OpenSSL(创建CA和申请证书)

OpenSSL的配置文件etc/pki/tls/openssl.cnf,下面有一些重要的配置,里面的一下目录和文件需要手动创建
name_opt        = ca_default            #  主题名称选项默认ca_default               
cert_opt        = ca_default            # 证书字段选项默认ca_default 
[ CA_default ]                          #默认配置

dir             = /etc/pki/CA           # 默认文件存放的目录,定义的一个dir变量
certs           = $dir/certs            # 签发的证书存放位置
crl_dir         = $dir/crl              #吊销的证书存放文件
database        = $dir/index.txt        #颁发过的证书索引文件
#unique_subject = no                    #能不能设置相同的证书,默认被注释
                                        # several ctificates with same subject.
new_certs_dir   = $dir/newcerts         #新证书默认存放的目录

certificate     = $dir/cacert.pem       #CA的自签证书的名字和存放目录
serial          = $dir/serial           #指明证书序列号,只第一次需要指定  
crlnumber       = $dir/crlnumber        # the current crl number
                                        #吊销证书的序列号,第一次需要指定
crl             = $dir/crl.pem          # The current CRL
private_key     = $dir/private/cakey.pem #CA私钥的文件名和存放文件固定路径
RANDFILE        = $dir/private/.rand    #伪随机数文件

x509_extensions = usr_cert              # The extentions to add to the cert

# Comment out the following two lines for the "traditional"
# (and highly broken) format.
name_opt        = ca_default            # Subject Name options
cert_opt        = ca_default            # Certificate field options

# Extension copying option: use with caution.
# copy_extensions = copy

# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crlnumber must also be commented out to leave a V1 CRL.
# crl_extensions        = crl_ext

default_days    = 365                   #证书的默认有效期
default_crl_days= 30                    # 吊销证书默认声明有效期
default_md      = sha256                #默认的生成算法
preserve        = no                    # keep passed DN ordering   

# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy          = policy_match           #指定默认的CA属性

# For the CA policy  
[ policy_match ]
countryName             = match     #证书申请时填写的国家,参数match必须CA同一个国家
stateOrProvinceName     = match     #客户机申请时填写省份
organizationName        = match     #机构名称
organizationalUnitName  = optional  #部门,参数optional可以和CA不同
commonName              = supplied  #通用名称
emailAddress            = optional  #邮箱

# For the 'anything' policy                           #另外一套CA属性,规则比较宽松
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]                     
countryName             = optional                    #允许跨国家、地区申请证书
stateOrProvinceName     = optional
localityName            = optional
organizationName        = optional
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional

[ req ]                                               #向CA证书签署发起注册请求相关属性
default_bits            = 2048
default_md              = sha256
default_keyfile         = privkey.pem
distinguished_name      = req_distinguished_name
attributes              = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert

创建自签证书

创建私钥
[root@centos7 /etc/pki/CA]#(umask 077;openssl genrsa -out /etc/pki/CA/private/cakey.pem -des3 1024)   
Generating RSA private key, 1024 bit long modulus    #密钥默认是1024位加密,也可以在命令尾部指定
.............++++++
.................................+++
........................+++
e is 65537 (0x10001)
Enter pass phrase for /etc/pki/CA/private/cakey.pem:         设置密码
Verifying - Enter pass phrase for /etc/pki/CA/private/cakey.pem:    设置密码
[root@CentOS7.3  /etc/pki/CA/private]#cat cakey.pem 
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,B63B4943DA7D30F0      DES-EDE3     显示加密
[root@CentOS7.3 ~]#touch /etc/pki/CA/index.txt       #创建证书索引文件
[root@CentOS7.3 ~]#echo 01 > /etc/pki/CA/serial      #指定证书颁发的两位16进制数
[root@CentOS7.3 ~]#echo 01 > /etc/pki/CA/crlnumber   #指定证书吊销的序号
[root@CentOS7.3 ~]#touch /etc/pki/CA/private/.rand   #创建伪随机数文件
[root@CentOS7.3 ~]#openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem
 -out /etc/pki/CA/cacert.pem -days 7300     
#创建自签证书 -new:生成新证书签署请求;-x509:生成自签格式证书,专用于创建私有CA时;
#-key:生成请求时用到的私有文件路径;-out:生成的请求文件路径;如果自签操作将直接生成签署过的证书;
#-days:证书的有效时长,单位是day;
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----                                                           #1国家、省州、部门 
Country Name (2 letter code) [XX]:CN                         #填写CA所在的国家,格式为国家代码
State or Province Name (full name) []:xxxxxx                 #填写所在的州或省
Locality Name (eg, city) [Default City]:xxxxxx               #填写所在的城市
Organization Name (eg, company) [Default Company Ltd]:CentOS #机构名称
Organizational Unit Name (eg, section) []:CA                 #部门名称
Common Name (eg, your name or your server's hostname) []:    #通用名称,服务器的主机名
Email Address []:                                            #邮箱地址

