Openssl自建CA

最新推荐文章于 2023-11-30 23:13:57 发布

weixin_30552811

最新推荐文章于 2023-11-30 23:13:57 发布

阅读量63

点赞数

原文链接：http://www.cnblogs.com/lowezheng/p/10183894.html

版权

查看证书相关指令

# 查看公钥数字证书
openssl x509 -in cacert.pem -noout -text

# 查看私钥数字证书
openssl pkcs12 -in client-cert.pfx  -info

# 查看公钥，私钥
openssl rsa -in key.pem -noout -text

自建CA证书颁发

# CA私钥生成
openssl genrsa -out ca.key.pem 2048

# 自签名根证书生成
openssl req -new  -x509 -days 3650 -subj "/CN=CA/OU=APEX/O=APEX/L=FZ/ST=FJ/C=CN" -key ca.key.pem -out ca.crt.pem


# 服务端证书(私钥)
openssl genrsa -out server.key.pem 2048

# 服务端证书请求
openssl req -new -subj "/CN=emqx.server/OU=APEX/O=APEX/L=FZ/ST=FJ/C=CN" -key server.key.pem -out server.req

# CA签发证书
openssl x509 -req -days 3650 -in server.req -CA ca.crt.pem -CAkey ca.key.pem -CAcreateserial -out server.crt.pem



# 客户端证书(私钥)
openssl genrsa -out client.key.pem 2048

# 客户端证书请求
openssl req -new -subj "/CN=emqx.client/OU=APEX/O=APEX/L=FZ/ST=FJ/C=CN" -key client.key.pem -out client.req

# CA签发证书
openssl x509 -req -days 3650 -in client.req -CA ca.crt.pem -CAkey ca.key.pem -CAcreateserial -out client.crt.pem



# 私钥格式转换为pkcs8,否则无法读取
openssl pkcs8 -topk8 -inform PEM -in client.key.pem -outform PEM -nocrypt -out client.key.pkcs8.pem

转载于:https://www.cnblogs.com/lowezheng/p/10183894.html