SSL證書是
數字證書的一種,類似於駕駛證、護照和營業執照的電子副本。因為配置在服務器上,也稱為SSL服務器證書。
SSL 證書就是遵守 SSL協議,由受信任的數字證書頒發機構CA(如
GlobalSign,
wosign),在驗證服務器身份后頒發,
具有服務器身份驗證和數據傳輸加密功能。
采用1024位RSA非對稱加密算法進行加密。
1.查看是否安裝httpd和SSL(如果有就可以進行下一步)
[root
@localhost
~]# rpm -qa | grep httpd
httpd-tools-
2.2
.
15
-
47
.el6.centos.
4
.x86_64
[root
@localhost
~]# rpm -qa | grep ssl
openssl-
1.0
.1e-
42
.el6_7.
4
.x86_64
openssl-devel-
1.0
.1e-
42
.el6_7.
4
.x86_64
docbook-style-dsssl-
1.79
-
10
.el6.noarch
mod_ssl-
2.2
.
15
-
47
.el6.centos.
4
.x86_64
nss_compat_ossl-
0.9
.
6
-
1
.el6.x86_64
|
2.生成服務器私鑰
[root
@localhost
/]# cd /etc/pki/tls
[root
@localhost
tls]# openssl genrsa -out server.key
1024
Generating RSA
private
key,
1024
bit
long
modulus
.............++++++
...........................++++++
e is
65537
(
0x10001
)
|
3.用私鑰server.key文件生成證書請求文件csr
[root
@localhost
tls]# openssl req -
new
-key server.key -out server.csr
Country Name (
2
letter code) [XX]:China
string is too
long
, it needs to be less than
2
bytes
long
Country Name (
2
letter code) [XX]:CN
State or Province Name (full name) []:zhejiang
Locality Name (eg, city) [Default City]:hangzhou
Organization Name (eg, company) [Default Company Ltd]:CQ
Organizational Unit Name (eg, section) []:cqxx
Common Name (eg, your name or your server's hostname) []:www.jbhjbh.com
Email Address []:cuilingli
@jbhjbh
.com
|
上面的步驟完成之后會讓你輸入一個密碼:
A challenge password []:
An optional company name []:
|
不用理他直接回車
4.生成證書文件
[root
@localhost
tls]# openssl x509 -days
365
-req -in server.csr -signkey server.key -out server.crt
|
結果如下
Signature ok
subject=/C=CN/ST=zhejiang/L=hangzhou/O=CQ/OU=cqxx/CN=www.jbhjbh.com/emailAddress=cuilingli
@jbhjbh
.com
Getting Private key
|