本文基本上是参考openssl cookbook
http://blog.ivanristic.com/2013/10/openssl-cookbook-v1.1-released.html
openss Comman-dLine-HowTo:
#check openssl version
-
openssl version -a #verbose
-
openssl version
#generate a private RSA key AES-128 (AES-192,AES-256 could be used)
-
openssl genrsa -aes128 -out fd.key 2048
#generate corresponding public key
-
openssl rsa -in fd.key -pubout -out fd-public.key
#generate a private DSA key AES-128 (AES-192,AES-256 could be used)
-
openssl dsa -out dsa.key -aes128
#create a Certificate Signing Request
-
openssl req -new -key fd.key -out fd.csr
-
openssl req -text -in fd.csr -noout #check the CSR is correct
#create a brand-new CSR from an existing certificate
-
openssl x509 -x509toreq -in fd.crt -out fd.csr -signkey fd.key
#self sign own certificates
-
openssl x509 -req -days 365 -in fd.csr -signkey fd.key -out fd.crt
#create a self-signed certificate starting with a key alone
-
openssl req -new -x509 -days 365 -key fd.key -out fd.crt
#examining certificate
-
openssl x509 -text -in fd.crt -noout
#obtaining the list of supported suites
-
openssl ciphers -v 'ALL:COMPLEMENTOFALL'
-
openssl ciphers -v -v 'ALL:COMPLEMENTOFALL'
-
openssl ciphers -v 'RC4' #list only cipher suites that are based on RC4
-
openssl ciphers -v 'RC4+SHA' #combine keywords select suites that use RC4 and SHA:
-
openssl ciphers -v 'RC4:AES' #to choose all suites that use RC4 or AES ciphers:
-
openssl ciphers -v 'ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW' #apache in httpd.conf SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
-
openssl ciphers -v 'DES-CBC-SHA:DES-CBC3-SHA:RC4-SHA:AES256-SHA:@STRENGTH' #@STRENGTH sort these suite in strength descending order
最常见的给httpd配置ssl.
其实只需要建公钥,私钥,然后create csr,然后self sign 一下即可。
阅读(1634) | 评论(0) | 转发(0) |