openssl 创建CA和申请证书

在如今互联网时代,越来越多的人注重信息安全,及对重要信息加密。加密即我们将文字转换成不能直接阅读的形式(即密文)的过程称为加密。像网站,把我们平时看到的“http”加密成“https”来传输,这样保证了信息在传输的过程中不被窃听。https就是“HTTP 协议”和“SSL/TLS 协议”的组合。HTTP over SSL”或“HTTP over TLS”,对http协议的文本数据进行加密处理后,成为二进制形式传输。
像有些网站用的是http,是没有证书的,被一些浏览器认为是不安全的。如:

当然像有些网站不涉及交易、敏感信息,仅供查询、浏览的故也没什么关系。
但凡涉及到交易的那就不一样,那就要使用https协议。如淘宝网

这里就有证书的信息(CA),我们可通过下载来观察下


那什么是CA证书呢?
CA 也拥有一个证书(内含公钥私钥)。网上的公众用户通过验证 CA 的签字从而信任 CA ,任何人都可以得到 CA 的证书(含公钥),用以验证它所签发的证书。
如果用户想得到一份属于自己的证书,他应先向 CA 提出申请。在 CA 判明申请者的身份后,便为他分配一个公钥,并且 CA 将该公钥与申请者的身份信息绑在一起,并为之签字后,便形成证书发给申请者。
如果一个用户想鉴别另一个证书的真伪,他就用 CA 的公钥对那个证书上的签字进行验证,一旦验证通过,该证书就被认为是有效的。证书实际是由证书签证机关(CA)签发的对用户的公钥的认证。
证书的内容包括:电子签证机关的信息、公钥用户信息、公钥、权威机构的签字和有效期等等。目前,证书的格式和验证方法普遍遵循X.509 国际标准。

下面我们就模拟创建私有CA并给节点颁发证书

一:创建环境:

centos7.3 当作CA服务器 centos6.9 充当客户端(申请者)
在centos7.3上作为CA服务器需了解CA的配置文件:/etc/pki/tls/openssl.cnf

[ CA_default ]
dir         = /etc/pki/CA       # Where everything is kept (CA有关的文件存放位置)
certs       = $dir/certs        # Where the issued certs are kept(签发的证书位置)
crl_dir     = $dir/crl          # Where the issued crl are kept(吊销证书存放位置)
database    = $dir/index.txt    # database index file.(生成证书索引数据库文件)
#unique_subject = no            # Set to 'no' to allow creation of
                                # several ctificates with same subject.
new_certs_dir   = $dir/newcerts     # default place for new certs.
certificate = $dir/cacert.pem   # The CA certificate(CA公钥位置)
serial      = $dir/serial       # The current serial number(指定颁发证书的序列号)
crlnumber   = $dir/crlnumber    # the current crl number
                    # must be commented out to leave a V1 CRL
crl     = $dir/crl.pem      # The current CRL
private_key = $dir/private/cakey.pem# The private key (CA私钥)
RANDFILE    = $dir/private/.rand    # private random number file
x509_extensions = usr_cert      # The extentions to add to the cert
policy      = policy_match
# For the CA policy  策略
[ policy_match ]
countryName     = match
stateOrProvinceName = match
organizationName    = match
organizationalUnitName  = optional
commonName      = supplied
emailAddress        = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName     = optional
stateOrProvinceName = optional
localityName        = optional
organizationName    = optional
organizationalUnitName  = optional
commonName      = supplied
emailAddress        = optional
这里 三种策略:匹配、支持和可选
匹配指要求申请填写的信息跟CA设置信息必须一致,支持指必须填写这项申请信息,可选指可有可无

二、创建所需的文件(centos7.3)

[root@centos7 ~]#cd /etc/pki/CA
[root@centos7 CA]#ls
certs  crl  newcerts  private
[root@centos7 CA]#touch index.txt   生成证书索引数据库文件(默认没有)
[root@centos7 CA]#echo 01 > serial  指定第一个颁发证书的序列号(默认也没有 这里01两位采用的是十六进制)
[root@centos7 CA]#ls
certs  crl  index.txt  newcerts  private  serial

