cakey.pem:
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number:
            bc:3a:03:87:ac:bc:1d:73
        Validity
            Not Before: Apr  1 15:30:46 2020 GMT
            Not After : Apr  1 15:30:46 2021 GMT
        Subject:
            countryName               = AU
            stateOrProvinceName       = Some-State
            organizationName          = Internet Widgits Pty Ltd
            commonName                = BUPT-Client
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Comment:
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier:
                22:04:72:D0:CC:A6:B7:4C:EA:01:53:C9:DB:E5:91:12:6B:D7:96:A7
            X509v3 Authority Key Identifier:
                keyid:E7:65:6B:F4:FE:63:97:38:11:04:2A:6D:76:08:4D:81:55:20:0D:6B

Certificate is to be certified until Apr  1 15:30:46 2021 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

到此,客户端需要的证书都已经具备了。

客户端与服务器数据交互

启动服务器

$ openssl s_server -cert sslservercert.pem -key sslserverkey.pem -CAfile cacert.pem                                                             Enter pass phrase for sslserverkey.pem:    # 输入1234
Using default temp DH parameters
ACCEPT

-----BEGIN SSL SESSION PARAMETERS-----
MFUCAQECAgMDBALAMAQABDDkJlRJ7pZXxw0q5rzJZ+L+M+9vaGyadOyylrNuAqAr
fuKIeysuRwqgGN2vgmGv69yhBgIEXoS0caIEAgIBLKQGBAQBAAAA
-----END SSL SESSION PARAMETERS-----

Shared ciphers:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-A                                                        ES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DH-DSS-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DH                                                        -RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DH-RSA-AES256-SHA                                                        256:DH-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DH-RSA-AES256-SHA:DH-DSS-AES256-SHA:DHE-RSA-CAM                                                        ELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:DH-RSA-CAMELLIA256-SHA:DH-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:                                                        ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AE                                                        S256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AE                                                        S128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:                                                        DH-DSS-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DH-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-                                                        AES128-SHA256:DHE-DSS-AES128-SHA256:DH-RSA-AES128-SHA256:DH-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES12                                                        8-SHA:DH-RSA-AES128-SHA:DH-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DH-RSA-SEED-SHA:DH-DSS-SEED-SHA:DH                                                        E-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:DH-RSA-CAMELLIA128-SHA:DH-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GC                                                        M-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH                                                        -ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:ECDHE-RSA-DES-CBC3-SHA:E                                                        CDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DH-RSA-DES-CBC3-SHA:DH-DSS-DES-CBC3-SHA:ECDH                                                        -RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:IDEA-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH                                                        -RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5

Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA                                                        256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1

Shared Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:                                                        DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1

Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2
Supported Elliptic Curves: P-256:P-521:P-384:secp256k1
Shared Elliptic curves: P-256:P-521:P-384:secp256k1
CIPHER is ECDHE-RSA-AES256-GCM-SHA384
Secure Renegotiation IS supported

完成后服务器处于监听状态。

使用客户端发起安全连接

新建一个终端,进入对应目录,发起安全连接。

$ openssl s_client -CAfile cacert.pem
CONNECTED(00000003)
depth=1 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = CA
verify return:1
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = BUPT
verify return:1
---
Certificate chain
 0 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=BUPT
   i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=CA
 1 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=CA
   i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDIDCCAgigAwIBAgIJALw6A4esvB1yMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQxCzAJBgNVBAMMAkNBMB4XDTIwMDQwMTE1MjcwNFoXDTIx
MDQwMTE1MjcwNFowVDELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDENMAsGA1UEAwwEQlVQ
VDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtgnZu6ho9B4KeQTPKfw8KuZ7
SPiIpvN7bDQb7yEH8lXdcw0NB+VB/iZuT/cwwAWlXJNW0qokAxFn6lt8QMtubnUs
vRjY31Tg7cTmcxArwP8kBXF4M4GGXqR9wEI9hvbTJfuwqRB5vkNfvSjBH0hdzgp9
YM7mUbcFNt5W0z+0CzUCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0E
HxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFK1ioXQA
hnLUJAM+8Z1RkHsRQwEAMB8GA1UdIwQYMBaAFOdla/T+Y5c4EQQqbXYITYFVIA1r
MA0GCSqGSIb3DQEBCwUAA4IBAQA7631/iAO/poTvnkNzUKxW/WOQoo6AavZoEN1s
MlYpIKp2dzHB/b/TFBEC0PIK5EpRifSXS4t+v1IGVZecqYExsy4yX0U/jPXcQbmO
NYwrgFvMG3k0/5qBuZNuYw7KYLtAIstl+V8/LcRK3c76znrAb29stU6g5hEgmVUY
/k7K7JG8AprC5fU1pRaourhykbFCx7LxFyMzv2cwNoNkYmaU45SZGo8QBa0WWZuy
tAHWCflq2RqEaccFu1i3PSrkCaOUCXTbOvoM0pqjLgraU1gS/6bsseYd4aiOpfhz
b9pdF+0n3FU1LG7LoQphpDXCH/mergr8+J5MF1PdqbdIki53
-----END CERTIFICATE-----
subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=BUPT
issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=CA
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2229 bytes and written 415 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 752478828F0D3861FF1542233342F49A0FC8B04776A40F400C614629E35D4CC5
    Session-ID-ctx:
    Master-Key: E4265449EE9657C70D2AE6BCC967E2FE33EF6F686C9A74ECB296B36E02A02B7EE2887B2B2E470AA018DDAF8261AFEB                                                        DC
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - c6 ab 1d b0 bc 9f 85 09-c2 8e 6b 4b f3 ed 63 70   ..........kK..cp
    0010 - be 56 ff 63 51 9e fb cb-a7 86 df 5c 4a 48 e2 ce   .V.cQ......\JH..
    0020 - 67 0a c5 39 a0 69 03 9a-16 93 c7 6b ed e0 d1 9b   g..9.i.....k....
    0030 - 0a 1c d3 7e 67 d9 1b 6c-85 be 49 67 af 83 50 57   ...~g..l..Ig..PW
    0040 - 97 84 9d 18 27 5f 99 85-83 9f 5a 70 cd da b4 0a   ....'_....Zp....
    0050 - a9 49 10 25 7a 45 40 5e-d5 27 58 57 a8 10 b7 70   .I.%zE@^.'XW...p
    0060 - fd 8e 95 cd 7e 87 fd 1d-e8 11 32 3d d0 c2 e8 1c   ....~.....2=....
    0070 - dc c2 5c 60 ed 78 07 4c-88 91 55 86 a2 45 bb 51   ..\`.x.L..U..E.Q
    0080 - 3c 34 23 36 67 a7 4d 7b-6b d3 17 29 e7 2f 31 59   <4#6g.M{k..)./1Y
    0090 - 34 fd f3 86 c3 80 90 90-ad 18 55 f0 17 ee 0b 56   4.........U....V

