錯(cuò)誤總結(jié)

1. SSL: error:0906406D:PEM routines:PEM_def_callback:problems getting password error:0907B068:PEM routines:PEM_READ_BIO_PRIVATEKEY:bad password read error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib

openssl rsa -in original.key -out unencripted.key 

1. IIS生成ssl證書

1.1 生成root證書加上私鑰

openssl req -new -x509 -keyout cakey.pem -out cacert.pem -config openssl.cnf

Enter PEM pass phrase: Verifying - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:CN State or Province Name (full name) [Some-State]:Zhejiang Locality Name (eg, city) []:Hangzhou Organization Name (eg, company) [Internet Widgits Pty Ltd]:Mintcode Organizational Unit Name (eg, section) []:Forstmourne Common Name (e.g. server FQDN or YOUR name) []:115.29.179.22 Email Address []:bellliu@mintcode.com 

1.2 生成相關(guān)文檔(openssl.cnf有相關(guān)配置)

mkdir demoCA touch demoCA/index.html touch demoCA/serial 

vim demoCA/serial

1000 

1.3 根據(jù)證書申請(qǐng)生成證書

openssl ca -in certreq.txt -out server.pem -cert cacert.pem -keyfile cakey.pem

Enter pass phrase for cakey.pem: Check that the request matches the signature Signature ok Certificate Details: Serial Number: 4097 (0x1001) Validity Not Before: Jul 24 02:07:43 2015 GMT Not After : Jul 23 02:07:43 2016 GMT Subject: countryName = CN stateOrProvinceName = Zhejiang organizationName= Mintcode organizationalUnitName= Forstmourne commonName= 115.29.179.22 X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: A3:72:4C:6D:5D:F9:64:C9:02:13:11:13:CF:C3:34:C1:DE:0B:BF:57 X509v3 Authority Key Identifier: keyid:81:40:30:DB:57:2C:D0:E8:9B:B1:51:D7:D5:71:F1:6C:16:E8:5A:DBCertificate is to be certified until Jul 23 02:07:43 2016 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated 

1.4 生成iis需要證書

openssl x509 -in server.pem -out server.cer

1.5 生成java需要的keystore

keytool -import -file server.cer -keystore server.keystore

2. openssl生成ssl證書

2.1 生成root證書加上私鑰

openssl req -new -x509 -days 365000 -keyout cakey.key -out cacert.crt -config openssl.cnf

Generating a 2048 bit RSA private key .....................................+++ ..............+++ writing new private key to 'cakey.key' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:CN State or Province Name (full name) [Some-State]:Zhejiang Locality Name (eg, city) []:Hangzhou Organization Name (eg, company) [Internet Widgits Pty Ltd]:Mintcode Organizational Unit Name (eg, section) []:Forstmourne Common Name (e.g. server FQDN or YOUR name) []:bell Email Address []:bellliu@mintcode.com 

2.2 生成ssl證書加上私鑰

openssl req -new -keyout server.key -out server.csr

Generating a 2048 bit RSA private key ..............................................................................+++ .......+++ writing new private key to 'server.key' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:CN State or Province Name (full name) [Some-State]:Zhejiang Locality Name (eg, city) []:Hangzhou Organization Name (eg, company) [Internet Widgits Pty Ltd]:Mintcode Organizational Unit Name (eg, section) []:Forstmourne Common Name (e.g. server FQDN or YOUR name) []:bell Email Address []:bell@mintcode.comPlease enter the following 'extra' attributes to be sent with your certificate request A challenge password []:mintcode An optional company name []:mintcode 

2.3 準(zhǔn)備工作

mkdir demoCA cd demoCA mkdir newcerts touch index.txt echo '01' > serial cd .. 

2.4 自簽名

openssl ca -in server.csr -out server.crt -cert cacert.crt -keyfile cakey.key -config openssl.cnf

2.5 生成java需要的keystore

keytool -import -file server.crt -keystore server.keystore 

2.6 crt轉(zhuǎn)換為pem

openssl x509 -in server.crt -out server.pem -outform PEM

本頁內(nèi)容由塔燈網(wǎng)絡(luò)科技有限公司通過網(wǎng)絡(luò)收集編輯所得，所有資料僅供用戶學(xué)習(xí)參考，本站不擁有所有權(quán)，如您認(rèn)為本網(wǎng)頁中由涉嫌抄襲的內(nèi)容，請(qǐng)及時(shí)與我們聯(lián)系，并提供相關(guān)證據(jù)，工作人員會(huì)在5工作日內(nèi)聯(lián)系您，一經(jīng)查實(shí)，本站立刻刪除侵權(quán)內(nèi)容。本文鏈接:http://jstctz.cn/20480.html