zhouzhongping/wiki
1
0
Fork 0
Code
1d9ff7b4d0
wiki/Technology/ComputerSecurity/网络安全/OpenSSL/简明指南.html

403 lines
522 KiB
HTML
Raw Normal View History

Deploy HTML files - 2024-09-05
2024-09-05 22:26:11 +08:00
<!DOCTYPE html>
<html><head><title>简明指南</title><meta charSet="utf-8"/><meta name="viewport" content="width=device-width, initial-scale=1.0"/><meta property="og:title" content="简明指南"/><meta property="og:description" content="OpenSSL 简明指南."/><meta property="og:image" content="https://wiki.7wate.com/static/og-image.png"/><meta property="og:width" content="1200"/><meta property="og:height" content="675"/><link rel="icon" href="../../../../static/icon.png"/><meta name="description" content="OpenSSL 简明指南."/><meta name="generator" content="Quartz"/><link rel="preconnect" href="https://fonts.googleapis.com"/><link rel="preconnect" href="https://fonts.gstatic.com"/><script async src="https://umami.7wate.com/script.js" data-website-id="c061efdc-95dd-4d21-9d04-a1ffda0a85b9"></script><script>
var _hmt = _hmt || [];
(function() {
var hm = document.createElement("script");
hm.src = "https://hm.baidu.com/hm.js?94d8ccb156eb7c65abf317e6e01cdba9";
var s = document.getElementsByTagName("script")[0];
s.parentNode.insertBefore(hm, s);
})();
</script><script async src="https://www.googletagmanager.com/gtag/js?id=G-MHMEL0F832"></script><script>
(function() {
window.dataLayer = window.dataLayer || [];
function gtag() {
window.dataLayer.push(arguments);
}
gtag('js', new Date());
gtag('config', 'G-MHMEL0F832');
})();
</script><link href="../../../../index.css" rel="stylesheet" type="text/css" spa-preserve/><link href="https://cdn.jsdelivr.net/npm/katex@0.16.0/dist/katex.min.css" rel="stylesheet" type="text/css" spa-preserve/><link href="https://fonts.googleapis.com/css2?family=IBM Plex Mono&amp;family=Schibsted Grotesk:wght@400;700&amp;family=Source Sans Pro:ital,wght@0,400;0,600;1,400;1,600&amp;display=swap" rel="stylesheet" type="text/css" spa-preserve/><script src="../../../../prescript.js" type="application/javascript" spa-preserve></script><script type="application/javascript" spa-preserve>const fetchData = fetch(`../../../../static/contentIndex.json`).then(data => data.json())</script></head><body data-slug="Technology/ComputerSecurity/网络安全/OpenSSL/简明指南"><div id="quartz-root" class="page"><div id="quartz-body"><div class="left sidebar"><h1 class="page-title "><a href="../../../..">📚 X·Eden</a></h1><div class="spacer mobile-only"></div><div class="search "><div id="search-icon"><p>Search</p><div></div><svg tabIndex="0" aria-labelledby="title desc" role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 19.9 19.7"><title id="title">Search</title><desc id="desc">Search</desc><g class="search-path" fill="none"><path stroke-linecap="square" d="M18.5 