1.生成私钥文件

[root@centos7 CA]#(umask 066;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus
................................+++
.........+++
e is 65537 (0x10001)
[root@centos7 CA]#ll private/
total 4
-rw------- 1 root root 1679 Jul 16 19:21 cakey.pem

2.生成自签证书

[root@centos7 CA]#openssl req -new -x509 -key private/cakey.pem -out private/cacert.pem -days 3650  # 生成自签证书指明私钥文件,证书保存路径,有效期限等
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN   # 所在国家
State or Province Name (full name) []:henan # 所在省
Locality Name (eg, city) [Default City]:zhengzhou # 所在城市
Organization Name (eg, company) [Default Company Ltd]:keji  # 组织(公司)名称
Organizational Unit Name (eg, section) []:ops # 所在岗位
Common Name (eg, your name or your server's hostname) []:keji.com 证书持有者姓名或请求证书服务器的主机名
Email Address []:   # 邮件地址
[root@centos7 CA]#ll
total 8
-rw-r--r--  1 root root 1302 Jul 16 19:22 cacert.pem
drwxr-xr-x. 2 root root   22 Jul 16 21:24 certs
drwxr-xr-x. 2 root root    6 Nov  6  2016 crl
drwxr-xr-x  2 root root   22 Jul 16 19:55 csr
-rw-r--r--  1 root root    0 Jul 16 19:01 index.txt
drwxr-xr-x. 2 root root    6 Nov  6  2016 newcerts
drwx------. 2 root root   23 Jul 16 21:24 private
-rw-r--r--  1 root root    3 Jul 16 19:02 serial

3.查看自签名证书

[root@centos7 CA]#openssl x509 -in private/cacert.pem  -noout -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 11375816810472933637 (0x9ddf051e12280905)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=CN, ST=henan, L=zhengzhou, O=keji, OU=ops, CN=keji.com
        Validity
            Not Before: Jul 16 09:22:51 2017 GMT
            Not After : Jul 14 09:22:51 2027 GMT
        Subject: C=CN, ST=henan, L=zhengzhou, O=keji, OU=ops, CN=keji.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b0:8e:c6:90:33:22:57:52:13:8c:29:ad:c4:34:
                    35:35:0c:23:ee:68:96:4a:2f:cc:03:0a:14:99:50:
                    3a:a9:f0:69:b5:38:fa:aa:47:ec:9c:ca:c0:83:de:
                    64:c7:fa:d0:e1:cb:a3:a7:d7:e3:02:17:29:27:6f:
                    a3:11:1c:36:73:5d:eb:72:d2:ab:d9:32:8f:a1:1a:
                    0f:1a:a0:dc:c9:1c:64:87:18:68:ab:8e:bb:d7:eb:
                    25:7f:b9:6f:49:75:a6:1e:b0:25:11:08:77:a3:98:
                    5f:73:4c:b2:ef:db:fe:6e:45:15:76:5e:4c:bb:16:
                    7c:dc:2a:52:5d:3c:7d:e1:ee:bd:ae:f6:c8:23:74:
                    b5:17:1b:fa:a7:86:02:6e:79:9c:ef:fd:8f:6c:6d:
                    c8:5f:0a:d3:e2:a4:ab:8d:fd:f0:7e:46:be:94:3d:
                    52:b4:69:ef:58:e6:29:14:6c:0f:8d:40:af:68:0d:
                    8d:6c:07:50:e2:a1:87:7c:8a:66:9f:06:04:8a:8b:
                    07:25:b0:bf:28:cc:a0:52:ec:5f:65:8e:3e:03:36:
                    92:99:c3:af:bf:a2:14:10:01:f0:ac:31:d4:33:09:
                    47:25:f0:28:90:b7:84:86:57:20:7f:11:30:9c:4b:
                    39:19:3f:c2:99:a6:85:4f:22:4a:32:d2:ba:79:e3:
                    74:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                7E:D8:E1:ED:AB:FF:05:D6:F5:45:87:06:5B:11:1D:EF:B1:A5:29:FF
            X509v3 Authority Key Identifier: 
                keyid:7E:D8:E1:ED:AB:FF:05:D6:F5:45:87:06:5B:11:1D:EF:B1:A5:29:FF

