Reprinted from: https://blog.csdn.net/xiejunna/article/details/61914660
Public key suffix: pem (firefox supports this format), crt (Microsoft supports this format), key.
Private key suffix: pfx, p12, pem, key.
OpenSSL: Secure Sockets Layer protocol.
The meaning of the pfx suffix:
contains the public and private keys.
Public Key Cryptography Standards #12 (PKCS#12) specifies a portable format for storing and transmitting user or server private keys, public keys, and certificates. It is a binary format and these files are also known as PFX files. Developers often need to convert PFX files to some different format, such as PEM or JKS, so that they can be used for standalone Java clients or WebLogic Server that communicate using SSL.
Openssl(安全套接层协议)从PFX导出私钥、公钥
从pfx提取密钥信息,并转换为key格式(pfx使用pkcs12模式补足)
//1、提取密钥对(如果pfx证书已加密,会提示输入密码。)
openssl pkcs12 -in 1.pfx -nocerts -nodes -out 1.key
//2、从密钥对提取私钥
openssl rsa -in 1.key -out 1_pri.key
//3、从密钥对提取公钥
openssl rsa -in 1.key -pubout -out 1_pub.key
//4、因为RSA算法使用的是pkcs8模式补足,需要对提取的私钥进一步处理
openssl pkcs8 -in 1_pri.key -out 1_pri.p8 -outform der -nocrypt -topk8
openssl pkcs8 -topk8 -inform PEM -in oct_ws_pri.key -outform PEM -nocrypt -out oct_ws_pri.pem - 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
openssl生成证书,公私钥的方法
终端:
1、创建私钥:
openssl genrsa -out private.pem 1024 //密钥长度,1024觉得不够安全的话可以用2048,但是代价也相应增大
2、创建公钥:
//为方便测试,还是需要公钥的。正常情况下,拿到证书就可以了
openssl rsa -in private.pem -pubout -out public.pem
3、创建证书请求:
//使用私钥生成一个证书请求,证书请求提交到CA认证中心后会得到一份证书,当然,测试用时,就不必提交CA认证中心(收费)
openssl req -new -out cert.csr -key private.pem
4、自签署根证书:
//自签署,就是不通过CA认证中心自行进行证书签名,这里用是x509
openssl x509 -req -in cert.csr -out public.der -outform der -signkey private.pem -days 3650 //