電訊茶室's Archiver

角色 發表於 2013-3-17 22:06

怎样OpenSSL去generate certificates

[i=s] 本帖最後由 角色 於 2019-4-6 17:13 編輯 [/i]

官网:
[url]https://www.openssl.org/[/url]

References:

[url]https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs[/url]

[url]https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl[/url]

[url]https://phoenixnap.com/kb/openssl-tutorial-ssl-certificates-private-keys-csrs[/url]

[url]https://geekflare.com/openssl-commands-certificates/[/url]

[url]https://help.ubuntu.com/lts/serverguide/certificates-and-security.html.en[/url]

[url]https://medium.freecodecamp.org/openssl-command-cheatsheet-b441be1e8c4a[/url]

Simple and easy method
[url]https://devcenter.heroku.com/articles/ssl-certificate-self[/url]
[url]https://www.akadia.com/services/ssh_test_certificate.html[/url]

Simple and stright forward to create self-signed certificates
[url]https://www.cisco.com/c/en/us/td/docs/security/firepower/623/fdm/fptd-fdm-config-guide-623/fptd-fdm-certificates.html[/url]

Other information:
[url]https://mum.mikrotik.com/presentations/ID16/presentation_3277_1476686469.pdf[/url]

角色 發表於 2013-3-17 23:00

[i=s] 本帖最後由 角色 於 2013-3-18 14:03 編輯 [/i]

在使用openssl去gen cert和key,主要主力的地方:[code]Country Name (2 letter code) [AU]:HK
State or Province Name (full name) [Some-State]:name1
Locality Name (eg, city) []:name2
Organization Name (eg, company) [Internet Widgits Pty Ltd]:name3
Organizational Unit Name (eg, section) []:name4
Common Name (e.g. server FQDN or YOUR name) []:name5
Email Address []:your_email_address
[~] #
[/code]去generate一个ca.cert, 最重要就是name5,如果没有FQDN,是否可以IP Address,又或者普通打一个name就算呢?

1、最做ca.cert and ca.key
2、然后server.cert and server.key
3、最后client.cert and client.key

角色 發表於 2019-3-25 11:27

过了5年了,因为V2Ray ws+tls问题,又回到这个问题上,估计要花点时间在这方面。

角色 發表於 2019-3-27 10:39

最后都是用了caddy,里面自动运行Let's encrpt去跟certs and keys。

頁: [1]

Powered by Discuz! Archiver 7.2  © 2001-2009 Comsenz Inc.