1, on the ECC and RSA certificate certificate
in RSA key exchange, the browser uses RSA public key encryption-related information provided by the certificate, if the server can decrypt, it means that the server certificate has a corresponding private key, but also can be calculated symmetry encryption keys needed. Key exchange and server authentication are combined.
In ECDHE key exchange, the server certificate using the private key to sign the relevant information, if the browser can use the public key to verify the signature certificate, it means that the server does have a corresponding private key, thus completing the authentication server. Key exchange and server authentication are completely separate.
ECDHE digital signature algorithm can be used mainly RSA and ECDSA, which is currently the key exchange + signature There are three main ways:
RSA key exchange (no signature)
ECDHE key exchange, RSA signature
ECDHE key exchange, ECDSA signature
Certificate built ECDSA public key certificate is generally known as ECC certificates, RSA public key is built RSA certificate. Since ECC Key 256 is identical in safety to the 3072 RSA Key, plus ECC operation faster, ECDHE + ECDSA digital signature key exchange is the best choice. Due to security under the same conditions, the required ECC algorithm Key shorter, so the ECC certificate file size smaller than RSA certificate number.
RSA key exchange certificate can be used RSA (RSA asymmetric encryption) or ECDHE key exchange (RSA asymmetric signature); and certificates can only be used ECDHE ECC key exchange (the ECDSA signature asymmetric).
Not all browsers support ECDHE key exchange, which means compatibility ECC certificate to be worse. In Windows XP, for example, the use of ECC certificates only Firefox can access the website (TLS Firefox's own realization, do not rely on the operating system); Android platform, also needs to Android 4+ only support ECC certificates.
The good news is, Nginx 1.11.0 began to provide support for RSA / ECC dual certificate. Its implementation principle is: analysis Cipher Suite in TLS handshake two sides negotiated, if support ECDSA returns ECC certificate, otherwise RSA certificate.
In other words, with the latest Nginx, we can use the ECC certificates provide a better experience for modern browsers, while older browsers will still get RSA certificate, thus ensuring compatibility. This time, we can have both fish and bear's paw.
2, on the x509 command
Pseudo like openssl ca command x509 can perform the same action for signature or certificate request. Note, openssl x509 does not read the configuration file, all that configuration by x509 themselves, so openssl x509 like a "mini CA" x509 tool to use self CA.
Since x509 certificate request file could not be established, it can only use openssl req to create a request file, and then use the x509 from signing.
Since the time of signing, using "-req" option made it clear that the input file for the certificate request file, otherwise it will default thought it was a certificate file, and then use the "-signkey" provide the private key is used when a self-signed.
REQ -new -out -keyout key.pem OpenSSL req.csr
OpenSSL x509 -req -IN req.csr -signkey key.pem -out x509.crt
certificate x509 can also be used to sign other people's request, shall issue certificates to others. Note that when you issue a certificate for others to ensure that serial file exists, use the option "-CAcreateserial" created automatically.
openssl x509 -req -in req.csr -CA ca.crt -CAkey ca.key -out x509.crt -CAcreateserial
3, generated ECC certificate
Use openssl command to generate ecparam ecdsa key (-name parameter prime256v1 or secp384r1. 256bit fact, security and speed should be enough.)
openssl ecparam -name prime256v1 -genkey -out EccCA.key
The key from password protection (optional)
openssl ec -in EccCA.key -des -passout pass:"123456" -out EccCA.key
Use the command to generate ECDSA certificate request openssl req
openssl req -new -key EccCA.key -out EccCA.req -subj "/C=CN/ST=Shanxi/L=Xi'an/O=Huawei/OU=IT/CN=.*"
Use the command openssl x509 certificate issued
openssl x509 -req -in EccCA.req -signkey EccCA.key -out EccCA.pem
Ecdsa key using the generated command openssl ecparam
openssl ecparam -name prime256v1 -genkey -out EccSite.key
Use the command to generate ECDSA certificate request openssl req
openssl req -new -key EccSite.key -out EccSite.req -subj "/C=CN/ST=Shanxi/L=Xi'an/O=Huawei/OU=IT/CN=.*"
Use the command openssl x509 certificate issued
openssl x509 -req -in EccSite.req -CA EccCA.pem -CAkey EccCA.key -out EccSite.pem -CAcreateserial
4, generating RSA certificate
Rsa key generated using the command openssl genrsa
openssl genrsa -out server.key 2048
Subsequent generate the certificate request and issuance of certificates processes consistent with ECC certificate process
5, the file generating pkcs12
1) generating pkcs12 file, but does not contain the CA certificate:
OpenSSL pkcs12 -export -out ocspserverpkcs12.pfx ocspservercert.pem -inkey ocspserverkey.pem -IN
2) generating pcs12 file containing the CA certificate:
OpenSSL pkcs12 -export -IN server.crt -CAfileca.crt -chain server.key--inkey -out server.pfx
. 3) in the separation information pcks12 out, written to the file:
OpenSSL PKCS12 -IN ocsp1.pfx -out certandkey.pem
. 4) show pkcs12 information:
OpenSSL pkcs12 -IN ocsp1.pfx -info
------------------------------------
attached: 1, to convert cert1.pem .p12 format
OpenSSL PKCS12 -export -IN cert1.pem -inkey cert1.key -certfile ca.pem -out cert1.p12
2, converted into cert1.pem .cer format: simply .cer extension can be changed.
6, view private information
ECC private
OpenSSL ec -IN EccSite.key -noout -text
RSA private key using openssl rsa command
7, view the public key information
openssl x509 -in EccSite.pem -noout -text
8、查看加密套件
openssl ciphers -V 'EECDH+AES128' | column -t
0xC0,0x2F - ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
0xC0,0x2B - ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
0xC0,0x27 - ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
0xC0,0x23 - ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256
0xC0,0x13 - ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1
0xC0,0x09 - ECDHE-ECDSA-AES128-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1
It can be seen as using RSA signature verification algorithm (Au = RSA) cipher suite lined up in front, will lead Nginx make a misjudgment, giving priority RSA certificate, rather than ECDSA certificate.
9, 5 share certificates automatically generated script tool
reference leaving certificate brother wrote rsa build script ( http://3ms.huawei.com/km/groups/1503235/blogs/details/5239717 ), I did a five automatic generate scripts certificate support rsa, ecc certificate generation, you can use password encryption, you can not use password encryption.