Chinaunix首页 | 论坛 | 博客
  • 博客访问: 1734216
  • 博文数量: 297
  • 博客积分: 285
  • 博客等级: 二等列兵
  • 技术积分: 3006
  • 用 户 组: 普通用户
  • 注册时间: 2010-03-06 22:04
个人简介

Linuxer, ex IBMer. GNU https://hmchzb19.github.io/

文章分类

全部博文(297)

文章存档

2020年(11)

2019年(15)

2018年(43)

2017年(79)

2016年(79)

2015年(58)

2014年(1)

2013年(8)

2012年(3)

分类: LINUX

2015-09-17 13:33:52

本文基本上是参考openssl cookbook
http://blog.ivanristic.com/2013/10/openssl-cookbook-v1.1-released.html
openss Comman-dLine-HowTo: 
#check openssl version 

点击(此处)折叠或打开

  1. openssl version -a #verbose
  2. openssl version
#generate a private RSA key AES-128 (AES-192,AES-256 could be used)

点击(此处)折叠或打开

  1. openssl genrsa -aes128 -out fd.key 2048
#generate corresponding public key

点击(此处)折叠或打开

  1. openssl rsa -in fd.key -pubout -out fd-public.key
#generate a private DSA key  AES-128 (AES-192,AES-256 could be used)

点击(此处)折叠或打开

  1. openssl dsa -out dsa.key -aes128
#create a Certificate Signing Request

点击(此处)折叠或打开

  1. openssl req -new -key fd.key -out fd.csr
  2. openssl req -text -in fd.csr -noout       #check the CSR is correct
#create a brand-new CSR from an existing certificate

点击(此处)折叠或打开

  1. openssl x509 -x509toreq -in fd.crt -out fd.csr -signkey fd.key
#self sign own certificates

点击(此处)折叠或打开

  1. openssl x509 -req -days 365 -in fd.csr -signkey fd.key -out fd.crt
#create a self-signed certificate starting with a key alone

点击(此处)折叠或打开

  1. openssl req -new -x509 -days 365 -key fd.key -out fd.crt
#examining certificate

点击(此处)折叠或打开

  1. openssl x509 -text -in fd.crt -noout
#obtaining the list of supported suites

点击(此处)折叠或打开

  1. openssl ciphers -v 'ALL:COMPLEMENTOFALL'
  2. openssl ciphers -v -v 'ALL:COMPLEMENTOFALL'
  3. openssl ciphers -v 'RC4'             #list only cipher suites that are based on RC4
  4. openssl ciphers -v 'RC4+SHA'        #combine keywords select suites that use RC4 and SHA:
  5. openssl ciphers -v 'RC4:AES'        #to choose all suites that use RC4 or AES ciphers:
  6. openssl ciphers -v 'ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW'                #apache in httpd.conf SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
  7. openssl ciphers -v 'DES-CBC-SHA:DES-CBC3-SHA:RC4-SHA:AES256-SHA:@STRENGTH'            #@STRENGTH sort these suite in strength descending order

最常见的给httpd配置ssl.
其实只需要建公钥,私钥,然后create csr,然后self sign 一下即可。

阅读(1572) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~