差異處
這裏顯示兩個版本的差異處。
| Both sides previous revision 前次修改 下次修改 | 前次修改 | ||
|
openssl [2018/12/29 21:04] jz |
openssl [2018/12/29 21:34] (目前版本) jz |
||
|---|---|---|---|
| 行 1: | 行 1: | ||
| ====== OpenSSL ====== | ====== OpenSSL ====== | ||
| - | ===== Gen key ===== | + | ===== Generate a Key ===== |
| <code> | <code> | ||
| openssl genrsa -out cakey.pem 4096 | openssl genrsa -out cakey.pem 4096 | ||
| </code> | </code> | ||
| - | ===== Gen CA ===== | + | ===== Generate CA ===== |
| <code> | <code> | ||
| openssl req -x509 -new -nodes -key cakey.pem -days 3650 -out cacert.pem | openssl req -x509 -new -nodes -key cakey.pem -days 3650 -out cacert.pem | ||
| </code> | </code> | ||
| - | ===== Gen cert key ===== | + | ===== Generate Cert key ===== |
| <code> | <code> | ||
| openssl genrsa -out key.pem 4096 | openssl genrsa -out key.pem 4096 | ||
| </code> | </code> | ||
| - | ===== Gen csr ===== | + | ===== Generate CSR ===== |
| <code> | <code> | ||
| openssl req -new -key key.pem -out csr.pem -sha256 | openssl req -new -key key.pem -out csr.pem -sha256 | ||
| 行 31: | 行 31: | ||
| </code> | </code> | ||
| - | Convert to pfx format | + | ==== Convert to pfx format ==== |
| <code> | <code> | ||
| openssl pkcs12 -export -out myserver.pfx -inkey myserver.key -in myserver.crt | openssl pkcs12 -export -out myserver.pfx -inkey myserver.key -in myserver.crt | ||
| </code> | </code> | ||
| - | Verify cert | + | ===== Single Cert ===== |
| - | <code> | + | |
| - | openssl x509 -noout -text -in cert.pem | + | |
| - | openssl req -noout -text -in | + | |
| - | </code> | + | |
| - | + | ||
| - | ===== Single cert ===== | + | |
| <code> | <code> | ||
| openssl genrsa -out bluenet-ride.com.key 4096 | openssl genrsa -out bluenet-ride.com.key 4096 | ||
| 行 56: | 行 51: | ||
| ===== View cert ===== | ===== View cert ===== | ||
| <code> | <code> | ||
| - | openssl x509 -noout -text -in cert.pem | ||
| openssl s_client -showcerts -connect encrypted.google.com:443 < /dev/null 2> /dev/null | openssl x509 -noout -enddate | openssl s_client -showcerts -connect encrypted.google.com:443 < /dev/null 2> /dev/null | openssl x509 -noout -enddate | ||
| + | openssl x509 -noout -text -in cert.pem | ||
| + | openssl req -noout -text -in req.pem | ||
| + | </code> | ||
| + | |||
| + | |||
| + | ===== Trust CA system-wide ===== | ||
| + | <code> | ||
| + | trust anchor ca.crt | ||
| + | # trust anchor --remove ca.crt | ||
| </code> | </code> | ||
| **Ref:** | **Ref:** | ||
| - | https://unix.stackexchange.com/questions/104623/how-to-get-servers-ssl-certificate-in-a-human-readable-form | + | * https://unix.stackexchange.com/questions/104623/how-to-get-servers-ssl-certificate-in-a-human-readable-form |
| + | * https://bbs.archlinux.org/viewtopic.php?id=235724 | ||