[root@CentOS7.3 ~]#openssl x509 -in /etc/pki/CA/cacert.pem -noout -text     #查看生成的证书,信息有省略
Certificate:  
    Data: 
        Version: 3 (0x2)
        Serial Number: 11088094993200996766 (0x99e0d3a62988619e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=CN, ST=HeNan, L=ZhengZhou, O=CAServer, OU=CA, CN=www.CAServer.com    #颁发机构的信息
        Validity
            Not Before: Jul 17 14:50:30 2017 GMT
            Not After : Jul 12 14:50:30 2037 GMT
        Subject: C=CN, ST=HeNan, L=ZhengZhou, O=CAServer, OU=CA, CN=www.CAServer.com   #申请者的信息
给客户端颁发证书
生成私钥路径 根据应用web或 ftp放在各自配置文件夹 ,不需要放一起,自定义路径
cd /etc/pki/tls 私钥文件放在private 证书放在certs 后期应用放在openssl.crt里面
[root@CentOS6.9 ~]#(umask 077;openssl genrsa -out /etc/pki/tls/private/test.key 1024)  
                                                                #在客户端生成私钥
Generating RSA private key, 1024 bit long modulus
..............................++++++
.......++++++
e is 65537 (0x10001)
[root@CentOS6.9 ~]#openssl req -new -key /etc/pki/tls/private/test.key -out
 /etc/pki/tls/test.pem                                           #生成证书申请文件
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN                            #国家,必须和CA相同
State or Province Name (full name) []:HeNan                     #州或者省份,必须和CA相同
Locality Name (eg, city) [Default City]:zz                      #城市,可以自定义
Organization Name (eg, company) [Default Company Ltd]:CAServer  #机构名必须和CA相同
Organizational Unit Name (eg, section) []:test                  #部门名称,可以自定义
Common Name (eg, your name or your server's hostname) []:test.com     #服务器名称
Email Address []:                                                  #邮箱地址可以忽略
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:admin                                   #设置密码加密
An optional company name []:admin
[root@CentOS6.9 ~]#scp /etc/pki/tls/test.pem root@172.18.xx.xxx:/etc/pki/CA 
                                                                #把他发送到CA服务器上
将证书颁发给请求者centos6
[root@CentOS7.3 CA]#openssl ca -in test.pem -out certs/test.crt -days 365   
  #请求文件test.pem    生成文件certs/test.crt    时间1年
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)   #1是十进制,(0x1)是16进制
        Validity
            Not Before: Jul 17 16:14:46 2017 GMT
            Not After : Jul 17 16:14:46 2018 GMT
        Subject:
            countryName               = CN
            stateOrProvinceName       = HeNan
            organizationName          = CAServer
            organizationalUnitName    = test
            commonName                = test.com
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                3B:F1:1B:6B:88:C2:17:35:19:2E:35:90:C6:22:6E:69:10:FF:B4:02
            X509v3 Authority Key Identifier: 
                keyid:60:3C:95:CB:A1:63:DC:0C:FC:1B:85:22:B3:4D:FD:FB:3B:5E:A4:B8

