搭建CA,申请证书

搭建CA和申请证书

相关参考配置文件:/etc/pki/tls/openssl.cnf

####################################################################
[ ca ]
default_ca      = CA_default            # The default ca section

####################################################################
[ CA_default ]

dir             = /etc/pki/CA           # Where everything is kept
certs           = $dir/certs            # Where the issued certs are kept
crl_dir         = $dir/crl              # Where the issued crl are kept
database        = $dir/index.txt        # database index file.
#unique_subject = no                    # Set to 'no' to allow creation of
                                        # several ctificates with same subject.
new_certs_dir   = $dir/newcerts         # default place for new certs.

certificate     = $dir/cacert.pem       # The CA certificate
serial          = $dir/serial           # The current serial number
crlnumber       = $dir/crlnumber        # the current crl number
                                        # must be commented out to leave a V1 CRL
crl             = $dir/crl.pem          # The current CRL
private_key     = $dir/private/cakey.pem# The private key
RANDFILE        = $dir/private/.rand    # private random number file

x509_extensions = usr_cert              # The extentions to add to the cert

# Comment out the following two lines for the "traditional"
# (and highly broken) format.
name_opt        = ca_default            # Subject Name options
cert_opt        = ca_default            # Certificate field options

# Extension copying option: use with caution.
# copy_extensions = copy

# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crlnumber must also be commented out to leave a V1 CRL.
# crl_extensions        = crl_ext

default_days    = 365                   # how long to certify for
default_crl_days= 30                    # how long before next CRL
default_md      = sha256                # use SHA-256 by default
preserve        = no                    # keep passed DN ordering

# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy          = policy_match

# For the CA policy
[ policy_match ]
countryName             = match
stateOrProvinceName     = match
organizationName        = match
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional

# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName             = optional
stateOrProvinceName     = optional
localityName            = optional
organizationName        = optional
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional

####################################################################
[ req ]
default_bits            = 2048
default_md              = sha256
default_keyfile         = privkey.pem
distinguished_name      = req_distinguished_name
attributes              = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert

需要用到的参考目录

dir             = /etc/pki/CA           # Where everything is kept
certs           = /etc/pki/CA/certs            # Where the issued certs are kept
database        = /etc/pki/CA/index.txt        # database index file.
new_certs_dir   = /etc/pki/CA/newcerts         # default place for new certs.
certificate     = /etc/pki/CA/cacert.pem       # The CA certificate
serial          = /etc/pki/CA/serial           # The current serial number
private_key     = /etc/pki/CA/private/cakey.pem   # The private key

注意事项:默认客户端证书请求中国家、省、公司名称三项必须和CA保持一致,否则无法颁发证书,原因:/etc/pki/tls/openssl.cnf配置文件中policy = policy_match,将其改为policy=policy_anything,或者将[ policy_match ]下countryName 、stateOrProvinceName、organizationName 这三项的值由match改为optional将不再要求一致

服务端搭建私有CA

1、创建所需的文件
touch /etc/pki/CA/index.txt 生成证书索引数据库文件
echo 01 > /etc/pki/CA/serial 指定第一个颁发证书的序列号(可自定,但需是两位数)
2、生成CA私钥
(umask 077;openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048)

[root@centos CA]#(umask 077; openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus
........................................................................+++
....................................+++
e is 65537 (0x10001)

3、自签名(给自己颁发证书)
openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3650
-new: 生成新证书签署请求
-x509: 专用于CA生成自签证书
-key: 生成请求时用到的私钥文件
-days n:证书的有效期限
-out /PATH/TO/SOMECERTFILE: 证书的保存路径

