openssl 指令command line - SSORC.tw
文章推薦指數: 80 %
openssl req -in server.csr -noout -verify -key server.key. 檢查憑證 openssl verify server.crt. 查看csr 內容 openssl req -in server.csr ...
首頁
Linux
openssl指令commandline
openssl指令commandline
1
ssorc發佈於15年前
自產出私密金鑰(privatekey)及 憑證(crt)(365天,2048bits)
opensslreq-new -sha256-x509-keyoutserver.key-outserver.crt-days365-newkeyrsa:2048-nodes-subj '/C=TW/ST=Taiwan/L=Taipei/CN=ssorc.tw/[email protected]'
產出私密金鑰(privatekey)及憑證要求(certificatesigningrequest=csr)
opensslreq-new-sha256-keyoutserver.key-outserver.csr-days365 -newkeyrsa:2048-nodes-subj '/C=TW/ST=Taiwan/L=Taipei/CN=ssorc.tw/[email protected]'
如果用繼有的privatekey產生憑證要求(csr)
opensslreq-new-keyserver.key-outserver.csr
簽署csr產生crt
opensslx509-inserver.csr-outserver.crt-req-text-signkeyserver.key
用CA簽發
opensslca-policypolicy_anything-outserver.crt-infilesserver.csr
檢查csr與privatekey
opensslreq-inserver.csr-noout-verify-keyserver.key
檢查憑證
opensslverifyserver.crt
查看csr內容
opensslreq-inserver.csr-noout-text
參數說明:
-noout:不輸出BEGINCERTIFICATEREQUEST字樣
查看csr內容並檢查
opensslreq-inserver.csr-noout-text-verify
查看crt內容
opensslx509-inserver.crt-text
其它查看參數:
-issuer
-subject
-dates
#CreateCAcertificate
opensslgenrsa2048>ca-key.pem
opensslreq-new-sha256-x509-nodes-days3600-keyca-key.pem-outca-cert.pem-subj'/C=TW/ST=Taiwan/L=Taipei/CN=ca.ssorc.tw/[email protected]'
#Createservercertificate,removepassphrase,andsignit
#server-cert.pem=publickey,server-key.pem=privatekey
opensslreq-sha256-newkeyrsa:2048-days3600-nodes-keyoutserver-key.pem-outserver-req.pem-subj'/C=TW/ST=Taiwan/L=Taipei/CN=server.ssorc.tw/[email protected]'
opensslrsa-inserver-key.pem-outserver-key.pem
opensslx509-sha256-req-inserver-req.pem-days3600-CAca-cert.pem-CAkeyca-key.pem-set_serial01-outserver-cert.pem
#Createclientcertificate,removepassphrase,andsignit
#client-cert.pem=publickey,client-key.pem=privatekey
opensslreq-sha256-newkeyrsa:2048-days3600-nodes-keyoutclient-key.pem-outclient-req.pem-subj'/C=TW/ST=Taiwan/L=Taipei/CN=client.ssorc.tw/[email protected]'
opensslrsa-inclient-key.pem-outclient-key.pem
opensslx509-sha256-req-inclient-req.pem-days3600-CAca-cert.pem-CAkeyca-key.pem-set_serial01-outclient-cert.pem
#verifythem
opensslverify-CAfileca-cert.pemserver-cert.pemclient-cert.pem
文件加密、解密
明文文件(plaintext) :test.txt
密文文件(ciphertext):test.msg
文件加密
echo"thisisatestfile">test.txt
opensslsmime-encrypt-intest.txt-outtest.msgserver.crt
文件解密
opensslsmime-decrypt-intest.msg-recipserver.crt-inkeyserver.key
驗證簽章(VerifySignature)
opensslsmime-sign-inkeyserver.key-signerserver.crt-intest.txt-outtest.msg
opensslsmime-verif-intest.msg-signerserver.crt-outtest2.txt-CAfileserver.ca
測試TLS
openssls_client-CAfileserver.ca-connectlocalhost:993
openssls_client-connectlocalhost:25-starttlssmtp
openssls_time-connectlocalhost:443
Benchmark
opensslspeed
opensslspeedrsa
參考
http://www.madboa.com/geek/openssl/
http://www.ascc.net/nl/91/1819/02.txt
http://www.study-area.org/tips/certs/certs.html
其它相關文章openssl指令commandline–檢查SSLTLS有Heartbleed風險的SSL伺服器還是很多使用Cygwin在Windows上架設SSHServerSSL/TLS新漏洞,DROWN攻擊OpenSSL最近漏洞修復清單SSL/TLSFREAK漏洞的後續
最後修改日期: 2014年10月16日
opensslssl
作者
ssorc
留言
瘦河馬 發佈於11年前
感謝您的教學
[Reply]
撰寫回覆或留言取消回覆發佈留言必須填寫的電子郵件地址不會公開。
Clicktocancelreply
文章導覽
上一篇文章TcpHandshaking三次握手下一篇文章做一個MSNMessenger的「隱形人」
延伸文章資訊
- 1openssl/README.ssltest.md at master - GitHub
SSL tests. SSL testcases are configured in the ssl-tests directory. Each ssl_*.cnf.in file contai...
- 2SSL Server Test (Powered by Qualys SSL Labs)
SSL Server Test ... This free online service performs a deep analysis of the configuration of any...
- 3Chapter 2. Testing TLS with OpenSSL - Feisty Duck
Using OpenSSL for testing purposes has become more difficult recently because, ... The recent one...
- 4s_client - OpenSSL
NAME. openssl-s_client, s_client - SSL/TLS client program. SYNOPSIS. openssl s_client [-connect h...
- 5openssl 指令command line - SSORC.tw
openssl req -in server.csr -noout -verify -key server.key. 檢查憑證 openssl verify server.crt. 查看csr ...