Certificate is to be certified until Jul 17 16:14:46 2018 GMT (365 days)#有效期1年
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries    #增加一条新纪录
Data Base Updated
[root@CentOS7.3 CA]#cat serial      
02                                                   #下一个证书的编号
[root@CentOS7.3 CA]#cat index.txt    
V    180717161446Z        01    unknown    /C=CN/ST=HeNan/O=CAServer/OU=test/CN=test.com   #V证书
[root@CentOS7.3 CA]#scp certs/test.crt root@172.18.xx.xxx:/etc/pki/tls/certs/     
                                                 #   复制给用户就可以使用了
openssl x509 -in /PATH/FROM/CERT_FILE -noout -text 文本|issuer颁发者是谁|subject主题给谁发|serial|dates有效期 #查看证书信息后面可以添加选项
[root@CentOS6.9 certs]#openssl x509 -in test.crt -noout -text 以文本方式显示一遍
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=CN, ST=HeNan, L=ZhengZhou, O=CAServer, OU=CA, CN=www.CAServer.com
        Validity
            Not Before: Jul 17 16:14:46 2017 GMT   
            Not After : Jul 17 16:14:46 2018 GMT    #有效期一年
        Subject: C=CN, ST=HeNan, O=CAServer, OU=test, CN=test.com
        Subject Public Key Info:
再次申请证书给另一个程序使用
私钥不需要生成,需要在申请一个证书
[root@CentOS6.9 ~]#openssl req -new -key /etc/pki/tls/private/test.key 
 -out /etc/pki/tls/test2.pem            #生成证书申请文件
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN                            #国家,必须和CA相同
State or Province Name (full name) []:HeNan                     #州或者省份,必须和CA相同
Locality Name (eg, city) [Default City]:zz                      #城市,可以自定义
Organization Name (eg, company) [Default Company Ltd]:CAServer  #机构名必须和CA相同
Organizational Unit Name (eg, section) []:test                  #部门名称,可以自定义
Common Name (eg, your name or your server's hostname) []:test2.com     #服务器名称
Email Address []:                                                  #邮箱地址可以忽略
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:admin                                   #设置密码加密
An optional company name []:admin
[root@CentOS6.9 ~]#scp /etc/pki/tls/test2.pem root@172.18.xx.xxx:/etc/pki/CA  
                                                     #把他发送到CA服务器上

[root@CentOS7.3 CA]#openssl ca -in test.pem -out certs/test2.crt -days 365   
  #请求文件test.pem    生成文件certs/test.crt    时间1年
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)   #1是十进制,(0x1)是16进制
        Validity
            Not Before: Jul 17 16:14:46 2017 GMT
            Not After : Jul 17 16:14:46 2018 GMT
        Subject:
            countryName               = CN
            stateOrProvinceName       = HeNan
            organizationName          = CAServer
            organizationalUnitName    = test
            commonName                = test.com
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                3B:F1:1B:6B:88:C2:17:35:19:2E:35:90:C6:22:6E:69:10:FF:B4:02
            X509v3 Authority Key Identifier: 
                keyid:60:3C:95:CB:A1:63:DC:0C:FC:1B:85:22:B3:4D:FD:FB:3B:5E:A4:B8

Certificate is to be certified until Jul 17 16:14:46 2018 GMT (365 days)#有效期1年
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries    #增加一条新纪录
Data Base Updated
[root@CentOS7.3 CA]#cat serial      
02                                                   #下一个证书的编号
[root@CentOS7.3 CA]#cat index.txt    
V    180717161446Z        01    unknown /C=CN/ST=HeNan/O=CAServer/OU=test/CN=test.com   #V证书
[root@CentOS7.3 CA]#scp certs/test2.crt root@172.18.xx.xxx:/etc/pki/tls/certs/       复制给用户就可以使用了
小工具
[root@centos7 /etc/pki/CA]# index.txt.old    serial.old 文件里都是上一次的文件相当于备份
同一个申请发多个证书默认是不允许的,可以修改vim index.txtt.attr
unique_subject = yes  #yes改为no

