查看证书信息
openssl x509
-in cert.pem -noout –text
查看私钥信息
openssl x509
-in cert.key -noout –text
生成证书文件和key文件,key密码为AAAA
openssl req -keyout cert.key -out cert.csr -newkey rsa:1024 -subj /C="JP"/ST="SAITAMA"/L="KAWAGUTI"/O="7PLUS"/OU="SYSTEM"/CN="TANAKA"/emailAddress="
tanaka@7plus.co.jp" -passout pass:AAAA
签署证书,证书存储格式为PEM
openssl x509 -req -days 126 -in cert.csr -CA server.crt -CAkey server.key -CAcreateserial -out cert.pem -CAserial server.srl -outform PEM
转换成PK12格式,原先key的密码为AAAA,给用户安装证书时的密码为123456
openssl pkcs12 -export -inkey cert.key -certfile server.crt -in cert.pem -out cert.p12 -passin pass:AAAA -passout pass:123456
撤销证书
openssl ca -revoke cert.pem
验证证书有效性
openssl verify -CAfile server.crt cert.pem
PEM格式转成DER格式
openssl x509 -inform PEM -outform DER -in cert.pem -out cert.der
失效证书列表生成
openssl ca -gencrl -config openssl.cnf -out list.crl