怎样获取自己的SSL证书

时间:2023-03-09 03:43:53
怎样获取自己的SSL证书

原创文章,转载请注明出处:server非业余研究http://blog.****.net/erlib 作者Sunface


假设仅为了測试,那使用以下方法就可以:

測试证书创建:

1.创建证书的key

  1. $ openssl genrsa -out key.pem 1024

2.创建证书,注意这里的common name应该填你的server name

    

  1. $ openssl req -new -key key.pem -out request.pem
    2. 

  2. Country Name (2 letter code) [AU]:UA
    3. 

  3. State or Province Name (full name) [Some-State]:
    4. 

  4. Locality Name (eg, city) []:Kiev
    5. 

  5. Organization Name (eg, company) [Internet Widgits Pty Ltd]:site4fast blog
    6. 

  6. Organizational Unit Name (eg, section) []:.
    7. 

  7. Common Name (eg, YOUR name) []:site4fast.example.net
    8. 

  8. Email Address []:site4fast@example.net
    9. 

  9. Please enter the following 'extra' attributes
    10. 

  10. to be sent with your certificate request
    11. 

  11. A challenge password []:
    12. 

  12. An optional company name []:
    13.

3.证书签字

  1. $ openssl x509 -req -days 30 -in request.pem -signkey key.pem -out certificate.pem

4.至此,我们须要的測试证书已经创建好了:"self-signed certificate".

正式的证书创建步骤:

1.安装CA证书

  1. $ aptitude install ssl-cert ca-certificates

2.在startssl.com注冊

3.创建一个请求
  1. $ openssl req -new -newkey rsa:2048 -nodes -keyout www_privatekey.pem -out www_csr.pem
    

  1. Generating a 2048 bit RSA private key
    2. 

  2. ..................................++++++
    3. 

  3. ....................++++++
    4. 

  4. writing new private key to 'www_privatekey.pem'
    5. 

  5. -----
    6. 

  6. You are about to be asked to enter information that will be incorporated
    7. 

  7. into your certificate request.
    8. 

  8. What you are about to enter is what is called a Distinguished Name or a DN.
    9. 

  9. There are quite a few fields but you can leave some blank
    10. 

  10. For some fields there will be a default value,
    11. 

  11. If you enter '.', the field will be left blank.
    12. 

  12. -----
    13. 

  13. Country Name (2 letter code) [AU]:UA
    14. 

  14. State or Province Name (full name) [Some-State]:Some state
    15. 

  15. Locality Name (eg, city) []:Some City
    16. 

  16. Organization Name (eg, company) [Internet Widgits Pty Ltd]:Some Organisation
    17. 

  17. Organizational Unit Name (eg, section) []:IT
    18. 

  18. Common Name (eg, YOUR name) []:www.example.org
    19. 

  19. Email Address []:test@example.org
    20. 

  20. Please enter the following 'extra' attributes
    21. 

  21. to be sent with your certificate request
    22. 

  22. A challenge password []:
    23. 

  23. An optional company name []:
    24.

4.在发送之前验证请求的内容

  1. $ openssl req -in www_csr.pem -text -verify -noout

5.将请求发送给startssl.com,从站点请求一个新的证书。当须要CSR的时候将'www_csr.pem'填进去

6.从网页上复制证书。然后放入'www_certificate.pem'文件,然后检查文件的内容:
  1. $ openssl x509 -in www_certificate.pem -text -noout

7.測试server证书

  1. $ openssl verify www_certificate.pem

假设都正确。那就会看到OK的提示

  1. www_certificate.pem: OK

相关文章