    Start Time: 1585755249
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

之后,我们在服务器和客户端输入字符即可实现数据传送。

参考

ubuntu下openssl测试环境构建与安全连接测试实例全解

Loong Tu
关注
  • 1
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
compat-openssl10-1.0.2o-3.el8.x86_64.rpm
03-08
openssl10
centos上安装openssl
最新发布
weixin_39291964的博客
04-17 839
OpenSSL官方资源。
CentOS:安装MySQL
yimtcode
07-02 104
CentOS7安装MySQL 一、下载MySQL # 下载 wget https://repo.mysql.com//mysql57-community-release-el7-11.noarch.rpm 二、安装MySQL sudo rpm -Uvh mysql57-community-release-el7-11.noarch.rpm sudo yum install mysql-community-server 三、启动MySQL sudo systemctl start mysqld.servi
openssl s_client s_server双向认证
来说意义非凡3
03-05 9362
1 自建CA-certs目录[root@localhost ~]# tree tls tls ├── 1 │   ├── 1.crt │   ├── 1.csr │   └── 1.key ├── 2 │   ├── 2.crt │   ├── 2.csr │   └── 2.key ├── certs ├── crl ├── index.txt ├── index.txt.attr ├── in...
OpenSSL中服务端和客户端加密通信中密钥生成过程
lionzl的专栏
04-16 1266
OK, for anyone finding this in the future, you need to create your certificates and sign them appropriately.Here are the commands for linux: //Generate a private key openssl genrsa -des3 -out server
Linux命令之openssl命令
热门推荐
月生的静心苑
10-25 1万+
openssl是一个功能极其强大的命令行工具,可以用来完成公钥体系(Public Key Infrastructure)及HTTPS相关的很多任务。openssl是一个强大的安全套接字层密码库,囊括主要的密码算法、常用的密钥和证书封装管理功能及SSL协议,并提供丰富的应用程序供测试或其它目的使用。   openssl有两种运行模式:交互模式和批处理模式。...
OPENSSL s_client 实例测试- SSL连接双向验证
wk59121的专栏
11-06 3782
在特殊情况下,我们需要使用TLS的双向认证,大部分网站都是支持双向认证的,但是并不是强制的。 在连接网站时,我们只关注这个网站是不是经过认证的网站,而不是钓鱼网站。但很少有网站要求,客户端必须是我允许的,经过我认证的,才可以连接。 在此我们对双向验证做个测试,使用的公司必须进行双向认证的服务器。 测试分为三个: 1、不带证书,连接服务器 2、带错误证书,连接服务器 3、带正确证书连接服务器 测试准备 操作工具:OPENSSL 可自行下载安装。 自签名证书,自签名证书的私钥 ...
centos 7.2下搭建LNMP环境教程
01-20
本机环境:服务器是阿里云ECS;使用的镜像是:公共镜像 CENTOS 7.2  一.nginx安装 1.下载对应当前系统版本的nginx包(package) ​ wget ...
CentOS7下java环境搭建教程
08-31
CentOS是自带OpenJDK的,但遗憾的是有些软件需要在OracleJDK下才能正常的工作,所以需要卸载并重新安装。接下来通过本文给大家分享CentOS7下java环境搭建教程,一起看看吧
CentOS 7 搭建 LAMP 环境与配置
01-09
该博文将介绍 LAMP 架构和在 CentOS 7 下搭建 LAMP 环境的过程。 LAMP 架构介绍 LAMP 就是 Linux + Apache + MySQL + PHP 的缩写。 1、Linux 就是我们已经安装的 CentOS 7 Linux 操作系统。 2、Apache 就是一个 ...
详解Centos6.5下docker 环境搭建
09-15
本篇文章主要介绍了详解Centos6.5下docker 环境搭建,小编觉得挺不错的,现在分享给大家,也给大家做个参考。一起跟随小编过来看看吧
centos7环境下的人工智能环境搭建
09-08
