首页 > 代码库 > http通过openssl转https
http通过openssl转https
1.创建CA服务器
详情可以参考我的另一篇文章 : http://www.cnblogs.com/zhaojiedi1992/p/zhaojiedi_linux_011_ca.html
1.1 创建必要的目录和文件
[root@localhost CA]# mkdir csr crl newcerts[root@localhost CA]# touch index.txt serial[root@localhost CA]# echo 01>serial
1.2 修改默认配置
[root@localhost CA]# vim /etc/pki/tls/openssl.cnf #编辑以下行, 设置默认的国家,省,城市,组织名,部门名countryName_default = CNstateOrProvinceName_default = HeNanlocalityName_default = ZhengZhouorganizationName_default = ZKYTorganizationalUnitName_default = Tech
1.3生成自签证书
[root@localhost CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)Generating RSA private key, 2048 bit long modulus........................................................................................................................................+++...+++e is 65537 (0x10001)[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3650You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter ‘.‘, the field will be left blank.-----Country Name (2 letter code) [CN]:State or Province Name (full name) [HeNan]:Locality Name (eg, city) [ZhengZhou]:Organization Name (eg, company) [ZKYT]:Organizational Unit Name (eg, section) [Tech]:Common Name (eg, your name or your server‘s hostname) []:ca.linuxpanda.comEmail Address []:
http通过openssl转https
声明:以上内容来自用户投稿及互联网公开渠道收集整理发布,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任,若内容有误或涉及侵权可进行投诉: 投诉/举报 工作人员会在5个工作日内联系你,一经查实,本站将立刻删除涉嫌侵权内容。