https://help.aliyun.com/document_detail/160093.html
1.双向认证流程:
文章来源:https://www.toymoban.com/news/detail-469002.html
证书生成流程文章来源地址https://www.toymoban.com/news/detail-469002.html
如果是自签名的证书,那需要生成根证书
===生成根证书===
生成根私钥
openssl genrsa -out root.key 2048
生成根的csr文件
openssl req -new -out root.csr -key root.key
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:sh
Locality Name (eg, city) [Default City]:sh
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your servers hostname) []:root
Email Address []:[]
A challenge password []:
An optional company name []:
根据csr文件和私钥生成证书
openssl x509 -req -in root.csr -out root.crt -signkey root.key -CAcreateserial -days 3650
=================================================================================
=============================server============================================
===生成服务端证书===
openssl genrsa -out server.key 2048
openssl req -new -out server.csr -key server.key
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:sh
Locality Name (eg, city) [Default City]:sh
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your servers hostname) []:
Email Address []:[]
A challenge password []:
An optional company name []:
//服务端证书 使用根证书进行签名认证
openssl x509 -req -in server.csr -out server.crt -signkey server.key -CA root.crt -CAkey root.key -CAcreateserial -days 3650
=================================================================================
生成pfx文件:
openssl pkcs12 -export -in test.pem -inkey server.key -out test.pfx -passout pass:123456
到了这里,关于双向认证证书生成过程的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!