            X509v3 Basic Constraints: 
                CA:TRUE
    Signature Algorithm: sha256WithRSAEncryption
         84:b8:f6:7a:2f:9b:ed:64:88:85:5e:93:33:b9:3d:93:ff:31:
         5c:99:bd:05:d8:aa:50:21:c7:a7:26:44:d1:05:01:7b:e0:58:
         36:f5:15:23:14:b5:ad:6b:90:b0:3b:d0:fb:d2:0d:01:39:9d:
         3b:df:b2:df:ba:ae:20:eb:9b:27:40:55:e2:ea:14:9b:aa:75:
         91:36:20:61:5f:fa:80:d0:81:b6:9c:7e:e1:05:fc:52:44:f3:
         ad:9d:00:fb:2e:1b:cc:f1:6c:72:b6:d8:11:46:66:9d:a6:cf:
         d2:27:08:2b:27:3b:66:0d:da:c8:31:76:a3:04:16:35:c8:79:
         8f:02:7f:06:89:47:48:11:b8:1d:47:59:7f:67:c4:c0:f2:d9:
         a5:5e:6b:e8:42:c1:11:94:6c:05:7e:88:b8:56:4e:6e:29:66:
         46:2c:d2:04:a1:cb:90:a1:81:9f:a2:74:c1:b9:38:86:c0:d5:
         f8:ba:9f:62:38:ea:14:68:b7:da:3d:94:93:6e:55:97:68:42:
         39:cf:e0:71:6c:b8:f7:df:6d:57:fa:94:a0:80:f0:e7:e9:c2:
         d9:26:93:b0:a1:db:62:ab:29:fc:96:6e:5d:08:31:79:04:a8:
         42:98:83:23:aa:61:c5:f0:33:b8:2e:91:76:21:d6:3b:ae:86:
         1a:f0:31:55

三、客户端证书请求发送给CA进行签署 (centos 6.9)

1.生成密钥文件:

[root@centos6 ~]#(umask 066;openssl genrsa -out /etc/pki/tls/private/test.key 2048)
Generating RSA private key, 2048 bit long modulus
.......................................................................................................+++
......................................+++
e is 65537 (0x10001)
[root@centos6 ~]#ll /etc/pki/tls/private
total 4
-rw-------. 1 root root 1679 Jul 16 02:32 test.key

2.利用私钥生成证书签署请求:

[root@centos6 ~]#openssl req -new -key /etc/pki/tls/private/test.key -out /etc/pki/tls/private/test.csr -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:henan
Locality Name (eg, city) [Default City]:zhengzhou
Organization Name (eg, company) [Default Company Ltd]:kejitwo
Organizational Unit Name (eg, section) []:ops
Common Name (eg, your name or your server's hostname) []:kejitwo.com
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
注意:默认国家,省,公司名称三项必须和CA一致
[root@centos6 ~]#ll /etc/pki/tls/private
total 8
-rw-r--r--. 1 root root 1005 Jul 16 02:46 test.csr
-rw-------. 1 root root 1679 Jul 16 02:32 test.key

3.传输给CA(centos7.3):

[root@centos6 ~]#scp /etc/pki/tls/private/test.csr 192.168.18.142:/etc/pki/CA/csr
The authenticity of host '192.168.18.142 (192.168.18.142)' can't be established.
RSA key fingerprint is 5a:d9:05:80:2c:2b:99:b5:f5:1f:5a:e6:31:ff:51:6f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.18.142' (RSA) to the list of known hosts.
root@192.168.18.142's password: 
test.csr                                                  100% 1005     1.0KB/s   00:00 
[root@centos7 CA]#ll csr/
total 4
-rw-r--r-- 1 root root 1005 Jul 16 02:35 test.csr