18.3l-5.4-5.4"></path><circle cx="8" cy="8" r="7"></circle></g></svg></div><div id="search-container"><div id="search-space"><input autocomplete="off" id="search-bar" name="search" type="text" aria-label="Search for something" placeholder="Search for something"/><div id="results-container"></div></div></div></div><div class="darkmode "><input class="toggle" id="darkmode-toggle" type="checkbox" tabIndex="-1"/><label id="toggle-label-light" for="darkmode-toggle" tabIndex="-1"><svg xmlns="http://www.w3.org/2000/svg" xmlnsXlink="http://www.w3.org/1999/xlink" version="1.1" id="dayIcon" x="0px" y="0px" viewBox="0 0 35 35" style="enable-background:new 0 0 35 35;" xmlSpace="preserve"><title>Light mode</title><path d="M6,17.5C6,16.672,5.328,16,4.5,16h-3C0.672,16,0,16.672,0,17.5 S0.672,19,1.5,19h3C5.328,19,6,18.328,6,17.5z M7.5,26c-0.414,0-0.789,0.168-1.061,0.439l-2,2C4.168,28.711,4,29.086,4,29.5 C4,30.328,4.671,31,5.5,31c0.414,0,0.789-0.168,1.06-0.44l2-2C8.832,28.289,9,27.914,9,27.5C9,26.672,8.329,26,7.5,26z M17.5,6 C18.329,6,19,5.328,19,4.5v-3C19,0.672,18.329,0,17.5,0S16,0.672,16,1.5v3C16,5.328,16.671,6,17.5,6z M27.5,9 c0.414,0,0.789-0.168,1.06-0.439l2-2C30.832,6.289,31,5.914,31,5.5C31,4.672,30.329,4,29.5,4c-0.414,0-0.789,0.168-1.061,0.44 l-2,2C26.168,6.711,26,7.086,26,7.5C26,8.328,26.671,9,27.5,9z M6.439,8.561C6.711,8.832,7.086,9,7.5,9C8.328,9,9,8.328,9,7.5 c0-0.414-0.168-0.789-0.439-1.061l-2-2C6.289,4.168,5.914,4,5.5,4C4.672,4,4,4.672,4,5.5c0,0.414,0.168,0.789,0.439,1.06 L6.439,8.561z M33.5,16h-3c-0.828,0-1.5,0.672-1.5,1.5s0.672,1.5,1.5,1.5h3c0.828,0,1.5-0.672,1.5-1.5S34.328,16,33.5,16z M28.561,26.439C28.289,26.168,27.914,26,27.5,26c-0.828,0-1.5,0.672-1.5,1.5c0,0.414,0.168,0.789,0.439,1.06l2,2 C28.711,30.832,29.086,31,29.5,31c0.828,0,1.5-0.672,1.5-1.5c0-0.414-0.168-0.789-0.439-1.061L28.561,26.439z M17.5,29 c-0.829,0-1.5,0.672-1.5,1.5v3c0,0.828,0.671,1.5,1.5,1.5s1.5-0.672,1.5-1.5v-3C19,29.672,18.329,29,17.5,29z M17.5,7 C11.71,7,7,11.71,7,17.5S11.71,28,17.5,28S28,23.29,28,17.5S23.29,7,17.5,7z M17.5,25c-4.136,0-7.5-3.364-7.5-7.5 c0-4.136,3.364-7.5,7.5-7.5c4.136,0,7.5,3.364,7.5,7.5C25,21.636,21.636,25,17.5,25z"></path></svg></label><label id="toggle-label-dark" for="darkmode-toggle" tabIndex="-1"><svg xmlns="http://www.w3.org/2000/svg" xmlnsXlink="http://www.w3.org/1999/xlink" version="1.1" id="nightIcon" x="0px" y="0px" viewBox="0 0 100 100" style="enable-background='new 0 0 100 100'" xmlSpace="preserve"><title>Dark mode</title><path d="M96.76,66.458c-0.853-0.852-2.15-1.064-3.23-0.534c-6.063,2.991-12.858,4.571-19.655,4.571 C62.022,70.495,50.88,65.88,42.5,57.5C29.043,44.043,25.658,23.536,34.076,6.47c0.532-1.08,0.318-2.379-0.534-3.23 c-0.851-0.852-2.15-1.064-3.23-0.534c-4.918,2.427-9.375,5.619-13.246,9.491c-9.447,9.447-14.65,22.
