为linux生成并使用证书
生成证书
-
执行命令 openssl genrsa –out private.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes) ................................+++++ .......................................................+++++
-
执行命令 openssl req -new -key private.key -out csr.csr
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:CH State or Province Name (full name) [Some-State]:Shanghai Locality Name (eg, city) []:abc Organization Name (eg, company) [Internet Widgits Pty Ltd]:abc Organizational Unit Name (eg, section) []:abc Common Name (e.g. server FQDN or YOUR name) []:abc Email Address []:abc@abc.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:abc
-
执行命令 openssl x509 -req -days 365 -in csr.csr -signkey private.key -out certificate.crt
Signature ok subject=C = CH, ST = Shanghai, L = abc, O = abc, OU = abc, CN = abc, emailAddress = abc#abc.com Getting Private key
使用证书,以go语言为例
- 编写代码
// main.go import ( "github.com/gogf/gf/frame/g" ) func main() { g.Server().BindHandler("GET:/GetCurrentTime", HandleGetCurrentTime) g.Server().EnableHTTPS("certificate.crt", "private.key") g.Server().Run() }
- 编译并执行 go run main.go
2023-12-04T17:27:43+08:00 warning layer=rpc Listening for remote connections (connections are not authenticated nor encrypted) SERVER | DOMAIN | ADDRESS | METHOD | ROUTE | HANDLER | MIDDLEWARE ----------|---------|---------|--------|--------------------|------------------------------|------------- default | default | tls:443 | GET | /GetCurrentTime | main.HandleGetCurrentTime | ----------|---------|---------|--------|--------------------|------------------------------|------------- 2023-12-04 17:27:46.309 14752: https server started listening on [:443]
- 没有设置端口,启动端口默认展示443则认为证书配置成功