[root@centos CA]#openssl req -new -x509 -key private/cakey.pem -days 7300 -out cacert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:henan
Locality Name (eg, city) [Default City]:zhengzhou
Organization Name (eg, company) [Default Company Ltd]:xmj
Organizational Unit Name (eg, section) []:x
Common Name (eg, your name or your server's hostname) []:xmj.com
Email Address []:

openssl x509 -in /etc/pki/CA/cacert.pem -noout -text 查看CA证书信息

[root@centos CA]#openssl x509 -in cacert.pem -noout -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 11583334546095199587 (0xa0c045660683d563)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=cn, ST=henan, L=zhengzhou, O=xmj, OU=x, CN=xmj.com
        Validity
            Not Before: Jul 17 07:11:40 2017 GMT
            Not After : Jul 12 07:11:40 2037 GMT
        Subject: C=cn, ST=henan, L=zhengzhou, O=xmj, OU=x, CN=xmj.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:c3:c1:ed:52:ee:9f:8b:52:2d:48:69:86:05:84:
                    30:8b:57:14:1f:04:23:2d:a3:3d:c5:87:5d:65:35:
                    61:65:0e:fc:74:93:88:be:2a:66:47:ea:e4:c6:e7:
                    0c:6b:74:4d:28:e9:eb:21:75:58:8a:61:83:84:d8:
                    7f:09:4a:0e:63:c9:e1:d6:26:92:46:94:79:3b:f1:
                    08:a3:f7:05:cc:f6:87:f7:74:29:67:71:f0:f4:82:
                    6a:bf:51:e9:99:01:4e:df:dc:ff:d7:88:54:22:06:
                    d4:76:e1:1b:4f:4e:8a:e4:2f:64:6e:2f:c4:0d:25:
                    2c:cd:4f:e3:d0:1f:3e:e2:2d:82:a5:12:7a:95:88:
                    10:08:36:71:59:af:3a:c5:bf:b5:1d:8c:11:79:bc:
                    d6:18:d5:cd:39:f7:66:8a:ef:19:11:22:e3:7d:3f:
                    db:2b:67:4d:e5:20:98:43:7b:a3:60:cb:da:75:65:
                    d0:e3:22:f7:d0:98:90:e5:c8:16:5b:65:c0:64:6a:
                    71:33:6a:80:5c:2d:47:b5:8a:b5:53:64:3d:70:a4:
                    77:a5:df:dc:67:53:d9:f3:55:3c:68:9c:c5:f8:61:
                    25:ff:8b:e1:9a:2c:11:0f:4f:ad:f6:da:55:e9:d8:
                    57:d3:81:6d:45:b9:f0:f3:4f:c6:bb:2c:9b:de:4e:
                    cd:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                04:9D:1F:51:07:F9:4B:23:D2:58:6C:89:EC:30:13:94:4D:1B:14:EF
            X509v3 Authority Key Identifier: 
                keyid:04:9D:1F:51:07:F9:4B:23:D2:58:6C:89:EC:30:13:94:4D:1B:14:EF

            X509v3 Basic Constraints: 
                CA:TRUE
    Signature Algorithm: sha1WithRSAEncryption
         c1:1f:ab:c9:3b:61:71:ff:21:b4:6f:03:0e:de:e8:f7:78:be:
         b7:1c:50:85:6d:20:5a:4f:fa:22:6b:b6:29:d0:a2:a2:dc:7e:
         95:bc:14:a4:84:49:9f:cb:cd:27:1e:c9:8f:5a:98:89:a4:1d:
         af:76:b8:13:6d:96:d3:f7:7d:8b:9a:b7:26:71:63:32:af:59:
         d2:12:0a:4f:4b:e8:55:c2:79:ef:da:bd:2d:ea:c2:7a:3d:87:
         4d:7f:51:22:48:f8:84:2e:0b:43:8c:a4:6b:e3:ea:d7:79:3b:
         f2:ee:8f:26:f6:08:97:b7:e1:b2:0a:a7:30:46:23:04:74:d8:
         75:22:77:ac:1a:88:db:41:e5:a9:e6:9d:18:a5:14:44:58:c5:
         87:4e:f0:b1:ce:01:a7:8d:c5:ed:0a:51:04:c5:a6:9a:c9:00:
         64:1b:21:96:58:69:54:05:1a:3b:14:10:d0:6a:49:db:78:34:
         69:77:c9:24:33:63:85:fc:41:0f:f8:e0:da:9e:ca:c7:10:fe:
         7e:03:8f:60:e2:bb:56:92:38:12:a4:e7:d3:6a:07:f1:c6:44:
         81:f1:68:81:d8:c4:92:91:0a:b9:28:1d:ea:17:3b:ef:91:8c:
         ab:b1:78:6d:c8:ac:63:02:3a:12:ba:d0:bb:bc:2d:28:c4:ba:
         cb:59:7a:5e

