安装openssl
# tar –zxvf openssl
# cd openssl
# ./config --prefix=/usr/local/openssl
# make
# make install
加密解密
传统加密(对称加密)
openssl enc –ciphername(
加密算法) –k password
(口令) –in file
(被加密的算法) -out
(输出文件)file
解密
openssl enc –ciphername –k password -d –in file -out file
加密算法有:base64,des,des3,rc2,rc5,aes256
例如:
/bin/openssl enc –des3 –k boobooke –in pt.txt –out ct.bin //
加密
/bin/openssl enc –des3 –d –k boobooke –in ct.bin –out pt1.txt //
解密
非对称加密
Generate the private/public key
Openssl genrsa –out file 1024
例如:
Openssl genrsa –out priv.key 1024 //
用rsa
算法生成私钥(priv.key)
Openssl rsa –in file –pubout
例如:
Openssl rsa –in priv.key –pubout>pub.key //
用私钥priv.key
生成公钥,
并重定向到pub.key
这个文件里面
Encrypt the file with public key
Openssl rsautl –in file –out file –inkey file –pubin –encrypt
例如:
Openssl rsautl –in test.txt –out test.bin –inkey pub.key –pubin –encrypt //
利用公钥文件(pub.key
)对text.txt
文件进行加密,生成加密后的文件text.bin
Decrypt the file the private key
Openssl rsautl –in file –out file –inkey file –decrypt
例如:
Openssl rsautl –in text.bin –out text1.txt –inkey priv.key –decrypt //
利用私钥priv.key
对公钥加密的text.bin
进行加密的文件进行解密,生成解密后的文件是text1.txt
Use openssl sign/verify functions(数字签名)
Generate the private/public key
生成密钥对
Openssl genrsa –out file 1024
Openssl rsa –in file –pubout
Sign the file with the private key
Openssl rsautl –in file –out file –inkey file –sign
例如:
Openssl rsatul –in test.txt –out test.sig –inkey priv.key –sign //
利用私钥对test.txt
进行加密也就是签名
Openssl rsautl –in file –out file –inkey file –pubin –verify
例如:
Openssl rsautl –in test.sig –out test2.txt –inkey pub.key –pubin –verify //
利用公钥对私钥加密后的文件(test.sig
)进行解密或是认证
Hash functions(hash函数)……MD5 SHA1
作用:主要是验证文件的完整性,没有被别人篡改!
Generate the md5 hash result
Openssl dgst –md5 file
或
Md5sum file
例如:
Openssl dgst –md5 openssl.tar.gz //
生成MD5
值
Md5sum openssl.tar.gz
Generate the sha1 hash result
Openssl dgst –sha1file
或
Sha1sum file
例如:
Openssl –dgst –sha1 openssl.tar.gz //
生成sha1
值
Install apache
Configure the environment
tar –zxvf httpd-2.0.63.tar.gz
cd httpd-2.0.63
./configure –prefix=/usr/local/apache –enable-ssl –with-ssl=/usr/local/openssl
make
make install
Configure ssl in apache
openssl req -new -x509 -days 30 -keyout server.key -out server.crt -subj '/CN=Test Only Certifiecate'
或者
Openssl req –new –x509 –days 365 –sha1 –nodes –newkey rsa:1024 keyout server.key –out server.crt –subj ‘/O=Seccure/OU=Seccure Labs/CN=
www.secdemo.com’
Cpy the .key and .crt file to the proper directory //
一般都是存放在apache
的conf
目录下面,具体存放路径是在apache
的配置文件中定义的
Vi httpd.conf
<IfModule mod_ssl.c>
Include conf/ssl.conf //ssl
的配置文件被包含在conf/ssl.conf
</IfModule>
Vi conf/ssl.conf
SSLCertificateKeyFile /usr/local/apache/conf/ssl.crt/server.key //server.key
存放路径
SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt //server.crt
存放路径
Apache2.2
直接启动apache
服务就可以启动SSL
Apache2.0
启动ssl
:apachectl startssl //
端口号为443
端口
Vi conf/ssl.conf
<Directory />
SSLRequireSSL //
此目录只允许使用https
协议访问
</Directory>
<Directory /usr/local/apache/htdocs/ssldemo>
SSLRequireSSL
</Directory> //
https
问,应为利用
以一般都是把一些需要中到<span times="" new="" roman';="" mso-hansi-font-family:="" 'times="" roman'"="" style="padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">点依然用http<span times="" new="" roman';="" mso-hansi-font-family:="" 'times="" roman'"="" style="padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">协议访问