<p>OpenSSL 是一个开放源代码的软件库包。这个包广泛被应用在互联网的网页服务器上。 其主要库是以 C 语言所写成,实现了基本的加密功能,实现了 SSL 与 TLS 协议。</p>
<blockquote>
<p>以下命令均在 cygwin 或 linux 下运行
以下命令是在这个版本 <code>OpenSSL 1.1.1g 21 Apr 2020</code> 下的 OpenSSL 运行的</p>
</blockquote>
<ul>
<li>
<p>查看 openssl 的版本信息</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">openssl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">version</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-a</span></span></code></pre></div>
</li>
<li>
<p>查看帮助,这里会输出 openssl 支持的算法</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">openssl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">help</span></span></code></pre></div>
</li>
<li>
<p>查看某个命令的帮助</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">openssl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">某个命令</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">--help</span></span></code></pre></div>
</li>
<li>
<p>查看密码套件</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">openssl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">ciphers</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-v</span></span></code></pre></div>
</li>
<li>
<p>数字摘要</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">echo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string-expression);">&quot;123&quot;</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-keyword);">|</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">openssl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">dgst</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-sha256</span></span>
<span data-line><span style="color:var(--shiki-token-function);">openssl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">dgst</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-sha256</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">文件路径</span></span>
<span data-line><span style="color:var(--shiki-token-function);">echo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string-expression);">&quot;123&quot;</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-keyword);">|</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">openssl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">dgst</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-sha256</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-keyword);">|</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">awk</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string-expression);">'{print $2}'</span></span>
<span data-line><span style="color:var(--shiki-token-function);">openssl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">dgst</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-sha256</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">文件路径</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-keyword);">|</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">awk</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string-expression);">'{print $2}'</span></span></code></pre></div>
</li>
<li>
<p>输出当前时间戳</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">date</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">+%s</span></span></code></pre></div>
</li>
<li>
<p>输出纳秒 这是一个 9 位的数字 一些简单的伪随机数算法会使用纳秒作为种子</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">date</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">+%N</span></span></code></pre></div>
</li>
<li>
<p>生成 32 位随机字符串</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">openssl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">rand</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-base64</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-constant);">32</span></span></code></pre></div>
</li>
<li>
<p>输出随机数字</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-comment);"># 输出随机数字,但无法确定数字的长度</span></span>
<span data-line><span style="color:var(--shiki-token-function);">openssl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">rand</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-base64</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-constant);">32</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-keyword);">|</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">tr</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-dc</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string-expression);">'0-9'</span></span>
<span data-line><span style="color:var(--shiki-token-function);">openssl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">rand</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-base64</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-constant);">64</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-keyword);">|</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">tr</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-dc</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string-expression);">'0-9'</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># 生成16位随机数 有可能不足16位</span></span>
<span data-line><span style="color:var(--shiki-token-function);">openssl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">rand</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-base64</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-constant);">128</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-keyword);">|</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">tr</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-dc</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string-expression);">'0-9'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-keyword);">|</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">cut</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-c1-16</span></span></code></pre></div>
</li>
<li>
<p>查看 对称加密命令和可以使用的算法</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">openssl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">enc</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-help</span></span></code></pre></div>
</li>
<li>
<p>enc 使用对称加密算法</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">openssl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">enc</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-aes-256-cfb</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-e</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-in</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">a.txt</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-a</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-out</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">b.txt</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-pass</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">pass:123</span></span>
