找到一篇可以解决问题好文章:
http://www.howtoforge.com/faq/2_18_en.html
第一步, 生成private.key文件(私钥?猜测)
$ openssl genrsa -des3 -passout pass:test -out private.key 1024 输出结果: Generating RSA private key, 1024 bit long modulus ............................++++++ ..++++++ e is 65537 (0x10001)
第二步, 生成server.csr文件(CA?猜测)
$ openssl req -new -passin pass:test -passout pass:test1 -key private.key -out server.csr -days 365 输出结果: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [GB]:CN <-- 提示输入国家代码 State or Province Name (full name) [Berkshire]:Beijing <-- 提示输入省份 Locality Name (eg, city) [Newbury]:Beijing <-- 提示输入城市 Organization Name (eg, company) [My Company Ltd]:Groupon.cn <-- 提示输入组织 Organizational Unit Name (eg, section) []:com <-- 提示输入(?,英文不行) Common Name (eg, your name or your server's hostname) []:www.groupon.cn <-- 提示输入服务器 Email Address []:[email protected] <-- 提示输入联系人 Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:groupon <-- 提示输入密码 An optional company name []:Groupon.cn <-- 提示输入公司名
第三步, 生成server.crt文件(cert,搞不清)
$ openssl req -x509 -passin pass:test -passout pass:test1 -key private.key -in server.csr -out server.crt -days 365
第四步, 生成加密后的private.key文件
$ openssl rsa -passin pass:test -in private.key -out private.key.encrypted $ chmod 400 private.key.encrypted # 保险
测试服务器监听:
$ openssl s_server -cert server.crt -key private.key.encrypted -www 输出结果: Using default temp DH parameters ACCEPT
开始监听了。
测试客户端请求:
$ openssl s_client -cert server.crt -key private.key
输出结果:
Enter pass phrase for private.key: <-- 提示输入密码 CONNECTED(00000003) depth=0 /C=CN/ST=Beijing/L=Beijing/O=Groupon.cn/OU=com/CN=www.groupon.cn/[email protected] verify error:num=18:self signed certificate verify return:1 depth=0 /C=CN/ST=Beijing/L=Beijing/O=Groupon.cn/OU=com/CN=www.groupon.cn/[email protected] verify return:1 --- Certificate chain 0 s:/C=CN/ST=Beijing/L=Beijing/O=Groupon.cn/OU=com/CN=www.groupon.cn/[email protected] i:/C=CN/ST=Beijing/L=Beijing/O=Groupon.cn/OU=com/CN=www.groupon.cn/[email protected] --- Server certificate -----BEGIN CERTIFICATE----- MIIDkDCCAvmgAwIBAgIJAJM5Mvh8OdvGMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYD VQQGEwJDTjEQMA4GA1UECBMHQmVpamluZzEQMA4GA1UEBxMHQmVpamluZzETMBEG A1UEChMKR3JvdXBvbi5jbjEMMAoGA1UECxMDY29tMRcwFQYDVQQDEw53d3cuZ3Jv dXBvbi5jbjEeMBwGCSqGSIb3DQEJARYPaW5mb0Bncm91cG9uLmNuMB4XDTExMDQy MzE1MDQwMVoXDTEyMDQyMjE1MDQwMVowgY0xCzAJBgNVBAYTAkNOMRAwDgYDVQQI EwdCZWlqaW5nMRAwDgYDVQQHEwdCZWlqaW5nMRMwEQYDVQQKEwpHcm91cG9uLmNu MQwwCgYDVQQLEwNjb20xFzAVBgNVBAMTDnd3dy5ncm91cG9uLmNuMR4wHAYJKoZI hvcNAQkBFg9pbmZvQGdyb3Vwb24uY24wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ AoGBAL4z45lP2A0x0Dbn8VwqqSoa8RfO9OnObc/+0DbO9TZyD5++1IiD136C3I02 zUL8nlnUCMLpc1i4pFxRYjnCf18hm/Reh5lK6WQ/HymMjex7JGLOYFpyZtIhIy6X VS6wp8l47F9U6atwnWIw4OxxW0Nk44kbb4xHkkKz/z2PAqYHAgMBAAGjgfUwgfIw HQYDVR0OBBYEFMcE8VTxOD03B2l6vtEAKjCvIk93MIHCBgNVHSMEgbowgbeAFMcE 8VTxOD03B2l6vtEAKjCvIk93oYGTpIGQMIGNMQswCQYDVQQGEwJDTjEQMA4GA1UE CBMHQmVpamluZzEQMA4GA1UEBxMHQmVpamluZzETMBEGA1UEChMKR3JvdXBvbi5j bjEMMAoGA1UECxMDY29tMRcwFQYDVQQDEw53d3cuZ3JvdXBvbi5jbjEeMBwGCSqG SIb3DQEJARYPaW5mb0Bncm91cG9uLmNuggkAkzky+Hw528YwDAYDVR0TBAUwAwEB /zANBgkqhkiG9w0BAQUFAAOBgQBq4dX+aWxvfffiedJud9Tj7iVeVLnlLxaVreRS lV+tFAf7yKpvU1ovDbijg8eJDFfviCDdtQ2azk9xFlF6rup9lP9lNJ4JS47czGjM kjWuFMG2Ph31c7L0ZO29oOs/JvsC6LNke/eKPKlPbV1W/eVqtND7ikdhsEDPAw4m Xnm1Rw== -----END CERTIFICATE----- subject=/C=CN/ST=Beijing/L=Beijing/O=Groupon.cn/OU=com/CN=www.groupon.cn/[email protected] issuer=/C=CN/ST=Beijing/L=Beijing/O=Groupon.cn/OU=com/CN=www.groupon.cn/[email protected] --- No client certificate CA names sent --- SSL handshake has read 1352 bytes and written 279 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: D1445F79686E6FF11A6C70728C0DBA362F294EC7E87956B9D8A35DBBBA36F664 Session-ID-ctx: Master-Key: 821049AD5B8C2DBCCB280411F72145EF699D1B3889A977BD37889CF1B806D33019538359DC6A7BEF1932C78C332F763C Key-Arg : None Krb5 Principal: None Start Time: 1303571494 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) ---