http://blog.ivanristic.com/2013/10/openssl-cookbook-v1.1-released.html
openss Comman-dLine-HowTo: https://www.madboa.com/geek/openssl/
#check openssl version
点击(此处)折叠或打开
- openssl version -a #verbose
- openssl version
点击(此处)折叠或打开
- openssl genrsa -aes128 -out fd.key 2048
点击(此处)折叠或打开
- openssl rsa -in fd.key -pubout -out fd-public.key
点击(此处)折叠或打开
- openssl dsa -out dsa.key -aes128
点击(此处)折叠或打开
- openssl req -new -key fd.key -out fd.csr
- openssl req -text -in fd.csr -noout #check the CSR is correct
点击(此处)折叠或打开
- openssl x509 -x509toreq -in fd.crt -out fd.csr -signkey fd.key
点击(此处)折叠或打开
- openssl x509 -req -days 365 -in fd.csr -signkey fd.key -out fd.crt
点击(此处)折叠或打开
- openssl req -new -x509 -days 365 -key fd.key -out fd.crt
点击(此处)折叠或打开
- openssl x509 -text -in fd.crt -noout
点击(此处)折叠或打开
- openssl ciphers -v 'ALL:COMPLEMENTOFALL'
- openssl ciphers -v -v 'ALL:COMPLEMENTOFALL'
- openssl ciphers -v 'RC4' #list only cipher suites that are based on RC4
- openssl ciphers -v 'RC4+SHA' #combine keywords select suites that use RC4 and SHA:
- openssl ciphers -v 'RC4:AES' #to choose all suites that use RC4 or AES ciphers:
- openssl ciphers -v 'ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW' #apache in httpd.conf SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
- openssl ciphers -v 'DES-CBC-SHA:DES-CBC3-SHA:RC4-SHA:AES256-SHA:@STRENGTH' #@STRENGTH sort these suite in strength descending order
最常见的给httpd配置ssl.
其实只需要建公钥,私钥,然后create csr,然后self sign 一下即可。