人工智能基础环境搭建部署是指在 CentOS 7 环境下安装和配置人工智能相关的开发环境,本文将详细介绍如何在 CentOS 7 环境搭建人工智能环境。 一、 Anaconda 3 安装 Anaconda 3 是一个流行的数据科学平台,提供...
OPENSSL s_client 实例测试- SSL连接单向验证
wk59121的专栏
11-06 7774
近日在开发项目时使用到wifi,3/4G通讯。 由于行业问题,当连接服务器时需要对服务器,客户端做双向认证。 在行业内,设备需要进行PCI认证,所有的通讯必须进行加密,连接服务器必须支持双向认证,以保证连接的服务器是安全的,保证客户端设备是授权的。 测试准备 操作工具:OPENSSL 可自行下载安装。 客户端证书,以及客户端私钥。 测试过程 以下过程我们以: www.baidu.com 为服务器,测试客户端。 openssl版本信息 C:\Users\Risten&gt...
openssl
perry_peng的专栏
01-13 696
NAME opensslOpenSSL command line tool SYNOPSIS openssl command [ command_opts ] [ command_args ] openssl [ list-standard-commands | list-message-digest-commands | list-cipher-commands ] op
学习笔记之openssl、文件加密、CA证书的创建
Ghost_02的博客
11-13 3145
1.openssl 的基础知识     首先openssl的英文是Secure Sockets Laye。安全套接层协议。可以在Internet上提供秘密性传输。 SSL能使用户/服务器应用之间的通信不被攻击者窃听,并且始终对服务器进行认证,还可选择对用户进行认证。SSL协议要求建立在可靠的传输层协议(TCP)之上。SSL协议的优势在于它是与应用层协议独立无关的。 高层的应用层协议(例如:H
OpenSSL - 学习/实践
william_n的博客
10-25 1062
主要用于学习openssl使用在项目中。
OpenSSL 基础命令
qq440983的博客
07-28 7601
OpenSSL功能之强大,命令组合用法之多,往往让我们的学习不知所措。在此,我们来对openssl命令的使用做一个总结。
rabbitmq安装以及问题解决
weixin_41810484的博客
06-28 1141
最近公司使用到了rabbitmq,现在分享一下安装过程记录一下。总的来说安装还是挺简单,最重要的一点是要记住版本对应上! 不同的centOS下载不同的安装包因为rabbitmq是erlang语言开发的,所以要先安装erlang(就像java程序需要安装jdk一个道理)下载地址 rabbitmq https://github.com/rabbitmq/rabbitmq-server/releases erlang https://github.com/rabbitmq/erlang-rpm/rel
基于centos7搭建syslog测试环境
07-14
要在基于CentOS 7的系统上搭建Syslog测试环境,您可以按照以下步骤进行操作: 1. 安装rsyslog软件包: ``` sudo yum install rsyslog ``` 2. 配置rsyslog服务器: - 编辑rsyslog配置文件: ``` sudo vi /etc/rsyslog.conf ``` - 注释掉以下两行,以允许接收远程Syslog消息: ``` #$ModLoad imtcp #$InputTCPServerRun 514 ``` - 添加以下行,以允许接收远程UDP Syslog消息(可选): ``` $ModLoad imudp $UDPServerRun 514 ``` - 保存并关闭文件。 3. 配置rsyslog客户端: - 编辑rsyslog配置文件: ``` sudo vi /etc/rsyslog.conf ``` - 添加以下行,指定将日志消息发送到Syslog服务器的IP地址和端口: ``` *.* @syslog_server_ip:514 ``` 将 `syslog_server_ip` 替换为您实际的Syslog服务器IP地址。 - 保存并关闭文件。 4. 重启rsyslog服务: ``` sudo systemctl restart rsyslog ``` 5. 测试Syslog环境: - 在客户端上生成一些测试日志消息: ``` logger "This is a test message" ``` - 在服务器上检查是否收到了这些日志消息: ``` sudo tail -f /var/log/messages ``` 这样,您就在基于CentOS 7的系统上搭建了一个简单的Syslog测试环境。请注意,具体的配置可能因实际需求和使用的Syslog软件版本而有所不同。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值