首页 > 代码库 > http通过openssl转https

http通过openssl转https

1.创建CA服务器

详情可以参考我的另一篇文章 : http://www.cnblogs.com/zhaojiedi1992/p/zhaojiedi_linux_011_ca.html

1.1 创建必要的目录和文件

[root@localhost CA]# mkdir csr crl newcerts[root@localhost CA]# touch index.txt serial[root@localhost CA]# echo 01>serial

1.2 修改默认配置

[root@localhost CA]# vim /etc/pki/tls/openssl.cnf #编辑以下行, 设置默认的国家,省,城市,组织名,部门名countryName_default             = CNstateOrProvinceName_default     = HeNanlocalityName_default    = ZhengZhouorganizationName_default        = ZKYTorganizationalUnitName_default  = Tech  

1.3生成自签证书

[root@localhost CA]# (umask 077;openssl  genrsa -out private/cakey.pem 2048)Generating RSA private key, 2048 bit long modulus........................................................................................................................................+++...+++e is 65537 (0x10001)[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3650You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter ., the field will be left blank.-----Country Name (2 letter code) [CN]:State or Province Name (full name) [HeNan]:Locality Name (eg, city) [ZhengZhou]:Organization Name (eg, company) [ZKYT]:Organizational Unit Name (eg, section) [Tech]:Common Name (eg, your name or your servers hostname) []:ca.linuxpanda.comEmail Address []:

 

http通过openssl转https