<span data-line><span style="color:var(--shiki-token-function);">openssl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">enc</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-aes-256-cfb</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-d</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-in</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">b.txt</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-a</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-out</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">c.txt</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-pass</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">pass:123</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># -aes-256-cfb 使用的算法</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># -e 加密</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># -d 解密</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># -in 输入的文件路径</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># -out 输出文件的路径</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># -a 把输出转换成 base64 加密时有这个参数,解密时也要有这个参数</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># -pass 数入密码和输入密码的方式</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># pass</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># file</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># stdio</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># env</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># fd</span></span></code></pre></div>
</li>
<li>
<p>生成 rsa 私钥</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">openssl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">genrsa</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-out</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">rsa_private_key.pem</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-constant);">4096</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># 默认是 pem 格式的</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># -out 指定生成文件的路径</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># 最后的 4096 是生成密钥的长度</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># 生成的密钥对是 pkcs1 格式的, openssl 有相应的命令转成 pkcs8 或 pkcs12 格式</span></span></code></pre></div>
</li>
<li>
<p>从私钥中提取公钥</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">openssl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">rsa</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-in</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">rsa_private_key.pem</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-pubout</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-out</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">rsa_public_key.pem</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># -pubout 提取公钥</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># -out 指定生成文件的路径</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># -in 私钥路径</span></span></code></pre></div>
</li>
<li>
<p>公钥加密文件</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">openssl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">rsautl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-encrypt</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-in</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">a.txt</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-inkey</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">rsa_public_key.pem</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-pubin</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-out</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">b.txt</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># -out 加密后的文件路径</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># -in 需要加密的文件路径</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># -inkey 公钥路径</span></span></code></pre></div>
</li>
<li>
<p>私钥解密文件</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">openssl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">rsautl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-decrypt</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-in</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">b.txt</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-inkey</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">rsa_private_key.pem</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-out</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">c.txt</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># -out 解密后的文件路径</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># -in 需要解密的文件路径</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># -inkey 私钥路径</span></span></code></pre></div>
</li>
<li>
<p>使用私钥生成签名</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">openssl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">dgst</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-sha256</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-sign</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">rsa_private_key.pem</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-keyform</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">PEM</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-out</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">sign.sha256</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">a.txt</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># -sha256 哈希算法</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># -sign 私钥路径</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># -keyform 私钥的格式</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># -out 签名生成的路径</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># 最后的 a.txt 是需要生成签名的文件路径</span></span></code></pre></div>
</li>
<li>
<p>使用公钥验证签名</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">openssl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">dgst</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-sha256</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-verify</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">rsa_public_key.pem</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-keyform</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">PEM</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-signature</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">sign.sha256</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">a.txt</span></span></code></pre></div>
</li>
<li>
<p>对文件的内容进行 base64 编码</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">openssl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">enc</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-base64</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-e</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-in</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">sign.sha256</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-out</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">sign.sha256.base64</span></span></code></pre></div>
</li>
<li>
<p>对文件的内容进行 base64 解码</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">openssl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">enc</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-base64</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-d</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-in</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">sign.sha256.base64</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-out</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">sign.sha2562</span></span></code></pre></div>
</li>
<li>