桌面证书没有路径
[root@centos7 /etc/pki/CA]#  cacert.pem  #sz cacert.pem 传输到桌面
后缀修改成cacert.crt
双击安装证书、下一步,浏览、收信人颁发机构、下一步安装

[root@centos7 /etc/pki/CA]#openssl ca -status 01          #查看证书变数是否有效
Using configuration from /etc/pki/tls/openssl.cnf
01=Valid (V)        #有效
客户端centos6.9做子CA办法
[root@CentOS6.9 ~]#touch /etc/pki/CA/index.txt       #创建证书索引文件
[root@CentOS6.9 ~]#echo 01 > /etc/pki/CA/serial      #指定证书颁发的序号,序号必须是两位16进制数
[root@centos6 /etc/pki/CA]#(umask 077;openssl genrsa -out /etc/pki/CA/private/cakey.pem -des3 1024)   
Generating RSA private key, 1024 bit long modulus    #密钥默认是1024位加密,也可以在命令尾部指定
.............++++++
.................................+++
........................+++
e is 65537 (0x10001)
[root@CentOS6.9 AC]#openssl req -new -key private/cakey.pem -out subca.csr 
  #生成证书申请文件
[root@CentOS6.9 AC]#scp subca.csr 172.18.xx.xxx:/etc/pki/CA/   #把他发送到CA服务器上
[root@CentOS7.3 CA]#openssl ca -in subca.csr -out certs/subca.crt -days 3650 
[root@CentOS7.3 CA]#scp certs/subca.csr 
 172.18.xx.xxx:/etc/pki/CA/cacert.pem   #把他发送到CA客户端centos60上

[root@centos6 ~]#openssl genrsa -out centos60.key 1024    #生成私钥
Generating RSA private key, 1024 bit long modulus
.....++++++
....................++++++
e is 65537 (0x10001)
[root@centos6 ~]#ll centos60.key 
-rw-r--r--. 1 root root 887 Sep  8 11:38 centos60.key
[root@centos6 ~]#openssl req -new -key centos60.key -out centos60.csr 
#生成证书申请文件
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN                            #国家,必须和子CA相同
State or Province Name (full name) []:HeNan                     #州或者省份,必须和子CA相同
Locality Name (eg, city) [Default City]:zz                      #城市,可以自定义
Organization Name (eg, company) [Default Company Ltd]:CAServer  #机构名必须和子CA相同
#其他自定义
[root@centos6 ~]#scp centos60.csr 172.18.xx.xxx:/etc/pki/CA    证书复制到子CA
子CAcentos6.9颁发证书给centos6
[root@CentOS6.9 CA]#openssl ca -in centos60.csr -out certs/centos60.csr -days 365   #颁发证书
root@CentOS6.9 CA]#cat index.txt    颁发的第一个证书存放位置
root@CentOS6.9 CA]#sz certs/centos60.crt
root@CentOS6.9 CA]#sz cacert.pem
上传到桌面 CAcentos7 ,子CAcentos6.9 ,客户端centos6的证书都在桌面进行安装

吊销证书

[root@CentOS6.9 certs]#openssl x509 -in /etc/pki/tls/certs/test.crt -noout -serial -subject     
#在客户主机上面查询证书的编号和信息,提供给CA
serial=01
subject= /C=CN/ST=HeNan/O=CAServer/OU=test/CN=test.com

