欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

openssl生成ecdsa和rsa证书方法

程序员文章站 2022-07-04 14:16:11
...

本文主要讲述使用openssl来生成ecdsa证书和RSA证书。

首先在openssl官网上下载openssl源码,然后进行编译安装。

这个过程本文不进行讲解。默认你的系统中已经安装好了openssl。

但是需要使用下载的源码。

本文中的代码等都是实测可用的。使用平台是linux,版本是ubuntu14.04

下面开始正文。

 

以下linux命令均在root用户下完成。

1、首先要创建一个CA

创建CA的方法是进去openssl的源码目录下的app/文件夹下。然后输入创建CA命令:

root@mzq-desktop:/home/mzq# cd Desktop/openssl-1.0.1j_mzq1/apps/
root@mzq-desktop:/home/mzq/Desktop/openssl-1.0.1j_mzq1/apps# sh CA.sh -newca

2、生成RSA密钥

生成rsa密钥使用命令openssl genrsa

root@mzq-desktop:/home/mzq/Desktop/openssl-1.0.1j_mzq1/apps# openssl genrsa -out server.key 2048
Generating RSA private key, 2048 bit long modulus
...................+++
.........................+++
e is 65537 (0x10001)

3、生成ECDSA密钥

生成ecdsa密钥使用命令openssl ecparam

root@mzq-desktop:/home/mzq/Desktop/openssl-1.0.1j_mzq1/apps# openssl ecparam -name secp384r1 -genkey -out server-ecc.key

3、生成证书请求

生成证书请求使用命令openssl req

RSA证书请求:

root@mzq-desktop:/home/mzq/Desktop/openssl-1.0.1j_mzq1/apps# openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:beijing
Locality Name (eg, city) []:beijing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:dcs
Organizational Unit Name (eg, section) []:dcs
Common Name (e.g. server FQDN or YOUR name) []:mzq
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

ECDSA证书请求:

root@mzq-desktop:/home/mzq/Desktop/openssl-1.0.1j_mzq1/apps# openssl req -new -key server-ecc.key -out server-ecc.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:beijing
Locality Name (eg, city) []:beijing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:dcs
Organizational Unit Name (eg, section) []:dcs
Common Name (e.g. server FQDN or YOUR name) []:mzq
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

 

4、签发证书

签发证书使用openssl ca命令

RSA证书:

root@mzq-desktop:/home/mzq/Desktop/openssl-1.0.1j_mzq1/apps# openssl ca -in server.csr -out server.crt -days 3650
Using configuration from /usr/local/ssl/openssl.cnf
Check that the request matches the signature
Signature ok
The countryName field needed to be the same in the
CA certificate (AU) and the request (CN)

ECDSA证书:

root@mzq-desktop:/home/mzq/Desktop/openssl-1.0.1j_mzq1/apps# openssl ca -in server-ecc.csr -out server-ecc.crt -days 3650
Using configuration from /usr/local/ssl/openssl.cnf
Check that the request matches the signature
Signature ok
The countryName field needed to be the same in the
CA certificate (AU) and the request (CN)

这样,证书就申请成功了。可以对证书进行使用。