<p>比较两个文件的内容,如果两个文件内容一致则不会有输出</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">diff</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">文件1的路径</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">文件2的路径</span></span></code></pre></div>
</li>
<li>
<p>生成一个 csr 文件</p>
<ul>
<li>启动一个问题/回答的交互式会话其它随便填就好extra attributes 可以留空</li>
<li>其实 openssl 有一键生成密钥对, csr 和 证书的命令</li>
</ul>
</li>
</ul>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">openssl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">req</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-new</span><span style="color:var(--shiki-color-text);"> \</span></span>
<span data-line><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-key</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">rsa_private_key.pem</span><span style="color:var(--shiki-color-text);"> \</span></span>
<span data-line><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-keyform</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">PEM</span><span style="color:var(--shiki-color-text);"> \</span></span>
<span data-line><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-out</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">myserver.csr</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># -new 生成一个新的 csr 文件</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># -key 私钥文件路径</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># -keyform 私钥的格式</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># -out 生成的 csr 文件路径</span></span></code></pre></div>
<ul>
<li>
<p>查看 csr 文件内容</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">openssl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">req</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-text</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-in</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">myserver.csr</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-noout</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-verify</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># -in csr 文件路径</span></span></code></pre></div>
</li>
<li>
<p>使用 csr 和 私钥生成自签证书</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">openssl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">x509</span><span style="color:var(--shiki-color-text);"> \</span></span>
<span data-line><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-sha256</span><span style="color:var(--shiki-color-text);"> \</span></span>
<span data-line><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-signkey</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">rsa_private_key.pem</span><span style="color:var(--shiki-color-text);"> \</span></span>
<span data-line><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-in</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">myserver.csr</span><span style="color:var(--shiki-color-text);"> \</span></span>
<span data-line><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-req</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-days</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-constant);">365</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-out</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">domain3.crt</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># x509 生成 x509 格式的证书</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># -sha256 证书采用的哈希算法</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># -signkey 私钥路径</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># -in csr 文件路径</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># -days 证书有效天数</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># -out 生成的证书路径</span></span></code></pre></div>
</li>
<li>
<p>一条命令生成密钥和证书</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">openssl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">req</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-newkey</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">rsa:4096</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-nodes</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-keyout</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">rsa_private_key.pem</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-x509</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-days</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-constant);">365</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-out</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">domain.crt</span></span></code></pre></div>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">openssl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">req</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-newkey</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">rsa:4096</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-nodes</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-keyout</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">rsa_private_key.pem</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-x509</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-days</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-constant);">365</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-out</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">domain.crt</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-subj</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string-expression);">&quot;/C=CN/ST=State/L=City/O=Ltd/OU=Section/CN=localhost&quot;</span></span></code></pre></div>
</li>
<li>
<p>查看证书内容</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">openssl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">x509</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-in</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">domain.crt</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-noout</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-text</span></span></code></pre></div>
</li>
<li>
<p>查看证书序列号</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">openssl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">x509</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-in</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">domain.crt</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-noout</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-serial</span></span></code></pre></div>
</li>
<li>
<p>查看证书有效时间</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">openssl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">x509</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-in</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">domain.crt</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-noout</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-dates</span></span></code></pre></div>
</li>
</ul>
<h3 id="生成多个域名的证书">生成多个域名的证书<a aria-hidden="true" tabindex="-1" href="#生成多个域名的证书" class="internal"> §</a></h3>
<p>一般使用 OpenSSL 生成证书时都是 v1 版的,不带扩展属性。 多域名证书需要用到 v3 版的 extensions 的 Subject Alternative Name (SAN 主题替代名称)</p>
<ol>
<li>
<p>寻找默认配置文件</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">find</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">/</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-name</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">openssl.cnf</span></span></code></pre></div>