四、签署(centos7.3)

1.CA签发证书

[root@centos7 CA]#openssl ca -in /etc/pki/CA/csr/test.csr -out /etc/pki/CA/certs/test.crt -days 365
# 签发证书,-in指明要签的证书文件位置,-out指明签好后输出的文件位置,必须放在certs下,指明期限
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Jul 16 11:46:40 2017 GMT
            Not After : Jul 16 11:46:40 2018 GMT
        Subject:
            countryName               = CN
            stateOrProvinceName       = henan
            organizationName          = keji
            organizationalUnitName    = ops
            commonName                = centos6.9.zj.com
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                4F:22:F5:49:09:17:75:91:A9:5D:64:69:7A:CC:E5:76:7A:9B:9C:70
            X509v3 Authority Key Identifier: 
                keyid:7E:D8:E1:ED:AB:FF:05:D6:F5:45:87:06:5B:11:1D:EF:B1:A5:29:FF

Certificate is to be certified until Jul 16 11:46:40 2018 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@centos7 CA]#tree
.
├── cacert.pem
├── certs
│   └── test.crt
├── crl
├── csr
│   └── test.csr
├── index.txt
├── index.txt.attr
├── index.txt.old
├── newcerts
│   └── 01.pem
├── private
│   └── cakey.pem
├── serial
└── serial.old
5 directories, 10 files
[root@centos7 CA]#cat index.txt  # 可以看到第一个签署的证书编号为01
V   180716114640Z       01  unknown /C=CN/ST=henan/O=keji/OU=ops/CN=centos6.9.zj.com

2.把签署好的证书发还给请求者

[root@centos7 CA]#scp /etc/pki/CA/certs/test.crt 192.168.18.130:/etc/pki/tls/
The authenticity of host '192.168.18.130 (192.168.18.130)' can't be established.
RSA key fingerprint is a7:2e:2a:99:b0:33:c5:88:98:4b:0e:ce:7c:8c:6a:96.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.18.130' (RSA) to the list of known hosts.
root@192.168.18.130's password: 
test.crt     

五、在客户端上查看已签署的证书(centos6.9)

