Generate OpenSSL certificates in Linux environment

Generate OpenSSL certificates in Linux environment

1. Environment: CentOS7, Openssl1.1.1k.

2. Concept:

Root certificate: It is the basis for generating server certificates and client certificates. It can also be called a self-signed certificate, i.e. a CA certificate.

Server certificate: issued by the root certificate and configured on the server.

Client certificate: issued by the root certificate and configured on the client. It can also be configured on a web server and installed on a browser.

Symmetric encryption: A file is encrypted with a password, and then the same password is used to decrypt it.

Asymmetric encryption: one password is used for encryption and another set of passwords is used for decryption. This includes the following two situations:

When used to encrypt data: public key encryption, private key decryption

When used for file signing: private key signature, public key signature verification

3. Steps:

1. View the openssl configuration file openssl.cnf

vim /etc/pki/tls/openssl.cnf

2. Create the directory and files required for the root certificate CA

cd /etc/pki/CA

#Create the directories and files required in the configuration file information mkdir -pv {certs,crl,newcerts,private}

touch {serial,index.txt}

3. Indicate the starting number of the certificate

echo 01 >> serial

4. Generate root certificate

# Generate CA private key (ca.key)
openssl genrsa -des3 -out ca.key 2048 
# Generate CA certificate signing request (ca.csr)
openssl req -new -key ca.key -out ca.csr
# Generate a self-signed CA certificate (ca.cert)
openssl x509 -req -days 3650 -in ca.csr -signkey ca.key -out ca.crt

5. Generate server certificate

# Generate server private key (server.key)
openssl genrsa -des3 -out server.key 2048 
# Generate server certificate signing request (server.csr)
openssl req -new -key server.key -out server.csr
# Use the CA certificate to sign the server CSR to generate the server certificate (server.cert)
openssl ca -days 3650 -in server.csr -out server.crt -cert ca.crt -keyfile ca.key

6. Generate client certificate

# Generate client private key (client.key)
openssl genrsa -des3 -out client.key 2048
# Generate client certificate signing request (client.csr)
openssl req -new -key client.key -out client.csr
# Use the CA certificate to sign the client csr to generate the client certificate (client.cert)
openssl ca -days 3650 -in client.csr -out client.crt -cert ca.crt -keyfile ca.key

7. View the certificate content

openssl x509 -in server.crt -noout -text

8. Convert crt to pem

openssl x509 -in ca.crt -out ca.pem -outform PEM

openssl x509 -in server.crt -out server.pem -outform PEM

openssl x509 -in client.crt -out client.pem -outform PEM

9. Strip the password of the private key

openssl rsa -in server.key -out serverkey.pem

openssl rsa -in client.key -out clientkey.pem

The generated certificate list:

This is the end of this article about the details of generating openssl certificates in Linux environment. For more relevant content about generating openssl certificates in Linux, please search for previous articles on 123WORDPRESS.COM or continue to browse the related articles below. I hope everyone will support 123WORDPRESS.COM in the future!

You may also be interested in:
  • OpenSSL commands and example code in Linux
  • Detailed steps to install openssl, swoole and other extensions under Linux
  • Linux openssl basic introduction

<<:  Detailed explanation of simple html and css usage

>>:  30 free high-quality English ribbon fonts

Recommend

Detailed graphic tutorial on installing centos7 virtual machine in Virtualbox

1. Download centos7 Download address: https://mir...

5 super useful open source Docker tools highly recommended

Introduction The Docker community has created man...

How to introduce scss into react project

First download the dependencies yarn add sass-loa...

Sample code for implementing honeycomb/hexagonal atlas with CSS

I don’t know why, but UI likes to design honeycom...

JavaScript Sandbox Exploration

Table of contents 1. Scenario 2. Basic functions ...

JavaScript parseInt() and Number() difference case study

Learning objectives: The two functions parseInt()...

When to use table and when to use CSS (experience sharing)

The main text page of TW used to have a width of 8...

A detailed explanation of the subtle differences between Readonly and Disabled

Readonly and Disabled both prevent users from chan...

HTML tag full name and function introduction

Alphabetical DTD: Indicates in which XHTML 1.0 DT...

Install and build a server environment of PHP+Apache+MySQL on CentOS

Yum (full name Yellow dog Updater, Modified) is a...