</li>
<li>
<p>复制一份默认配置文件</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">cp</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">/usr/ssl/openssl.cnf</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">openssl.cnf</span></span></code></pre></div>
</li>
<li>
<p>编辑 openssl.cnf</p>
<ol>
<li>
<p>[ req ] 字段下加入 req_extensions = v3_req</p>
</li>
<li>
<p>[ v3_req ] 字段下加入 subjectAltName = @alt_names</p>
</li>
<li>
<p>在配置文件的最后最后新建一个字段 [ alt_names ]</p>
</li>
<li>
<p>在 [ alt_names ] 里按以下格式写入多个域名</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-color-text);"> [ alt_names ]</span></span>
<span data-line><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">DNS.1</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">=</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-constant);">3</span><span style="color:var(--shiki-token-string);">.example.com</span></span>
<span data-line><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">DNS.2</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">=</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-constant);">4</span><span style="color:var(--shiki-token-string);">.example.com</span></span></code></pre></div>
</li>
</ol>
</li>
<li>
<p>新建私钥</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">openssl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">genrsa</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-out</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">rsa_private_key.pem</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-constant);">4096</span></span></code></pre></div>
</li>
<li>
<p>生成 csr 文件</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">openssl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">req</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-new</span><span style="color:var(--shiki-color-text);"> \</span></span>
<span data-line><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-key</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">rsa_private_key.pem</span><span style="color:var(--shiki-color-text);"> \</span></span>
<span data-line><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-keyform</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">PEM</span><span style="color:var(--shiki-color-text);"> \</span></span>
<span data-line><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-config</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">openssl.cnf</span><span style="color:var(--shiki-color-text);"> \</span></span>
<span data-line><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-out</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">myserver.csr</span></span></code></pre></div>
</li>
<li>
<p>生成数字证书</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">openssl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">x509</span><span style="color:var(--shiki-color-text);"> \</span></span>
<span data-line><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-sha256</span><span style="color:var(--shiki-color-text);"> \</span></span>
<span data-line><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-signkey</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">rsa_private_key.pem</span><span style="color:var(--shiki-color-text);"> \</span></span>
<span data-line><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-in</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">myserver2.csr</span><span style="color:var(--shiki-color-text);"> \</span></span>
<span data-line><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-extensions</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">v3_req</span><span style="color:var(--shiki-color-text);"> \</span></span>
<span data-line><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-extfile</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">openssl.cnf</span><span style="color:var(--shiki-color-text);"> \</span></span>
<span data-line><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-req</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-days</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-constant);">365</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-out</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">domain.crt</span></span></code></pre></div>
</li>
</ol>
<h3 id="自建-ca">自建 CA<a aria-hidden="true" tabindex="-1" href="#自建-ca" class="internal"> §</a></h3>
<ol>
<li>
<p>创建 CA 目录</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">mkdir</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-p</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">~/ssl/demoCA/{certs,newcerts,crl,private}</span></span>
<span data-line><span style="color:var(--shiki-token-function);">cd</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">~/ssl/demoCA</span></span>
<span data-line><span style="color:var(--shiki-token-function);">Touch</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">index.txt</span></span>
<span data-line><span style="color:var(--shiki-token-function);">echo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string-expression);">&quot;01&quot;</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-keyword);">></span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">serial</span></span></code></pre></div>
</li>
<li>
<p>寻找默认配置文件</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">find</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">/</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-name</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">openssl.cnf</span></span></code></pre></div>
</li>
<li>
<p>复制一份默认配置文件</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">cp</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">/usr/ssl/openssl.cnf</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">~/ssl/openssl.cnf</span></span></code></pre></div>
</li>
<li>
<p>修改 openssl.cnf 文件</p>
<ul>
<li>
<p>把 [ CA_default ] 的 dir 修改成 ~/ssl/demoCA/ 的绝对路径,类似于这样</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-color-text);"> [ CA_default ]</span></span>
<span data-line><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">dir</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">=</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">/root/ssl/demoCA</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-comment);"># Where everything is kept</span></span></code></pre></div>
</li>
</ul>
</li>
<li>
<p>生成 CA 根证书及密钥</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">openssl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">req</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-new</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-x509</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-newkey</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">rsa:4096</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-nodes</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-keyout</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">cakey.key</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-out</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">cacert.crt</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-config</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">openssl.cnf</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-days</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-constant);">365</span></span></code></pre></div>