[root@centos6 ~]#openssl x509 -in /etc/pki/tls/test.crt -noout -text # 请求者收到后查看
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=CN, ST=henan, L=zhengzhou, O=keji, OU=ops, CN=keji.com
        Validity
            Not Before: Jul 16 11:46:40 2017 GMT
            Not After : Jul 16 11:46:40 2018 GMT
        Subject: C=CN, ST=henan, O=keji, OU=ops, CN=centos6.9.zj.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:e0:5a:dc:b0:34:7f:08:76:34:1f:5f:ba:95:27:
                    ec:d0:eb:be:37:14:c2:58:de:65:5c:fb:76:4b:fa:
                    91:0b:f4:6a:be:e6:0f:96:dd:12:26:af:c4:78:23:
                    bc:33:3c:dd:d6:99:e7:53:0d:ce:93:2c:4c:fc:0d:
                    d8:5b:a1:08:aa:f8:12:ce:a5:30:fd:63:0a:49:91:
                    32:db:4e:f6:67:86:2c:dc:99:f6:29:d0:7f:cb:b3:
                    97:17:f7:4e:71:aa:53:08:87:2b:d0:11:df:93:42:
                    8b:a8:87:c3:64:11:d2:76:5c:9c:0c:03:a3:00:fc:
                    2a:3a:e3:d7:7f:f2:e2:f4:f9:d0:f8:b3:14:47:0b:
                    78:96:e3:31:53:02:69:94:13:a8:e3:59:f8:fd:f3:
                    64:59:75:b5:ad:75:ca:2e:0f:af:bd:25:ec:41:2d:
                    2c:c8:09:00:f5:f5:ff:e5:fb:9d:88:cf:c2:72:ef:
                    29:e5:8f:08:86:2b:c6:63:40:c0:de:a3:08:b8:69:
                    68:f1:f7:63:60:54:bc:08:a1:71:8b:2f:9e:d1:e4:
                    8b:48:54:63:b4:73:dd:c0:bb:6c:a6:3b:96:d9:5d:
                    e5:ae:6f:67:cb:f5:d6:0a:c4:6d:7b:02:a4:7f:8a:
                    21:03:b7:4a:7a:9a:7b:1f:be:f8:89:6a:92:dc:04:
                    83:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                4F:22:F5:49:09:17:75:91:A9:5D:64:69:7A:CC:E5:76:7A:9B:9C:70
            X509v3 Authority Key Identifier: 
                keyid:7E:D8:E1:ED:AB:FF:05:D6:F5:45:87:06:5B:11:1D:EF:B1:A5:29:FF
    Signature Algorithm: sha256WithRSAEncryption
         7b:ec:35:5b:14:51:87:6c:05:99:5d:55:08:50:72:54:40:8e:
         f8:e9:f5:b5:21:09:b4:a2:00:fa:c3:59:4a:18:6d:24:e6:77:
         8a:a5:98:2c:91:36:1e:4b:10:cb:ab:99:73:c9:cd:d0:e0:46:
         99:b3:3f:8f:20:eb:65:d6:4c:71:c1:48:e1:5d:21:d8:42:e5:
         88:e5:80:40:bc:60:b0:25:cb:ec:1e:1a:7d:85:68:45:98:8d:
         3f:5c:d4:3e:c8:b4:46:86:36:05:a0:64:1d:51:1e:ef:23:0d:
         50:6e:c3:c0:f4:97:d7:0f:68:d7:e1:65:cd:dd:1a:01:ea:1e:
         cf:18:a2:f7:56:5e:4f:bd:d2:57:8c:ac:23:f3:99:a4:a0:9a:
         2b:0b:31:0b:7d:09:bc:ca:a4:e7:98:11:4b:d9:08:93:e3:fe:
         18:be:a5:0c:9f:9c:b4:c9:bd:70:90:30:f6:3d:75:c4:cc:11:
         0b:d7:6d:57:33:83:4a:41:92:da:7c:9c:3d:fb:59:1b:2a:aa:
         79:3f:cc:2e:8b:20:42:69:93:27:79:30:93:eb:2a:43:55:45:
         0d:88:28:0e:db:f5:72:f3:a8:1c:8b:97:a0:58:f9:6a:b2:4a:
         8e:25:43:e9:03:68:69:8d:82:59:96:13:1b:65:4d:62:9c:e6:
         8c:8f:37:c8

六.在window下查看制作的CA证书

到这里我们就对CA进行完整的操作。如果想更直观的观察自己制作的CA证书,我们还可以把文件导入到window中查看,这里就要把cacert.pem的CA自签名证书后缀改下Windows能识别的文件格式。如下图所示



如有不足请多多指教!

