openssl语法教程


关键词

openssl语法教程

摘要

<p>OpenSSL 是一个SSL(2.0、3.0)和TLS(1.0)协议工具,它实现了这两个协议的所有功能。<br /><br />功能:<br /> o &#160;Creation and management of private keys, public keys and parameters<br /> o &#160;Public key cryptographic operations<br /> o &#160;Creation of X.509 certificates, CSRs and CRLs<br /> o &#160;Calculation of Message Digests<br /> o &#160;Encryption and Decryption with Ciphers<br /> o &#160;SSL/TLS Client and Server Tests<br /> o &#160;Handling of S/MIME signed or encrypted mail<br /> o &#160;Time Stamp requests, generation and verification<br /></p>


OpenSSL 是一个SSL(2.0、3.0)和TLS(1.0)协议工具,它实现了这两个协议的所有功能。

功能:
o  Creation and management of private keys, public keys and parameters
o  Public key cryptographic operations
o  Creation of X.509 certificates, CSRs and CRLs
o  Calculation of Message Digests
o  Encryption and Decryption with Ciphers
o  SSL/TLS Client and Server Tests
o  Handling of S/MIME signed or encrypted mail
o  Time Stamp requests, generation and verification

举例:

req类

Examine and verify certificate request:
openssl req -in req.pem -text -verify -noout

Create a private key and then generate a certificate request from it:
openssl genrsa -out key.pem 1024
openssl req -new -key key.pem -out req.pem

The same but just using req:
openssl req -newkey rsa:1024 -keyout key.pem -out req.pem

Generate a self signed root certificate:
openssl req -x509 -newkey rsa:1024 -keyout key.pem -out req.pem

rsa类

To remove the pass phrase on an RSA private key:
openssl rsa -in key.pem -out keyout.pem

To encrypt a private key using triple DES:
openssl rsa -in key.pem -des3 -out keyout.pem

To convert a private key from PEM to DER format:
openssl rsa -in key.pem -outform DER -out keyout.der

To print out the components of a private key to standard output:
openssl rsa -in key.pem -text -noout

To just output the public part of a private key:
openssl rsa -in key.pem -pubout -out pubkey.pem

s_connect类

openssl s_client -connect epp.publicinterestregistry.net:700 -cert cert.pem -key key.pem -CAfile cacert.pem -showcerts -state

Where:
cert.pem is the public key (registrar's x.509 certificate). In your
case, it is "55hl_ee.cer"

key.pem - registrar's private key. It must be with you.

cacert.pem - The Root Certificate for the Certificate Authority that signed your certificate. In this case the attached combined_ca.cer file.


x509类

Display the contents of a certificate:

openssl x509 -in cert.pem -noout -text

Display the certificate serial number:

openssl x509 -in cert.pem -noout -serial

Display the certificate subject name:

openssl x509 -in cert.pem -noout -subject

Display the certificate subject name in RFC2253 form:

openssl x509 -in cert.pem -noout -subject -nameopt RFC2253

Display the certificate subject name in oneline form on a terminal supporting UTF8:

openssl x509 -in cert.pem -noout -subject -nameopt oneline,-esc_msb

Display the certificate MD5 fingerprint:

openssl x509 -in cert.pem -noout -fingerprint

Display the certificate SHA1 fingerprint:

openssl x509 -sha1 -in cert.pem -noout -fingerprint

Convert a certificate from PEM to DER format:

openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER

Convert a certificate to a certificate request:

openssl x509 -x509toreq -in cert.pem -out req.pem -signkey key.pem

Convert a certificate request into a self signed certificate using extensions for a CA:

openssl x509 -req -in careq.pem -extfile openssl.cnf -extensions v3_ca \
       -signkey key.pem -out cacert.pem

Sign a certificate request using the CA certificate above and add user certificate extensions:

openssl x509 -req -in req.pem -extfile openssl.cnf -extensions v3_usr \
       -CA cacert.pem -CAkey key.pem -CAcreateserial

Set a certificate to be trusted for SSL client use and change set its alias to ``Steve's Class 1 CA''

openssl x509 -in cert.pem -addtrust clientAuth \
       -setalias "Steve's Class 1 CA" -out trust.pem

 

要饭二维码

洪哥写文章很苦逼,如果本文对您略有帮助,可以扫描下方二维码支持洪哥!金额随意,先行谢过!大家的支持是我前进的动力!

文章的版权

本文属于“洪哥笔记”原创文章,转载请注明来源地址:openssl语法教程:http://www.splaybow.com/post/openssl-usage.html

如果您在服务器运维、网络管理、网站或系统开发过程有需要提供收费服务,请加QQ:115085382!十年运维经验,帮您省钱、让您放心!
亲,如果有需要,先存起来,方便以后再看啊!加入收藏夹的话,按Ctrl+D

« GPG命令使用介绍 从keystore(jks)文件中提取私钥 »

相关文章: