$ which openssl
/usr/bin/openssl
bsd# openssl genrsa -des3 -out server.key 1024 --产生私钥 要产生RSA密钥,RSA是所有主要的 浏览器都支持的一种的加密算法
Generating RSA private key, 1024 bit long modulus
............++++++
........++++++
e is 65537 (0x10001)
Enter pass phrase for server.key: --这输入passphrase 也就是密码
Verifying - Enter pass phrase for server.key:
bsd# ls -al
total 126
drwxr-xr-x 5 root wheel 512 Nov 6 03:54 .
drwxr-xr-x 7 root wheel 512 Nov 4 08:40 ..
drwxr-xr-x 2 root wheel 512 Nov 6 03:17 Includes
drwxr-xr-x 2 root wheel 512 Oct 27 21:11 envvars.d
drwxr-xr-x 2 root wheel 512 Oct 27 21:11 extra
-rw-r--r-- 1 root wheel 16719 Nov 4 23:33 httpd.conf
-rw-r--r-- 1 root wheel 16560 Oct 27 06:45 httpd.confbackup
-rw-r--r-- 1 root wheel 16719 Nov 6 02:07 httpd.good.conf
-rw-r--r-- 1 root wheel 12958 Oct 27 21:11 magic
-rw-r--r-- 1 root wheel 45472 Oct 27 21:11 mime.types
-rw-r--r-- 1 root wheel 963 Nov 6 03:54 server.key --文件生成
bsd# openssl rsa -noout -text -in server.key --查看文件内容
Enter pass phrase for server.key:
Private-Key: (1024 bit)
modulus:
00:a3:5d:aa:11:45:32:40:ee:77:4b:80:77:ec:94:
d4:c4:3b:db:08:c0:15:ea:a8:8f:86:cb:09:30:77:
89:6e:a8:c8:a3:96:0f:07:cc:c9:ab:1c:f5:cf:44:
1c:e9:e7:86:49:c3:ce:21:d0:13:d1:3d:3b:4a:ce:
ff:89:4a:8d:13:08:5b:df:de:b9:21:da:45:67:62:
55:a8:c5:33:d1:a0:79:8a:43:11:8a:70:8d:c0:db:
2a:05:38:2f:6f:09:50:a4:4d:b7:75:48:69:c4:9f:
0c:f9:70:12:0f:25:b7:04:4f:26:7a:80:d0:03:9f:
18:80:dc:4c:cd:a6:6b:16:83
publicExponent: 65537 (0x10001)
privateExponent:
00:94:9f:b7:04:65:46:95:ea:1d:5f:f4:2d:a6:6f:
b4:ae:1e:a2:63:f0:95:3f:da:40:51:6a:50:1e:e6:
f1:82:5a:4d:c6:fd:d3:08:ce:97:be:73:e7:71:bc:
4e:ed:c1:f3:db:12:27:6b:7d:a9:39:d8:12:24:39:
f4:23:0c:4f:10:c8:37:0e:4c:14:e0:5c:41:49:71:
c9:24:de:8d:a8:16:d5:a7:e3:48:df:ea:fb:2e:2f:
ae:52:06:bf:4b:88:b3:ee:f0:d7:d5:11:68:19:af:
cb:5e:bb:15:1e:ff:b9:e7:62:74:3d:4d:ac:0b:20:
a9:f6:da:ec:dc:4b:c4:bd:59
prime1:
00:d5:c1:c8:03:5e:7f:da:2c:31:36:0f:0b:50:af:
0b:c5:21:14:6e:b9:4d:c8:bf:ca:c6:d8:d5:29:aa:
4d:09:32:d9:43:3f:78:78:ba:e6:25:4f:a8:f1:c4:
e9:50:ba:81:b6:41:20:fa:a1:f7:7a:5b:22:ac:86:
d6:a7:bb:a6:6f
prime2:
00:c3:a6:89:cb:f5:e8:03:12:3a:26:07:c5:3c:b0:
be:e1:bf:9b:92:24:58:ec:eb:3e:41:91:ea:69:db:
7d:5c:53:1f:29:b6:eb:7d:5b:23:65:c8:4b:99:d8:
81:9a:e1:81:c6:8f:78:21:2e:ea:65:8f:7b:da:14:
fa:d5:c0:fb:2d
exponent1:
48:44:8c:a7:be:f2:40:c3:c2:1b:81:b8:94:9d:a9:
c0:0a:f0:0a:83:31:ae:16:51:ab:2a:b1:de:b5:49:
f8:3b:2d:c3:13:99:5a:4f:ed:f1:5d:5e:43:e7:0b:
ee:94:2f:b8:7b:8a:77:d1:fc:86:6c:7b:6b:92:e6:
cd:ac:9e:97
exponent2:
62:82:aa:03:1e:2f:d1:cc:0d:a7:34:66:65:26:81:
15:dd:8a:11:4d:67:d0:f2:a9:88:0e:56:3f:32:9a:
ae:2f:d4:13:06:dd:0f:63:22:31:8f:66:31:72:47:
df:9a:07:e3:d8:3d:1e:48:27:11:37:eb:9e:64:cd:
df:6e:a9:89
coefficient:
00:b8:41:ee:e5:89:11:b9:32:c6:14:6b:8f:b5:93:
c9:ec:8d:bf:0e:59:19:14:a4:c8:6d:8f:f9:c1:c8:
b0:af:b6:32:82:e0:f6:8b:be:a4:6d:e8:4d:32:dd:
e1:32:f7:96:00:1b:01:9f:05:e0:79:f8:b5:f6:bd:
89:c6:e0:ee:59
bsd# openssl req -new -key server.key -out server.csr --产生证书签署请求
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:us
State or Province Name (full name) [Some-State]:de
Locality Name (eg, city) []:13394
Organization Name (eg, company) [Internet Widgits Pty Ltd]:13394
Organizational Unit Name (eg, section) []:13394
Common Name (eg, YOUR name) []:www.13394.com
Email Address []:[email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:fuyou001
An optional company name []:fuyou001
bsd# openssl req -noout -text -in server.csr
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=us, ST=de, L=13394, O=13394, OU=13394, CN=www.13394.com/[email protected]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:a3:5d:aa:11:45:32:40:ee:77:4b:80:77:ec:94:
d4:c4:3b:db:08:c0:15:ea:a8:8f:86:cb:09:30:77:
89:6e:a8:c8:a3:96:0f:07:cc:c9:ab:1c:f5:cf:44:
1c:e9:e7:86:49:c3:ce:21:d0:13:d1:3d:3b:4a:ce:
ff:89:4a:8d:13:08:5b:df:de:b9:21:da:45:67:62:
55:a8:c5:33:d1:a0:79:8a:43:11:8a:70:8d:c0:db:
2a:05:38:2f:6f:09:50:a4:4d:b7:75:48:69:c4:9f:
0c:f9:70:12:0f:25:b7:04:4f:26:7a:80:d0:03:9f:
18:80:dc:4c:cd:a6:6b:16:83
Exponent: 65537 (0x10001)
Attributes:
unstructuredName :fuyou001
challengePassword :fuyou001
Signature Algorithm: sha1WithRSAEncryption
36:6a:79:6f:21:5e:82:05:bd:58:c2:55:22:8d:b3:f2:6c:47:
01:53:c4:a8:2b:4c:e4:d3:12:05:dd:af:09:2b:2c:08:98:42:
f0:ad:ce:b5:bc:63:ee:f5:a0:70:43:df:9a:63:4d:56:70:db:
01:e0:19:21:8b:7f:ac:0d:21:21:8b:2d:2e:ab:21:8d:60:19:
2d:55:e3:78:9e:f7:10:90:5b:f6:7a:35:f8:63:21:b1:9e:9d:
f1:e2:f6:48:a4:4c:26:cf:af:fc:a1:6c:cf:9a:10:02:b6:5d:
99:7e:22:6b:38:f0:1a:8d:86:f9:29:9c:e2:d0:48:b7:dc:54:
c6:ff
bsd# ls -al
total 128
drwxr-xr-x 5 root wheel 512 Nov 6 03:56 .
drwxr-xr-x 7 root wheel 512 Nov 4 08:40 ..
drwxr-xr-x 2 root wheel 512 Nov 6 03:17 Includes
drwxr-xr-x 2 root wheel 512 Oct 27 21:11 envvars.d
drwxr-xr-x 2 root wheel 512 Oct 27 21:11 extra
-rw-r--r-- 1 root wheel 16719 Nov 4 23:33 httpd.conf
-rw-r--r-- 1 root wheel 16560 Oct 27 06:45 httpd.confbackup
-rw-r--r-- 1 root wheel 16719 Nov 6 02:07 httpd.good.conf
-rw-r--r-- 1 root wheel 12958 Oct 27 21:11 magic
-rw-r--r-- 1 root wheel 45472 Oct 27 21:11 mime.types
-rw-r--r-- 1 root wheel 761 Nov 6 03:55 server.csr
-rw-r--r-- 1 root wheel 963 Nov 6 03:54 server.key
bsd# ls
Includes httpd.confbackup server.csr
envvars.d httpd.good.conf server.key
extra magic
httpd.conf mime.types
bsd# rm server.*
bsd# ls -al
total 124
drwxr-xr-x 5 root wheel 512 Nov 6 03:59 .
drwxr-xr-x 7 root wheel 512 Nov 4 08:40 ..
drwxr-xr-x 2 root wheel 512 Nov 6 03:17 Includes
drwxr-xr-x 2 root wheel 512 Oct 27 21:11 envvars.d
drwxr-xr-x 2 root wheel 512 Oct 27 21:11 extra
-rw-r--r-- 1 root wheel 16719 Nov 4 23:33 httpd.conf
-rw-r--r-- 1 root wheel 16560 Oct 27 06:45 httpd.confbackup
-rw-r--r-- 1 root wheel 16719 Nov 6 02:07 httpd.good.conf
-rw-r--r-- 1 root wheel 12958 Oct 27 21:11 magic
-rw-r--r-- 1 root wheel 45472 Oct 27 21:11 mime.types
bsd# openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
.++++++
......................................++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
bsd# openssl req -new -x509 -nodes -sha1 -days 1000 -key server.key -out server.crt
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:us
State or Province Name (full name) [Some-State]:de
Locality Name (eg, city) []:13394
Organization Name (eg, company) [Internet Widgits Pty Ltd]:13394
Organizational Unit Name (eg, section) []:13394
Common Name (eg, YOUR name) []:www.13394.com
Email Address []:[email protected]
bsd# openssl x509 -noout -text -in server.crt
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
8c:c6:e3:2a:bd:54:62:84
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=us, ST=de, L=13394, O=13394, OU=13394, CN=www.13394.com/[email protected]
Validity
Not Before: Nov 6 04:01:04 2010 GMT
Not After : Aug 2 04:01:04 2013 GMT
Subject: C=us, ST=de, L=13394, O=13394, OU=13394, CN=www.13394.com/[email protected]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:ab:63:e9:46:bf:91:d2:c7:8d:ae:c7:19:8f:bf:
51:1b:f7:e5:24:85:23:24:cc:2f:5c:3d:3c:ce:7f:
c1:99:1d:db:8a:b2:61:aa:29:f2:d4:96:b3:92:fb:
f9:93:0c:c8:c9:ed:30:44:e7:12:78:40:c7:b6:19:
a7:5d:1b:a1:b0:05:91:13:a7:78:db:ed:8e:b6:86:
81:6c:45:96:a7:a8:ec:37:79:d7:97:e3:64:1d:df:
3f:22:78:e6:85:a4:d8:72:a9:f9:ca:4f:2b:24:4a:
e8:88:6f:fa:7b:4d:7d:85:73:4e:fe:a4:64:90:f4:
48:eb:ef:ef:e9:c1:9e:95:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:80:5C:75:FE:BE:CE:65:40:F4:22:96:96:3D:D3:6D:EE:0E:5D:4D
X509v3 Authority Key Identifier:
keyid:CF:80:5C:75:FE:BE:CE:65:40:F4:22:96:96:3D:D3:6D:EE:0E:5D:4D
DirName:/C=us/ST=de/L=13394/O=13394/OU=13394/CN=www.13394.com/[email protected]
serial:8C:C6:E3:2A:BD:54:62:84
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
13:93:c8:b4:da:f4:f4:1e:64:05:33:1b:9f:d3:4e:52:ba:0a:
1a:04:f6:54:54:0e:02:bd:67:f4:61:fc:75:09:4d:71:fd:1e:
93:fe:19:d9:85:7a:52:aa:5c:58:9a:d1:a9:9b:36:ad:b5:82:
57:b7:b2:5e:1a:ab:73:b3:da:7a:c1:66:a5:39:c7:a3:1d:24:
d1:58:9f:4d:28:dc:63:52:77:3b:6d:6a:a7:6d:14:cb:a6:74:
2b:71:3a:79:49:9c:20:56:f9:96:96:6b:7a:eb:9c:59:16:c7:
30:9d:f2:54:24:fa:97:0c:88:33:b9:ce:2d:ec:94:19:ab:7a:
9d:f1
bsd# ls -al
total 128
drwxr-xr-x 5 root wheel 512 Nov 6 04:01 .
drwxr-xr-x 7 root wheel 512 Nov 4 08:40 ..
drwxr-xr-x 2 root wheel 512 Nov 6 03:17 Includes
drwxr-xr-x 2 root wheel 512 Oct 27 21:11 envvars.d
drwxr-xr-x 2 root wheel 512 Oct 27 21:11 extra
-rw-r--r-- 1 root wheel 16719 Nov 4 23:33 httpd.conf
-rw-r--r-- 1 root wheel 16560 Oct 27 06:45 httpd.confbackup
-rw-r--r-- 1 root wheel 16719 Nov 6 02:07 httpd.good.conf
-rw-r--r-- 1 root wheel 12958 Oct 27 21:11 magic
-rw-r--r-- 1 root wheel 45472 Oct 27 21:11 mime.types
-rw-r--r-- 1 root wheel 1265 Nov 6 04:01 server.crt
-rw-r--r-- 1 root wheel 963 Nov 6 03:59 server.key
bsd# less httpd.conf |grep ssl
LoadModule ssl_module libexec/apache22/mod_ssl.so
#Include etc/apache22/extra/httpd-ssl.conf
# but a statically compiled-in mod_ssl.
<IfModule ssl_module>
bsd# vi httpd.conf
bsd# cd /usr/local/etc//apache22/extra/
bsd# ls -al
total 46
drwxr-xr-x 2 root wheel 512 Oct 27 21:11 .
drwxr-xr-x 5 root wheel 512 Nov 6 04:01 ..
-rw-r--r-- 1 root wheel 2855 Oct 27 21:11 httpd-autoindex.conf
-rw-r--r-- 1 root wheel 1678 Oct 27 21:11 httpd-dav.conf
-rw-r--r-- 1 root wheel 2344 Oct 27 21:11 httpd-default.conf
-rw-r--r-- 1 root wheel 1103 Oct 27 21:11 httpd-info.conf
-rw-r--r-- 1 root wheel 5078 Oct 27 21:11 httpd-languages.conf
-rw-r--r-- 1 root wheel 926 Oct 27 21:11 httpd-manual.conf
-rw-r--r-- 1 root wheel 3797 Oct 27 21:11 httpd-mpm.conf
-rw-r--r-- 1 root wheel 2201 Oct 27 21:11 httpd-multilang-errordoc.conf
-rw-r--r-- 1 root wheel 10219 Oct 27 21:11 httpd-ssl.conf
-rw-r--r-- 1 root wheel 952 Oct 27 21:11 httpd-userdir.conf
-rw-r--r-- 1 root wheel 1493 Oct 27 21:11 httpd-vhosts.conf
bsd# vi httpd-ssl.conf
bsd# ls
httpd-autoindex.conf httpd-mpm.conf
httpd-dav.conf httpd-multilang-errordoc.conf
httpd-default.conf httpd-ssl.conf
httpd-info.conf httpd-userdir.conf
httpd-languages.conf httpd-vhosts.conf
httpd-manual.conf
bsd# cd ..
bsd# ls
Includes httpd.confbackup server.crt
envvars.d httpd.good.conf server.key
extra magic
httpd.conf mime.types
bsd# cd Includes
bsd# ls
httpd-ssl.conf no-accf.conf
bsd# rm httpd-ssl.conf
bsd# ls
no-accf.conf
bsd# pwd
/usr/local/etc/apache22/Includes
bsd# cd ..
bsd# ls
Includes httpd.confbackup server.crt
envvars.d httpd.good.conf server.key
extra magic
httpd.conf mime.types
bsd# cp server.key server.key.org --备份
bsd# openssl rsa -in server.key.org -out server.key--去掉apache 启动时要输入passphrase
Enter pass phrase for server.key.org:
writing RSA key
bsd# exit
exit
$ exit
--在配置文件 里去掉前面的#注释
Include etc/apache22/extra/httpd-ssl.conf
--在配置文件 里去掉前面的#注释 (我这里是freebsd ports安装apache ,前面就没有#)
LoadModule ssl_module libexec/apache22/mod_ssl.so
然后在httpd-ssl.conf里加入下面两句话(路径要和你自己的对应)
SSLCertificateFile /usr/local/etc/apache22/server.crt
SSLCertificateKeyFile /usr/local/etc/apache22/server.key
---上面有些敏感已被替换了
2010-11-6freebsd https
猜你喜欢
转载自fuyou001.iteye.com/blog/806114
周排行