</li>
<li>
<p>生成客户端私钥</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">openssl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">genrsa</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-out</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">client.key</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-constant);">4096</span></span></code></pre></div>
</li>
<li>
<p>用该客户端私钥生成证书签名请求</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">openssl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">req</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-new</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-key</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">client.key</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-out</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">client.csr</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-config</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">openssl.cnf</span></span></code></pre></div>
</li>
<li>
<p>使用 CA 根证书签发客户端证书</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">openssl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">ca</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-in</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">client.csr</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-out</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">client.crt</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-cert</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">cacert.crt</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-keyfile</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">cakey.key</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-config</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">openssl.cnf</span></span></code></pre></div>
</li>
</ol>
<ul>
<li>
<p>注意:默认要求 国家,省,公司名称三项必须和 CA 一致</p>
</li>
<li>
<p>如果不想一致,可以修改 openssl.cnf 的 [ CA_default ] 的 policy 为 policy_anything</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">policy</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">=</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">policy_anything</span></span></code></pre></div>
</li>
</ul>
<h3 id="证书链合并">证书链合并<a aria-hidden="true" tabindex="-1" href="#证书链合并" class="internal"> §</a></h3>
<p>一些情况下,从 CA 那里申请到的 SSL 证书需要配置证书链,因为颁发的 CA 只是一个中间 CA 。 这个时候,需要把 CA 的证书和 SSL 证书都转换成 pem 格式。 然后新建一个文件,按照 最终实体证书 -> 中间证书 -> 根证书 这样的顺序,把证书的 pem 格式的内容复制进去,证书之间用一个空行隔开。 例如这样</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">-----BEGIN</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">CERTIFICATE-----</span></span>
<span data-line><span style="color:var(--shiki-token-function);">这是</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">最终实体证书</span></span>
<span data-line><span style="color:var(--shiki-token-function);">------END</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">CERTIFICATE------</span></span>
<span data-line> </span>
<span data-line><span style="color:var(--shiki-token-function);">-----BEGIN</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">CERTIFICATE-----</span></span>
<span data-line><span style="color:var(--shiki-token-function);">这是</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">中间证书</span></span>
<span data-line><span style="color:var(--shiki-token-function);">------END</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">CERTIFICATE------</span></span>
<span data-line> </span>
<span data-line><span style="color:var(--shiki-token-function);">-----BEGIN</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">CERTIFICATE-----</span></span>
<span data-line><span style="color:var(--shiki-token-function);">这是</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">根证书</span></span>
<span data-line><span style="color:var(--shiki-token-function);">------END</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">CERTIFICATE------</span></span></code></pre></div>
<p>根证书大多数情况下都会内置在客户端,所以大多数情况下都只需要 最终实体证书 和 中间证书。 有时 中间证书 可能有多个,按照签发顺序排列就好,反正就是下面的证书颁发上面的证书。</p>
<p>有时还需要把私钥和证书合并成一个文件,一般是把私钥放在前面,证书放在后面,例如 这样</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">cat</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">server.key</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">server.crt</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-keyword);">></span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">server.pem</span></span></code></pre></div>
<h3 id="其它命令">其它命令<a aria-hidden="true" tabindex="-1" href="#其它命令" class="internal"> §</a></h3>
<p>openssl s_time 用于测试 TSL 服务</p>
<p>openssl s_server 用于测试 TSL 客户端,例如浏览器对各个加密套件的支持情况</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">openssl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">s_server</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-accept</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-constant);">2009</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-key</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">rsa_private_key.pem</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-cert</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">domain.crt</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-www</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-debug</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-msg</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># -accept 监听的端口 -key 私钥路径 -crt 证书路径 -www http请求返回状态信息</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># 可以用浏览器输测试,直接输入网址 https://127.0.0.1:2009</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># 可以用 curl 测试 curl -k -i -v https://127.0.0.1:2009</span></span>
<span data-line><span style="color:var(--shiki-token-comment);"># 可以用 openssl s_client 测试 openssl s_client -connect 127.0.0.1:2009 -showcerts</span></span></code></pre></div>
<p>openssl s_client 用于测试 TSL 服务端</p>
<ul>
<li>
<p>可以像 telnet 那用测试端口</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-comment);"># 测试 example.com 的 80 端口是否有开启</span></span>
<span data-line><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">openssl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">s_client</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-connect</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">example.com:80</span></span></code></pre></div>
</li>
<li>
<p>可以像 telnet 模拟 http 那样,模拟 https</p>
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-comment);"># 输入这个命令后,会进入一个命令行交互界面,这时快速地输入 GET / HTTP/1.O 然后连续输入两个回车,就能返回网页内容</span></span>
<span data-line><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">openssl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">s_client</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-connect</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">www.baidu.com:443</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-showcerts</span></span></code></pre></div>