最后编辑于
©著作权归作者所有,转载或内容合作请联系作者
  • 序言:七十年代末,一起剥皮案震惊了整个滨河市,随后出现的几起案子,更是在滨河造成了极大的恐慌,老刑警刘岩,带你破解...
    沈念sama阅读 212,332评论 6 493
  • 序言:滨河连续发生了三起死亡事件,死亡现场离奇诡异,居然都是意外死亡,警方通过查阅死者的电脑和手机,发现死者居然都...
    沈念sama阅读 90,508评论 3 385
  • 文/潘晓璐 我一进店门,熙熙楼的掌柜王于贵愁眉苦脸地迎上来,“玉大人,你说我怎么就摊上这事。” “怎么了?”我有些...
    开封第一讲书人阅读 157,812评论 0 348
  • 文/不坏的土叔 我叫张陵,是天一观的道长。 经常有香客问我,道长,这世上最难降的妖魔是什么? 我笑而不...
    开封第一讲书人阅读 56,607评论 1 284
  • 正文 为了忘掉前任,我火速办了婚礼,结果婚礼上,老公的妹妹穿的比我还像新娘。我一直安慰自己,他们只是感情好,可当我...
    茶点故事阅读 65,728评论 6 386
  • 文/花漫 我一把揭开白布。 她就那样静静地躺着,像睡着了一般。 火红的嫁衣衬着肌肤如雪。 梳的纹丝不乱的头发上,一...
    开封第一讲书人阅读 49,919评论 1 290
  • 那天,我揣着相机与录音,去河边找鬼。 笑死,一个胖子当着我的面吹牛,可吹牛的内容都是我干的。 我是一名探鬼主播,决...
    沈念sama阅读 39,071评论 3 410
  • 文/苍兰香墨 我猛地睁开眼,长吁一口气:“原来是场噩梦啊……” “哼!你这毒妇竟也来了?” 一声冷哼从身侧响起,我...
    开封第一讲书人阅读 37,802评论 0 268
  • 序言:老挝万荣一对情侣失踪,失踪者是张志新(化名)和其女友刘颖,没想到半个月后,有当地人在树林里发现了一具尸体,经...
    沈念sama阅读 44,256评论 1 303
  • 正文 独居荒郊野岭守林人离奇死亡,尸身上长有42处带血的脓包…… 初始之章·张勋 以下内容为张勋视角 年9月15日...
    茶点故事阅读 36,576评论 2 327
  • 正文 我和宋清朗相恋三年,在试婚纱的时候发现自己被绿了。 大学时的朋友给我发了我未婚夫和他白月光在一起吃饭的照片。...
    茶点故事阅读 38,712评论 1 341
  • 序言:一个原本活蹦乱跳的男人离奇死亡,死状恐怖,灵堂内的尸体忽然破棺而出,到底是诈尸还是另有隐情,我是刑警宁泽,带...
    沈念sama阅读 34,389评论 4 332
  • 正文 年R本政府宣布,位于F岛的核电站,受9级特大地震影响,放射性物质发生泄漏。R本人自食恶果不足惜,却给世界环境...
    茶点故事阅读 40,032评论 3 316
  • 文/蒙蒙 一、第九天 我趴在偏房一处隐蔽的房顶上张望。 院中可真热闹,春花似锦、人声如沸。这庄子的主人今日做“春日...
    开封第一讲书人阅读 30,798评论 0 21
  • 文/苍兰香墨 我抬头看了看天上的太阳。三九已至,却和暖如春,着一层夹袄步出监牢的瞬间,已是汗流浃背。 一阵脚步声响...
    开封第一讲书人阅读 32,026评论 1 266
  • 我被黑心中介骗来泰国打工, 没想到刚下飞机就差点儿被人妖公主榨干…… 1. 我叫王不留,地道东北人。 一个月前我还...
    沈念sama阅读 46,473评论 2 360
  • 正文 我出身青楼,却偏偏与公主长得像,于是被迫代替她去往敌国和亲。 传闻我的和亲对象是个残疾皇子,可洞房花烛夜当晚...
    茶点故事阅读 43,606评论 2 350

推荐阅读更多精彩内容

  • OpenSSL的配置文件etc/pki/tls/openssl.cnf,下面有一些重要的配置,里面的一下目录和文件...
    不知岁月惜阅读 4,356评论 1 1
  • CA和证书安全协议(SSL/TLS)OpenSSH 一、CA和证书 (一) PKI(Public Key Infr...
    哈喽别样阅读 1,385评论 0 0
  • 本文转载,出处如下:数字证书原理 文中首先解释了加密解密的一些基础知识和概念,然后通过一个加密通信过程的例子说明了...
    随安居士阅读 1,675评论 1 8
  • 本文参与#漫步青春#征文活动,作者:欧阳芳,本人承诺,文章内容为原创,且未在其他平台发布。 初雪 与你走在清冷的街...
    123456偶偶阅读 175评论 0 0
  • 今天去做了新发型,拾掇拾掇生孩子后邋遢的自己。 和明明聊天,不知道她是不是会走到离婚那一步,没有经济基础的婚姻真的...
    63414179a45d阅读 250评论 0 1