[root@CentOS7.3 CA]#cat index.txt                           #CA查看索引文件确认
R    180717161446Z    170717162332Z    01    unknown    /C=CN/ST=HeNan/O=CASe
rver/OU=test/CN=test.com
[root@CentOS7.3 CA]#ll /etc/pki/CA/newcerts/01.pem                      #
-rw-r--r--. 1 root root 3077 Jul 18 00:14 /etc/pki/CA/newcerts/01.pem    
 #在签发证书之后会在/newcerts生成一个证书编号.pem文件
[root@CentOS7.3 CA]#cat /etc/pki/CA/newcerts/01.pem    #里面是证书的信息和申请者的公钥
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=CN, ST=HeNan, L=ZhengZhou, O=CAServer, OU=CA, CN=www.CAServer.com
        Validity
            Not Before: Jul 17 16:14:46 2017 GMT
            Not After : Jul 17 16:14:46 2018 GMT
        Subject: C=CN, ST=HeNan, O=CAServer, OU=test, CN=test.com
[root@CentOS7.3 CA]#openssl -revoke /etc/pki/CA/newcerts/01.pem 
openssl:Error: '-revoke' is an invalid command.

[root@CentOS7.3 CA]#openssl ca -revoke /etc/pki/CA/newcerts/01.pem     #吊销证书
Using configuration from /etc/pki/tls/openssl.cnf
Revoking Certificate 01.
Data Base Updated
[root@CentOS7.3 CA]#openssl ca -gencrl -out crl/test.crl        #更新证书吊销列表
Using configuration from /etc/pki/tls/openssl.cnf
[root@CentOS7.3 CA]#openssl crl -in crl/test.crl -noout -text     #查看证书吊销列表
Certificate Revocation List (CRL):
        Version 2 (0x1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: /C=CN/ST=HeNan/L=ZhengZhou/O=CAServer/OU=CA/CN=w
ww.CAServer.com   #CA的信息
        Last Update: Jul 17 16:24:37 2017 GMT
        Next Update: Aug 16 16:24:37 2017 GMT
        CRL extensions:
            X509v3 CRL Number: 
                2                                                         
Revoked Certificates:
    Serial Number: 01                                                 #证书编号
        Revocation Date: Jul 17 16:23:32 2017 GMT
最后编辑于
©著作权归作者所有,转载或内容合作请联系作者
  • 人面猴
    序言:七十年代末,一起剥皮案震惊了整个滨河市,随后出现的几起案子,更是在滨河造成了极大的恐慌,老刑警刘岩,带你破解...
    沈念sama阅读 212,686评论 6 492
  • 死咒
    序言:滨河连续发生了三起死亡事件,死亡现场离奇诡异,居然都是意外死亡,警方通过查阅死者的电脑和手机,发现死者居然都...
    沈念sama阅读 90,668评论 3 385
  • 救了他两次的神仙让他今天三更去死
    文/潘晓璐 我一进店门,熙熙楼的掌柜王于贵愁眉苦脸地迎上来,“玉大人,你说我怎么就摊上这事。” “怎么了?”我有些...
