生成CA免費證書 整理

2021-10-07 20:46:27 字數 3417 閱讀 9041

**:

[ req ]


default_bits       = 4096


distinguished_name = req_distinguished_name


[ req_distinguished_name ]


countryname                 = cn


countryname_default         = cn


stateorprovincename         = jiangsu


stateorprovincename_default = jiangsu


localityname                = sz


localityname_default        = suzhou


organizationname            = kk


organizationname_default    = kk


commonname                  = json


commonname_max              = 64


commonname_default          = json
openssl genrsa -out ca.key 4096
openssl req -new -sha256 -out ca.csr -key ca.key -config ca.conf
openssl x509 -req -days 3650 -in ca.csr -signkey ca.key -out ca.crt
[ req ]


default_bits = 2048


distinguished_name = req_distinguished_name


req_extensions = req_ext


[ req_distinguished_name ]


countryname = cn


countryname_default = cn


stateorprovincename = jiangsu


stateorprovincename_default = jiangsu


localityname = sz


localityname_default = suzhou


organizationname = kk


organizationname_default = kk


commonname = json


commonname_max = 64


commonname_default = 192.168.1.1


[ req_ext ]


subjectaltname = @alt_names


[alt_names]


ip = 192.168.1.1
openssl genrsa -out server.key 2048
openssl req -new -sha256 -out server.csr -key server.key -config server.conf
openssl x509 -req -days 3650 -ca ca.crt -cakey ca.key -cacreateserial \


-in server.csr \


-out server.crt \


-extensions req_ext \


-extfile server.conf
server 


}
version: '2'


services:


nginx:


image: nginx:latest


volumes:


- /docker/nginx/html:/usr/share/nginx/html:ro


- /etc/localtime:/etc/localtime:ro


- /docker/nginx/conf.d/default.conf:/etc/nginx/conf.d/default.conf:ro


- /docker/crt/nginx.conf:/etc/nginx/conf.d/nginx.conf:ro


- /docker/crt/server.crt:/etc/nginx/conf.d/server.crt:ro


- /docker/crt/server.key:/etc/nginx/conf.d/server.key:ro


restart: always


environment:


- tz=asia/shanghai


ports:


- 80:80


- 8443:443


container_name: nginx
2條命令分開執行:


這一步遇到輸入框輸入密碼:123456,密碼跟第二步的「deststorepass」密碼一樣就行


openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -name "server"


執行結束後在執行下面命令:注意這個「deststorepass」的密碼跟第一步輸入的一樣


keytool -importkeystore -v -srckeystore server.p12 -srcstoretype pkcs12 -srcstorepass 123456 -destkeystore server.keystore -deststoretype jks -deststorepass 123456
修改server.xml內容,新增下面節點,這裡的「server.keystore」就是上面生成的檔案


version: '2'


services:


tomcat:


image: tomcat:latest


restart: always


container_name: tomcat


ports:


- 8080:8080


- 8443:8443


volumes:


- /docker/crt/server.xml:/usr/local/tomcat/conf/server.xml:ro


- /docker/crt/server.keystore:/usr/local/tomcat/conf/server.keystore:ro


environment:


- tz=asia/shanghai
最後啟動容器即可。

openssl生成CA證書

首先要有乙個ca根證書,然後用ca根證書來簽發使用者證書。使用者進行證書申請 一般先生成乙個私鑰,然後用私鑰生成證書請求 證書請求裡應含有公鑰資訊 再利用證書伺服器的ca根證書來簽發證書。生成ca私鑰 key 生成ca證書請求 csr 自簽名得到根證書 crt ca給自已頒發的證書 generate...

生成https 免費證書

https證書配置 首先採用的是let s encrypt頒發的免費證書,其次我是使用acme.sh配置的,這裡主要說一下acme.sh的安裝以及使用。1.安裝 官方方法使用如下命令即可 curl sh要麼 wget o sh或者,從git安裝 git clone cd acme.sh解壓之後進入目...

openssl生成CA根證書及子證書

生成根證書 1.生成ca秘鑰,得到ca.key openssl genrsa out ca.key 4096 2.生成ca證書簽發請求,得到ca.csr openssl req new key ca.key out ca.csr subj c cn st jiangsu l nanjing o ji...