目录()[-]
介绍
语法
-new
-subj 替换或指定证书申请者的个人信息
-newkey arg 生成私钥和证书请求类似与-new-xf09 生成自签名证书
产生自签名的root CA
证书请求及签名
<opensl req> <fym0121@163com>
介绍
openssl req 用于生成证书请求,以让第三方权威机构CA来签发,生成我们需要的证书。req 命令也可以调用x509命令,以进行格式转换及显示证书文件中的text,modulus等信息。如果你还没有密钥对,req命令可以一统帮你生成密钥对和证书请求,也可以指定是否对私钥文件进行加密。
语法
openssl req[-inform PEM|DER] [-outform PEM|DER] [-in filename] [-passin arg] [-out filename] [-passout arg] [-text] [-pubkey] [-noout] [-verify] [-modulus] [-new] [-rand file(s)] [-newkey rsa:bits] [-newkey alg:file] [-nodes] [-key filename] [-keyform PEM|DER] [-keyout filename] [-keygen_engine id] [-[digest]] [-config filename] [-subj arg] [-multivalue-rdn] [-x509] [-days n] [-set_serial n] [-asn1-kludge] [-no-asn1-kludge] [-newhdr] [-extensions section] [-reqexts section] [-utf8] [-nameopt] [-reqopt] [-subject] [-subj arg] [-batch] [-verbose] [-engine id]
-new
这个选项用于生成一个新的证书请求,并提示用户输入个人信息。如果没有指定-key 则会先生成一个私钥文件,再生成证书请求。
[cpp] view plain copy print
E:\OpenSSL\foo>openssl req -new -key rsa_pri_nopwpem -out crspemLoading 'screen' into random state - doneYou are about to be asked to enter information that will be incorporatedinto your certificate request
What you are about to enter is what is called a Distinguished Name or a DN
There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '', the field will be left blank
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:HeBeiLocality Name (eg, city) []:SJZ
Organization Name (eg, company) [Internet Widgits Pty Ltd]:CCITOrganizational Unit Name (eg, section) []:CCITCommon Name (eg, YOUR name) []:fym
Email Address []:fym0121@163com
Please enter the following 'extra' attributesto be sent with your certificate request
A challenge password []:
An optional company name []:
E:\OpenSSL\foo>ls
crspem
rsa_pri_nopwpem
没有指定-key选项时,会生成私钥文件,默认是有密码保护的,-nodes(no des),可以明确指定不需要密码保护。-keyout可以指定生成的私钥文件名,-pubout可以指定生成的公钥文件名[cpp] view plain copy print
openssl req -new -out crspem
openssl req -new -out crspem -nodes
-subj 替换或指定证书申请者的个人信息
格式是:/type0=value0/type1=value1/type2=(其中C是Country,ST是state,L是local,O是Organization,OU是Organization Unit,CN是common name)[cpp] view plain copy print
E:\OpenSSL\foo>openssl req -new -key rsa_pri_nopwpem -out crspem -subj /C=CN/ST=HB/L=SJZ/O=CCIT/OU=CCIT/CN=fym/emailAddress=fym0121@163comLoading 'screen' into random state - done-newkey arg 生成私钥和证书请求,类似与-newarg的格式是rsa:nbit ,还有几个格式,我只能看懂这个[cpp] view plain copy print
openssl req -newkey rsa:1024 -out crspem-xf09 生成自签名证书
[cpp] view plain copy print
openssl req -newkey rsa:1024 -x509 -nodes -out selfsingpem-config 指定配置文件,参见config
产生自签名的root CA
1、建立目录结构(参加ca directory structure)假设当前工作目录为E:\OpenSSL\foo,在此目录下建立以下目录结构[cpp] view plain copy print
E:\OpenSSL\foo>mkdir demoCA
E:\OpenSSL\foo>mkdir demoCA\private demoCA\newcerts在demoCA目录下建立两个空文件,serial和indextxt,并向serial文件中写入"01"两个字符2、产生自签名证书,作为root ca使用
[cpp] view plain copy print
E:\OpenSSL\foo>openssl req -new -x509 -keyout cakeypem -out cacertpem提示输入密码保护私钥,和自签名root ca的信息。生成两个文件,将cakeypem放到demoCA\private目录下,将cacertpem放到demoCA目录下。
[cpp] view plain copy print
E:\OpenSSL\foo>move cacertpem demoCA
E:\OpenSSL\foo>move cakeypem demoCA\private至此,root ca已经建立完毕。
证书请求及签名
1、生成请求
[cpp] view plain copy print
E:\OpenSSL\foo>openssl req -new -nodes -out reqpem提示输入个人信息,最后生成reqpem证书请求文件。
2、签名,生成证书
[cpp] view plain copy print
E:\OpenSSL\foo>openssl ca -in reqpem -out newcertpemUsing configuration from e:\OpenSSL\bin\opensslcfgLoading 'screen' into random state - doneEnter pass phrase for /demoCA/private/cakeypem:
Check that the request matches the signatureSignature ok
在dos下键入netstat -an
可查到当前开放的端口
如:
C:\>netstat -an
Active Connections
Proto Local Address Foreign Address State
TCP 0000:80 0000:0 LISTENING
TCP 0000:21 0000:0 LISTENING
TCP 0000:7626 0000:0 LISTENING
UDP 0000:445 0000:0
UDP 0000:1046 0000:0
UDP 0000:1047 0000:0
以上就是关于怎么通过https+ip+443端口访问pay.php这个文件全部的内容,包括:怎么通过https+ip+443端口访问pay.php这个文件、怎样查看443这个端口是否是开放的、等相关内容解答,如果想了解更多相关内容,可以关注我们,你们的支持是我们更新的动力!
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)