    开封第一讲书人阅读 158,160评论 0 348
  • 道士缉凶录:失踪的卖姜人
    文/不坏的土叔 我叫张陵,是天一观的道长。 经常有香客问我,道长,这世上最难降的妖魔是什么? 我笑而不...
    开封第一讲书人阅读 56,736评论 1 284
  • 港岛之恋(遗憾婚礼)
    正文 为了忘掉前任,我火速办了婚礼,结果婚礼上,老公的妹妹穿的比我还像新娘。我一直安慰自己,他们只是感情好,可当我...
    茶点故事阅读 65,847评论 6 386
  • 恶毒庶女顶嫁案:这布局不是一般人想出来的
    文/花漫 我一把揭开白布。 她就那样静静地躺着,像睡着了一般。 火红的嫁衣衬着肌肤如雪。 梳的纹丝不乱的头发上,一...
    开封第一讲书人阅读 50,043评论 1 291
  • 城市分裂传说
    那天,我揣着相机与录音,去河边找鬼。 笑死,一个胖子当着我的面吹牛,可吹牛的内容都是我干的。 我是一名探鬼主播,决...
    沈念sama阅读 39,129评论 3 410
  • 双鸳鸯连环套:你想象不到人心有多黑
    文/苍兰香墨 我猛地睁开眼,长吁一口气:“原来是场噩梦啊……” “哼!你这毒妇竟也来了?” 一声冷哼从身侧响起,我...
    开封第一讲书人阅读 37,872评论 0 268
  • 万荣杀人案实录
    序言:老挝万荣一对情侣失踪,失踪者是张志新(化名)和其女友刘颖,没想到半个月后,有当地人在树林里发现了一具尸体,经...
    沈念sama阅读 44,318评论 1 303
  • 护林员之死
    正文 独居荒郊野岭守林人离奇死亡,尸身上长有42处带血的脓包…… 初始之章·张勋 以下内容为张勋视角 年9月15日...
    茶点故事阅读 36,645评论 2 327
  • 白月光启示录
    正文 我和宋清朗相恋三年,在试婚纱的时候发现自己被绿了。 大学时的朋友给我发了我未婚夫和他白月光在一起吃饭的照片。...
    茶点故事阅读 38,777评论 1 341
  • 活死人
    序言:一个原本活蹦乱跳的男人离奇死亡,死状恐怖,灵堂内的尸体忽然破棺而出,到底是诈尸还是另有隐情,我是刑警宁泽,带...
    沈念sama阅读 34,470评论 4 333
  • 日本核电站爆炸内幕
    正文 年R本政府宣布,位于F岛的核电站,受9级特大地震影响,放射性物质发生泄漏。R本人自食恶果不足惜,却给世界环境...
    茶点故事阅读 40,126评论 3 317
  • 男人毒药:我在死后第九天来索命
    文/蒙蒙 一、第九天 我趴在偏房一处隐蔽的房顶上张望。 院中可真热闹,春花似锦、人声如沸。这庄子的主人今日做“春日...
    开封第一讲书人阅读 30,861评论 0 21
  • 一桩弑父案,背后竟有这般阴谋
    文/苍兰香墨 我抬头看了看天上的太阳。三九已至,却和暖如春,着一层夹袄步出监牢的瞬间,已是汗流浃背。 一阵脚步声响...
    开封第一讲书人阅读 32,095评论 1 267
  • 情欲美人皮
    我被黑心中介骗来泰国打工, 没想到刚下飞机就差点儿被人妖公主榨干…… 1. 我叫王不留,地道东北人。 一个月前我还...
    沈念sama阅读 46,589评论 2 362
  • 代替公主和亲
    正文 我出身青楼,却偏偏与公主长得像,于是被迫代替她去往敌国和亲。 传闻我的和亲对象是个残疾皇子,可洞房花烛夜当晚...
    茶点故事阅读 43,687评论 2 351

推荐阅读更多精彩内容

  • openssl 创建CA和申请证书
    在如今互联网时代,越来越多的人注重信息安全,及对重要信息加密。加密即我们将文字转换成不能直接阅读的形式(即密文)的...
    jie0112阅读 5,447评论 0 3
  • 半自动化创建CA和申请证书
    1 概述 本文之所以称之为半自动化,是因为证书的申请并非日常工作,只是一段时间才需要申请,同时,在创建证书和办法证...
    ghbsunny阅读 2,147评论 0 1
  • 20170909 加密和安全(二)
    CA和证书安全协议(SSL/TLS)OpenSSH 一、CA和证书 (一) PKI(Public Key Infr...
    哈喽别样阅读 1,386评论 0 0
  • 20160525刘赛平第十幅《八年级数学》
    临近期末考试了,孩子们都进入了紧张地复习中,尤其是我这些八年级的孩子们,他们不但要期末考试,将在半个月后进行生地会...
    简书刘赛平阅读 440评论 2 0
  • 美丽的女人,请自强
    美丽的女人躲在角落里轻轻哭泣。 我温柔地把你安慰。 美丽的女人啊!请你不要再哭泣。 你可把苦衷诉与我。 怀抱中的你...
    凌倾铭阅读 159评论 0 1