</li>
</ul>
<p>openssl smime 用于处理 S/MIME 邮件,它能加密、解密、签名和验证 S/MIME 消息</p>
<p>openssl ca ca 命令是一个小型 CA 系统。它能签发证书请求和生成 CRL。它维护一个已签发证书状态的文本数据库。</p></article></div><div class="right sidebar"><div class="graph "><h3>Graph View</h3><div class="graph-outer"><div id="graph-container" data-cfg="{&quot;drag&quot;:true,&quot;zoom&quot;:true,&quot;depth&quot;:1,&quot;scale&quot;:1.1,&quot;repelForce&quot;:0.5,&quot;centerForce&quot;:0.3,&quot;linkDistance&quot;:30,&quot;fontSize&quot;:0.6,&quot;opacityScale&quot;:1,&quot;showTags&quot;:true,&quot;removeTags&quot;:[]}"></div><svg version="1.1" id="global-graph-icon" xmlns="http://www.w3.org/2000/svg" xmlnsXlink="http://www.w3.org/1999/xlink" x="0px" y="0px" viewBox="0 0 55 55" fill="currentColor" xmlSpace="preserve"><path d="M49,0c-3.309,0-6,2.691-6,6c0,1.035,0.263,2.009,0.726,2.86l-9.829,9.829C32.542,17.634,30.846,17,29,17
s-3.542,0.634-4.898,1.688l-7.669-7.669C16.785,10.424,17,9.74,17,9c0-2.206-1.794-4-4-4S9,6.794,9,9s1.794,4,4,4
c0.74,0,1.424-0.215,2.019-0.567l7.669,7.669C21.634,21.458,21,23.154,21,25s0.634,3.542,1.688,4.897L10.024,42.562
C8.958,41.595,7.549,41,6,41c-3.309,0-6,2.691-6,6s2.691,6,6,6s6-2.691,6-6c0-1.035-0.263-2.009-0.726-2.86l12.829-12.829
c1.106,0.86,2.44,1.436,3.898,1.619v10.16c-2.833,0.478-5,2.942-5,5.91c0,3.309,2.691,6,6,6s6-2.691,6-6c0-2.967-2.167-5.431-5-5.91
v-10.16c1.458-0.183,2.792-0.759,3.898-1.619l7.669,7.669C41.215,39.576,41,40.26,41,41c0,2.206,1.794,4,4,4s4-1.794,4-4
s-1.794-4-4-4c-0.74,0-1.424,0.215-2.019,0.567l-7.669-7.669C36.366,28.542,37,26.846,37,25s-0.634-3.542-1.688-4.897l9.665-9.665
C46.042,11.405,47.451,12,49,12c3.309,0,6-2.691,6-6S52.309,0,49,0z M11,9c0-1.103,0.897-2,2-2s2,0.897,2,2s-0.897,2-2,2
S11,10.103,11,9z M6,51c-2.206,0-4-1.794-4-4s1.794-4,4-4s4,1.794,4,4S8.206,51,6,51z M33,49c0,2.206-1.794,4-4,4s-4-1.794-4-4
s1.794-4,4-4S33,46.794,33,49z M29,31c-3.309,0-6-2.691-6-6s2.691-6,6-6s6,2.691,6,6S32.309,31,29,31z M47,41c0,1.103-0.897,2-2,2
s-2-0.897-2-2s0.897-2,2-2S47,39.897,47,41z M49,10c-2.206,0-4-1.794-4-4s1.794-4,4-4s4,1.794,4,4S51.206,10,49,10z"></path></svg></div><div id="global-graph-outer"><div id="global-graph-container" data-cfg="{&quot;drag&quot;:true,&quot;zoom&quot;:true,&quot;depth&quot;:-1,&quot;scale&quot;:0.9,&quot;repelForce&quot;:0.5,&quot;centerForce&quot;:0.3,&quot;linkDistance&quot;:30,&quot;fontSize&quot;:0.6,&quot;opacityScale&quot;:1,&quot;showTags&quot;:true,&quot;removeTags&quot;:[]}"></div></div></div><div class="toc desktop-only"><button type="button" id="toc" class><h3>Table of Contents</h3><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="fold"><polyline points="6 9 12 15 18 9"></polyline></svg></button><div id="toc-content"><ul class="overflow"><li class="depth-0"><a href="#openssl-的一般使用" data-for="openssl-的一般使用">OpenSSL 的一般使用</a></li><li class="depth-1"><a href="#生成多个域名的证书" data-for="生成多个域名的证书">生成多个域名的证书</a></li><li class="depth-1"><a href="#自建-ca" data-for="自建-ca">自建 CA</a></li><li class="depth-1"><a href="#证书链合并" data-for="证书链合并">证书链合并</a></li><li class="depth-1"><a href="#其它命令" data-for="其它命令">其它命令</a></li></ul></div></div><div class="backlinks "><h3>Backlinks</h3><ul class="overflow"><li>No backlinks found</li></ul></div><div class="explorer mobile-only"><button type="button" id="explorer" data-behavior="collapse" data-collapsed="collapsed" data-savestate="true" data-tree="[{&quot;path&quot;:&quot;Obsidian&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Obsidian/Templates&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Blog&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Blog/2018&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Blog/2020&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Blog/2021&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Blog/2022&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Blog/2023&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Blog/2024&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Book&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Book/个人成长&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Book/医学健康&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Book/历史&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Book/哲学宗教&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Book/心理&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Book/政治军事&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Book/教育学习&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Book/文学&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Book/生活百科&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Book/社会文化&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Book/科学技术&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Book/经济理财&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Book/艺术&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Book/计算机&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Journal&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Journal/2022&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Journal/2022/W34&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Journal/2022/W35&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&quot;Personal/Journal/2022/W36&quot;,&quot;collapsed&quot;:true},{&quot;path&quot;:&qu
function toggleCallout() {
const outerBlock = this.parentElement;
outerBlock.classList.toggle(`is-collapsed`);
const collapsed = outerBlock.classList.contains(`is-collapsed`);
const height = collapsed ? this.scrollHeight : outerBlock.scrollHeight;
outerBlock.style.maxHeight = height + `px`;
let current = outerBlock;
let parent = outerBlock.parentElement;
while (parent) {
if (!parent.classList.contains(`callout`)) {
return;
}
const collapsed2 = parent.classList.contains(`is-collapsed`);
const height2 = collapsed2 ? parent.scrollHeight : parent.scrollHeight + current.scrollHeight;
parent.style.maxHeight = height2 + `px`;
current = parent;
parent = parent.parentElement;
}
}
function setupCallout() {
const collapsible = document.getElementsByClassName(
`callout is-collapsible`
);
for (const div of collapsible) {
const title = div.firstElementChild;
if (title) {
title.removeEventListener(`click`, toggleCallout);
title.addEventListener(`click`, toggleCallout);
const collapsed = div.classList.contains(`is-collapsed`);
const height = collapsed ? title.scrollHeight : div.scrollHeight;
div.style.maxHeight = height + `px`;
}
}
}
document.addEventListener(`nav`, setupCallout);
window.addEventListener(`resize`, setupCallout);
</script><script type="module">
import mermaid from 'https://cdn.jsdelivr.net/npm/mermaid/dist/mermaid.esm.min.mjs';
const darkMode = document.documentElement.getAttribute('saved-theme') === 'dark'
mermaid.initialize({
startOnLoad: false,
securityLevel: 'loose',
theme: darkMode ? 'dark' : 'default'
});
document.addEventListener('nav', async () => {
await mermaid.run({
querySelector: '.mermaid'
})
});
</script><script src="https://cdn.jsdelivr.net/npm/katex@0.16.7/dist/contrib/copy-tex.min.js" type="application/javascript"></script><script src="../../../../postscript.js" type="module"></script></html>
Copy Permalink