安装openssl
[root@iZf8z2qki98kfvb8k3iy3aZ ~]# yum install openssl
Last metadata expiration check: 0:08:40 ago on Tue 20 Feb 2024 02:57:39 PM CST.
Package openssl-1:1.1.1k-9.0.1.al8.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
生成私钥证书
[root@iZf8z2qki98kfvb8k3iy3aZ ~]# sudo openssl genrsa -out atcoin.com.cn.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
.....................................................................+++++
...............................................................................................................................................+++++
e is 65537 (0x010001)
[root@iZf8z2qki98kfvb8k3iy3aZ ~]# sudo openssl req -new -key atcoin.com.cn.key -out atcoin.com.cn.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:China
string is too long, it needs to be no more than 2 bytes long
Country Name (2 letter code) [XX]:ZG
State or Province Name (full name) []:ShangHai
Locality Name (eg, city) [Default City]:ShangHai
Organization Name (eg, company) [Default Company Ltd]:崇宁文化
Organizational Unit Name (eg, section) []:崇宁文化
Common Name (eg, your name or your server's hostname) []:atcoin.com.cn
Email Address []:atcoin@email.com.cn Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:P@ssw0rd
An optional company name []:崇宁文化
生成证书签发请求CSR(Certificate Signing Request)
[root@iZf8z2qki98kfvb8k3iy3aZ ~]# sudo openssl req -x509 -new -nodes -key atcoin.com.cn.key -days 3650 -out atcoin.com.cn.crt
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:ZG
State or Province Name (full name) []:ShangHai
Locality Name (eg, city) [Default City]:ShangHai
Organization Name (eg, company) [Default Company Ltd]:崇宁文化
Organizational Unit Name (eg, section) []:崇宁文化
Common Name (eg, your name or your server's hostname) []:atcoin.com.cn
Email Address []:atcoin@email.com.cn
OpenSSL工具自行签发CA(Certificate Authority)证书
该证书可以用于颁发SSL证书。如果不使用自签名CA证书,也可以选择使用可信任的第三方证书颁发机构(CA)进行颁发。以下是CA证书自签方法
[root@iZf8z2qki98kfvb8k3iy3aZ ~]# sudo openssl req -x509 -new -nodes -key atcoin.com.cn.key -days 3650 -out atcoin.com.cn.crt
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:ZG
State or Province Name (full name) []:ShangHai
Locality Name (eg, city) [Default City]:ShangHai
Organization Name (eg, company) [Default Company Ltd]:崇宁文化
Organizational Unit Name (eg, section) []:崇宁文化
Common Name (eg, your name or your server's hostname) []:atcoin.com.cn
Email Address []:atcoin@email.com.cn
颁发SSL证书
[root@iZf8z2qki98kfvb8k3iy3aZ ~]# sudo openssl x509 -req -in atcoin.com.cn.csr -CA atcoin.com.cn.crt -CAkey atcoin.com.cn.key -CAcreateserial -out atcoin.com.cn.crt -days 3650
Signature ok
subject=C = ZG, ST = ShangHai, L = ShangHai, O = \C3\A5\C2\B4\C2\87\C3\A5\C2\AE\C2\81\C3\A6\C2\96\C2\87\C3\A5\C2\8C\C2\96, OU = \C3\A5\C2\B4\C2\87\C3\A5\C2\AE\C2\81\C3\A6\C2\96\C2\87\C3\A5\C2\8C\C2\96, CN = atcoin.com.cn, emailAddress = atcoin@email.com.cn
Getting CA Private Key
:贪心算法)
:用表格来理解类、对象、属性以及动作(方法)很容易)