客户端申请证书

1、给web服务器生成私钥
(umask 077;openssl genrsa -out /root/app/service.key 2048 )
2、申请证书
生成证书申请文件
openssl req -new -key /root/app/service.key -out /root/app/service.csr
3、发送申请文件至服务端
scp /root/app/service.csr IP:/etc/pki/CA

CA签署证书,颁发证书给申请者

服务端
1、创建客户端证书申请目录
mkdir /etc/pki/CA/csr
mv /etc/pki/CA/service.csr /etc/pki/CA/csr

[root@centos CA]#tree
.
├── cacert.pem
├── certs
├── crl
├── index.txt
├── newcerts
├── private
│   └── cakey.pem
├── serial
└── service.csr

4 directories, 5 files
[root@centos CA]#mkdir csr
[root@centos CA]#mv service.csr csr
[root@centos CA]#tree
.
├── cacert.pem
├── certs
├── crl
├── csr
│   └── service.csr
├── index.txt
├── newcerts
├── private
│   └── cakey.pem
└── serial

5 directories, 5 files
[root@centos CA]#ll
total 28
-rw-r--r--. 1 root root 1294 Jul 17 15:11 cacert.pem
drwxr-xr-x. 2 root root 4096 Mar 23 05:46 certs
drwxr-xr-x. 2 root root 4096 Mar 23 05:46 crl
drwxr-xr-x. 2 root root 4096 Jul 17 15:59 csr
-rw-r--r--. 1 root root    0 Jul 17 14:55 index.txt
drwxr-xr-x. 2 root root 4096 Mar 23 05:46 newcerts
drwx------. 2 root root 4096 Jul 17 15:00 private
-rw-r--r--. 1 root root    3 Jul 17 14:55 serial

2、颁发证书
openssl ca -in /etc/pki/CA/csr/service.csr -out /etc/pki/CA/certs/service.crt -days 365

[root@centos CA]#pwd
/etc/pki/CA
[root@centos CA]#openssl ca -in csr/service.csr -out certs/service.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Jul 17 08:08:07 2017 GMT
            Not After : Jul 17 08:08:07 2018 GMT
        Subject:
            countryName               = cn
            stateOrProvinceName       = henan
            organizationName          = xmj
            organizationalUnitName    = m
            commonName                = www.xmj.com
            emailAddress              = 111111
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                58:C1:E6:56:07:FF:B7:FD:EC:AC:9A:DD:05:19:EA:98:D0:7F:9B:6B
            X509v3 Authority Key Identifier: 
                keyid:04:9D:1F:51:07:F9:4B:23:D2:58:6C:89:EC:30:13:94:4D:1B:14:EF

Certificate is to be certified until Jul 17 08:08:07 2018 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@centos CA]#ll
total 40
-rw-r--r--. 1 root root 1294 Jul 17 15:11 cacert.pem
drwxr-xr-x. 2 root root 4096 Jul 17 16:08 certs
drwxr-xr-x. 2 root root 4096 Mar 23 05:46 crl
drwxr-xr-x. 2 root root 4096 Jul 17 15:59 csr
-rw-r--r--. 1 root root   89 Jul 17 16:08 index.txt
-rw-r--r--. 1 root root   21 Jul 17 16:08 index.txt.attr
-rw-r--r--. 1 root root    0 Jul 17 14:55 index.txt.old
drwxr-xr-x. 2 root root 4096 Jul 17 16:08 newcerts
drwx------. 2 root root 4096 Jul 17 15:00 private
-rw-r--r--. 1 root root    3 Jul 17 16:08 serial
-rw-r--r--. 1 root root    3 Jul 17 14:55 serial.old
[root@centos CA]#cd newcerts/
[root@centos newcerts]#ls
01.pem
[root@centos newcerts]#cd ..
######serial文件里放的是下一个申请证书的证书编号
[root@centos CA]#cat serial
02
######此时数据库已更新,V为证书状态表示已颁发可用的
[root@centos CA]#cat index.txt
V       180717080807Z           01      unknown /C=cn/ST=henan/O=xmj/OU=m/CN=www.xmj.com/emailAddress=111111
[root@centos CA]#tree
.
├── cacert.pem
├── certs
│   └── service.crt
├── crl
├── csr
│   └── service.csr
├── index.txt
├── index.txt.attr
├── index.txt.old
├── newcerts
│   └── 01.pem
├── private
│   └── cakey.pem
├── serial
└── serial.old

5 directories, 10 files

3、申请的证书的查看
openssl x509 -in /etc/pki/CA/certs/service.crt -noout -text|issuer|subject|serial|dates
openssl ca -status SERIAL 查看指定编号的证书状态

[root@centos CA]#openssl x509 -in certs/service.crt -noout -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=cn, ST=henan, L=zhengzhou, O=xmj, OU=x, CN=xmj.com
        Validity
            Not Before: Jul 17 08:08:07 2017 GMT
            Not After : Jul 17 08:08:07 2018 GMT
        Subject: C=cn, ST=henan, O=xmj, OU=m, CN=www.xmj.com/emailAddress=111111
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:bd:a1:a2:49:f0:e5:9a:fd:3f:e6:87:24:0e:79:
                    6b:3e:05:db:52:06:d7:34:15:4a:2c:92:48:1f:c1:
                    0f:c6:7d:18:4b:fd:d0:82:10:c1:a4:9e:ae:65:05:
                    6a:2c:e4:53:cd:0d:07:cf:ff:77:1a:b6:3d:87:0f:
                    c5:b9:81:82:bb:7c:ef:9b:1b:24:82:f1:1e:2a:4d:
                    0c:a1:a5:1b:43:ad:33:01:e3:a4:ee:4f:d8:28:7a:
                    e7:fa:e4:fc:08:f4:89:13:e7:ca:85:77:00:34:15:
                    3d:61:02:74:bc:7d:af:13:de:02:4e:c2:ac:60:7d:
                    ff:2b:70:ed:06:66:6a:1f:63:c0:a2:bf:87:6d:d8:
                    dc:dc:14:70:3c:e3:14:72:75:b4:6d:d1:e8:28:72:
                    f5:f5:0f:9c:32:c5:cb:04:54:e9:51:32:5d:d9:5e:
                    71:54:3a:da:d4:33:ed:ac:14:25:6d:4b:c8:08:33:
                    11:f5:9f:ba:04:95:8b:d3:c9:11:e3:16:ae:c3:23:
                    d1:12:f0:80:cb:e9:d6:5b:03:d5:9e:1e:11:e2:4a:
                    ec:7a:c8:fd:69:ab:56:2d:3e:f3:db:48:a0:a6:b3:
                    0a:17:20:f0:bb:f8:e9:3d:a1:f3:87:a3:13:a6:93:
                    f9:9c:cd:88:cc:73:af:43:6a:ce:2f:5f:f6:08:a1:
                    31:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                58:C1:E6:56:07:FF:B7:FD:EC:AC:9A:DD:05:19:EA:98:D0:7F:9B:6B
            X509v3 Authority Key Identifier: 
                keyid:04:9D:1F:51:07:F9:4B:23:D2:58:6C:89:EC:30:13:94:4D:1B:14:EF

    Signature Algorithm: sha1WithRSAEncryption
         2e:a5:ed:ab:b7:b1:e5:fb:03:e7:dd:4e:15:61:25:81:c3:ee:
         a6:e4:60:e2:74:36:61:8b:39:e4:25:fd:12:12:ce:37:28:fe:
         7d:1f:c4:c7:fa:fc:60:a9:e9:36:1d:b9:23:e9:d9:91:e3:e0:
         b2:e2:32:41:a7:4e:8d:a4:9e:33:0d:66:b9:cb:1a:7c:31:61:
         78:18:ce:03:50:b1:e1:07:b9:39:0d:f5:c8:80:b9:d6:06:0f:
         4c:5a:67:29:3c:34:70:c6:d5:2d:d8:5f:0b:4d:ba:0e:8c:cb:
         56:b9:fb:df:5f:58:df:ab:7e:ac:41:9e:32:74:65:b3:2d:70:
         d2:f7:78:05:17:47:bb:ef:de:44:b3:8b:70:03:11:da:79:eb:
         e9:57:9d:e8:c2:43:43:73:72:b6:ff:e4:bc:0f:41:38:b7:af:
         7a:74:b2:17:57:c5:8a:8d:b5:d1:ba:aa:42:bf:3f:17:f3:54:
         8e:54:86:3c:95:0a:d1:27:d6:a7:ce:f6:c5:2b:e6:79:68:76:
         6a:5b:bb:d9:6a:23:7a:f2:3d:41:bb:f5:ec:29:fc:0a:46:e5:
         11:8b:04:39:86:6e:7d:59:50:7e:2c:47:f2:9f:20:31:54:07:
         87:1e:39:af:28:dd:c0:c2:6f:2a:89:91:c6:25:2a:35:0e:f9:
         a6:2e:51:62
[root@centos CA]#openssl x509 -in certs/service.crt -noout -issuer
issuer= /C=cn/ST=henan/L=zhengzhou/O=xmj/OU=x/CN=xmj.com
[root@centos CA]#openssl x509 -in certs/service.crt -noout -subject
subject= /C=cn/ST=henan/O=xmj/OU=m/CN=www.xmj.com/emailAddress=111111
[root@centos CA]#openssl x509 -in certs/service.crt -noout -serial
serial=01
[root@centos CA]#openssl x509 -in certs/service.crt -noout -dates
notBefore=Jul 17 08:08:07 2017 GMT
notAfter=Jul 17 08:08:07 2018 GMT
[root@centos CA]#openssl ca -status 01
Using configuration from /etc/pki/tls/openssl.cnf
01=Valid (V)

4、把证书复制发送给客户端

吊销证书

1、在客户端获取要吊销的证书的serial
openssl x509 -in /PATH/FROM/CERT_FILE -noout -serial -subject

[root@centos app]#pwd
/root/app
[root@centos app]#openssl x509 -in service.crt -noout -serial -subject
serial=01
subject= /C=cn/ST=henan/O=xmj/OU=m/CN=www.xmj.com/emailAddress=111111

2、在CA上,根据客户提交的serial与subject信息,对比检验是 否与index.txt文件中的信息一致,吊销证书:
openssl ca -revoke /etc/pki/CA/newcerts/*.pem
创建吊销列表数据库(初始值01可自定)
echo 01 > /etc/pki/CA/crlnumber
更新证书吊销列表
openssl ca -gencrl -out crl.pem
查看吊销列表
openssl crl -in crl.pem -noout -text

[root@centos CA]#pwd
/etc/pki/CA
[root@centos CA]#cat index.txt
V       180717080807Z           01      unknown /C=cn/ST=henan/O=xmj/OU=m/CN=www.xmj.com/emailAddress=111111
######吊销证书
[root@centos CA]#openssl ca -revoke newcerts/01.pem
Using configuration from /etc/pki/tls/openssl.cnf
Revoking Certificate 01.
Data Base Updated
######数据库更新,证书状态由V变为R(吊销)
[root@centos CA]#cat index.txt                     
R       180717080807Z   170717090033Z   01      unknown /C=cn/ST=henan/O=xmj/OU=m/CN=www.xmj.com/emailAddress=111111
######创建吊销列表数据库(初始值01可自定)
[root@centos CA]#echo 01 > crlnumber
[root@centos CA]#tree
.
├── cacert.pem
├── certs
│   └── service.crt
├── crl
├── crlnumber
├── csr
│   └── service.csr
├── index.txt
├── index.txt.attr
├── index.txt.attr.old
├── index.txt.old
├── newcerts
│   └── 01.pem
├── private
│   └── cakey.pem
├── serial
└── serial.old

