爬坑 | centos7生成ssl数字证书
1.查看是否安装httpd和SSL(如果有就可以进行下一步)
$ rpm -qa | grep httpd
httpd-tools-2.4.6-80.el7.centos.1.x86_64
httpd-2.4.6-80.el7.centos.1.x86_64
$ rpm -qa | grep ssl
openssl-1.0.2k-12.el7.x86_64
python-backports-ssl_match_hostname-3.5.0.1-1.el7.noarch
openssl098e-0.9.8e-29.el7.centos.3.x86_64
xmlsec1-openssl-1.2.20-7.el7_4.x86_64
openssl-libs-1.0.2k-12.el7.x86_64
如果没有httpd,按下面步骤安装:
安装httpd服务
yum install httpd -y
重启httpd服务
systemctl start httpd.service
关闭系统防火墙
systemctl stop iptables.service
httpd服务安装完成
2.生成服务器私钥
$ cd /etc/pki/tls
$ sudo openssl genrsa -out server.key 1024
[sudo] harley 的密码:
Generating RSA private key, 1024 bit long modulus
...++++++
...............................................................................++++++
e is 65537 (0x10001)
3.用私钥server.key文件生成证书请求文件csr
$ sudo openssl req -new -key server.key -out server.csr
Country Name (2 letter code) [XX]:China
string is too long, it needs to be less than 2 bytes long
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:sichuan
Locality Name (eg, city) [Default City]:chengdu
Organization Name (eg, company) [Default Company Ltd]:UESTC
Organizational Unit Name (eg, section) []:UESTCXX
Common Name (eg, your name or your server's hostname) []:hqber.com
Email Address []:1290355757@qq.com
上面的步骤完成之后会让你输入一个密码(不用理,直接回车):
A challenge password []:
An optional company name []:
4.生成证书文件
$ sudo openssl x509 -days 365 -req -in server.csr -signkey server.key -out server.crt
结果如下:
Signature ok
subject=/C=CN/ST=sichuan/L=chengdu/O=UESTC/OU=UESTCXX/CN=hqber.com/emailAddress=1290355757@qq.com
Getting Private key
本作品采用 知识共享署名-相同方式共享 4.0 国际许可协议 进行许可。