5 directories, 12 
######更新证书吊销列表
[root@centos CA]#openssl ca -gencrl -out crl/crl.pem
Using configuration from /etc/pki/tls/openssl.cnf
[root@centos CA]#tree
.
├── cacert.pem
├── certs
│   └── service.crt
├── crl
│   └── crl.pem
├── crlnumber
├── crlnumber.old
├── csr
│   └── service.csr
├── index.txt
├── index.txt.attr
├── index.txt.attr.old
├── index.txt.old
├── newcerts
│   └── 01.pem
├── private
│   └── cakey.pem
├── serial
└── serial.old

5 directories, 14 files
######crlnumber文件中存放的是下一个被吊销证书的编号
[root@centos CA]#cat crlnumber
02
[root@centos CA]#cat crlnumber.old 
01
######查看吊销列表
[root@centos CA]#openssl crl -in crl/crl.pem -noout -text
Certificate Revocation List (CRL):
        Version 2 (0x1)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: /C=cn/ST=henan/L=zhengzhou/O=xmj/OU=x/CN=xmj.com
        Last Update: Jul 17 09:02:34 2017 GMT
        Next Update: Aug 16 09:02:34 2017 GMT
        CRL extensions:
            X509v3 CRL Number: 
                1
Revoked Certificates:
    Serial Number: 01
        Revocation Date: Jul 17 09:00:33 2017 GMT
    Signature Algorithm: sha1WithRSAEncryption
         5c:87:ce:3e:52:da:f3:6f:5f:d9:4a:f2:20:73:d1:22:d6:85:
         34:2d:0d:5a:99:6a:90:13:ec:ff:3c:b1:b2:ad:d9:c1:00:f3:
         29:0c:21:22:c6:76:2d:0a:8e:b1:23:76:70:c8:38:ae:28:2d:
         2a:b6:df:8e:87:cf:db:dd:79:db:17:ba:aa:73:1f:3c:b9:8e:
         69:e3:1b:24:30:56:f3:36:50:57:83:a5:ee:3e:c5:15:44:de:
         6d:38:b3:47:29:c6:e8:7a:6b:66:0e:4a:c7:23:c1:ef:d6:2b:
         fd:5a:c0:48:04:c1:33:b8:fb:78:3b:27:30:f8:76:0f:4d:44:
         35:13:0d:af:67:14:03:63:38:00:44:db:79:1c:0e:27:4d:5f:
         27:0b:2b:79:b2:94:75:19:1b:a9:79:1c:00:62:41:ad:28:ec:
         78:06:eb:04:0f:92:4d:01:42:e7:b3:a2:d5:82:6d:f2:4d:b6:
         00:1e:45:35:ab:ac:50:15:6d:1e:60:74:84:a3:d6:17:f4:21:
         b4:d7:5d:1e:ed:69:82:22:13:34:a8:60:5a:9e:70:cc:58:26:
         68:5d:92:dd:78:87:47:91:c8:94:12:89:43:fc:eb:1f:9f:8e:
         22:1e:19:4b:ea:6d:2d:0b:1c:e7:17:e7:e9:33:e6:19:37:6f:
         70:03:25:51
最后编辑于
©著作权归作者所有,转载或内容合作请联系作者
  • 序言:七十年代末,一起剥皮案震惊了整个滨河市,随后出现的几起案子,更是在滨河造成了极大的恐慌,老刑警刘岩,带你破解...
    沈念sama阅读 211,743评论 6 492
  • 序言:滨河连续发生了三起死亡事件,死亡现场离奇诡异,居然都是意外死亡,警方通过查阅死者的电脑和手机,发现死者居然都...
    沈念sama阅读 90,296评论 3 385
  • 文/潘晓璐 我一进店门,熙熙楼的掌柜王于贵愁眉苦脸地迎上来,“玉大人,你说我怎么就摊上这事。” “怎么了?”我有些...
    开封第一讲书人阅读 157,285评论 0 348
  • 文/不坏的土叔 我叫张陵,是天一观的道长。 经常有香客问我,道长,这世上最难降的妖魔是什么? 我笑而不...
    开封第一讲书人阅读 56,485评论 1 283
  • 正文 为了忘掉前任,我火速办了婚礼,结果婚礼上,老公的妹妹穿的比我还像新娘。我一直安慰自己,他们只是感情好,可当我...
    茶点故事阅读 65,581评论 6 386
  • 文/花漫 我一把揭开白布。 她就那样静静地躺着,像睡着了一般。 火红的嫁衣衬着肌肤如雪。 梳的纹丝不乱的头发上,一...
    开封第一讲书人阅读 49,821评论 1 290
  • 那天,我揣着相机与录音,去河边找鬼。 笑死,一个胖子当着我的面吹牛,可吹牛的内容都是我干的。 我是一名探鬼主播,决...
    沈念sama阅读 38,960评论 3 408
  • 文/苍兰香墨 我猛地睁开眼,长吁一口气:“原来是场噩梦啊……” “哼!你这毒妇竟也来了?” 一声冷哼从身侧响起,我...
    开封第一讲书人阅读 37,719评论 0 266
  • 序言:老挝万荣一对情侣失踪,失踪者是张志新(化名)和其女友刘颖,没想到半个月后,有当地人在树林里发现了一具尸体,经...
    沈念sama阅读 44,186评论 1 303
  • 正文 独居荒郊野岭守林人离奇死亡,尸身上长有42处带血的脓包…… 初始之章·张勋 以下内容为张勋视角 年9月15日...
    茶点故事阅读 36,516评论 2 327
  • 正文 我和宋清朗相恋三年,在试婚纱的时候发现自己被绿了。 大学时的朋友给我发了我未婚夫和他白月光在一起吃饭的照片。...
    茶点故事阅读 38,650评论 1 340
  • 序言:一个原本活蹦乱跳的男人离奇死亡,死状恐怖,灵堂内的尸体忽然破棺而出,到底是诈尸还是另有隐情,我是刑警宁泽,带...
    沈念sama阅读 34,329评论 4 330
  • 正文 年R本政府宣布,位于F岛的核电站,受9级特大地震影响,放射性物质发生泄漏。R本人自食恶果不足惜,却给世界环境...
    茶点故事阅读 39,936评论 3 313
  • 文/蒙蒙 一、第九天 我趴在偏房一处隐蔽的房顶上张望。 院中可真热闹,春花似锦、人声如沸。这庄子的主人今日做“春日...
    开封第一讲书人阅读 30,757评论 0 21
  • 文/苍兰香墨 我抬头看了看天上的太阳。三九已至,却和暖如春,着一层夹袄步出监牢的瞬间,已是汗流浃背。 一阵脚步声响...
    开封第一讲书人阅读 31,991评论 1 266
  • 我被黑心中介骗来泰国打工, 没想到刚下飞机就差点儿被人妖公主榨干…… 1. 我叫王不留,地道东北人。 一个月前我还...
    沈念sama阅读 46,370评论 2 360
  • 正文 我出身青楼,却偏偏与公主长得像,于是被迫代替她去往敌国和亲。 传闻我的和亲对象是个残疾皇子,可洞房花烛夜当晚...
    茶点故事阅读 43,527评论 2 349

推荐阅读更多精彩内容

  • 1 概述 本文之所以称之为半自动化,是因为证书的申请并非日常工作,只是一段时间才需要申请,同时,在创建证书和办法证...
    ghbsunny阅读 2,145评论 0 1
  • CA和证书安全协议(SSL/TLS)OpenSSH 一、CA和证书 (一) PKI(Public Key Infr...
    哈喽别样阅读 1,385评论 0 0
  • 未经审视的人生是不值得经历的。 可我并不是因为这句话才去回忆。 而是这件事本身逼迫我的思绪不断与它狭路相逢。 没有...
    骑马蓝阅读 207评论 0 1
  • 最近很多朋友一见面就总问我去那儿啦?一问才知是没看到我微信上有动静了,而且经常发微信也不及时回。在此跟大家说声对不...
    看蔚来成长阅读 543评论 2 1
  • 理智与情感,相爱相杀好多年。每每对现实很不满意,想要去改变,感性就会跑出来说,不行,万一失败了怎么办?所以很多时候...
    潘秋宇之秋雨夜眠阅读 144评论 0 0