openssl发作pk12个人证书.txt
openssl产生pk12个人证书.txt
http://www.ddmdd.com/?p=65 使用openssl进行证书管理 网上文档
http://www.openssl.org/docs/apps/openssl.html 参数说明
1.建立CA根证书
openssl req -new -x509 -newkey rsa:1024 -keyout CA.key -out CA.pem -days 36000 -subj /C=CN/ST=shanghai/O=enfang/L=sh/OU=comp/CN=caroot
? -passin pass:123 输入密码
? -passout pass:1234 输出密码
2. 客户端证书请求
openssl req -new -newkey rsa:1024 -keyout ddmdd_a.key -out ddmdd_a.req -passout pass:1111 \
-subj /C=CN/ST=shanghai/O=enfang/L=sh/OU=comp/CN=yingyao
-subj arg ,arg ex:/type0=value0/type1=value1/type2=...,
/C=CN/ST=shanghai/O=enfang/L=sh/OU=comp/CN=1224RA1
where CN means Common Name, OU means Organizational Unit, O means Organization,
L means Locality, ST means State (or province) and C means country.
Also seen in the wild are DC (Domain Component, a piece of a DNS domain e.g. dc=google,dc=com),
and various longer forms or "OID"s.
Country Name (2 letter code) [GB]:
State or Province Name (full name) [Berkshire]:
Organization Name (eg, company) [My Company Ltd]:
此3项需和CA证书相同,否则签名通不过
3. 为客户签发证书
echo "01">../../CA/serial #先设置个证书序列号
openssl ca -keyfile ./CA.key -cert ./CA.pem -in ddmdd_a.req -out ddmdd_a.pem -notext -passin pass:1234 -batch
4. 转换证书格式
openssl pkcs12 -export -in ddmdd_a.pem -inkey ddmdd_a.key -out ddmdd_a.pfx -passin pass:1111 -passout pass:2222
http://www.ddmdd.com/?p=65 使用openssl进行证书管理 网上文档
http://www.openssl.org/docs/apps/openssl.html 参数说明
1.建立CA根证书
openssl req -new -x509 -newkey rsa:1024 -keyout CA.key -out CA.pem -days 36000 -subj /C=CN/ST=shanghai/O=enfang/L=sh/OU=comp/CN=caroot
? -passin pass:123 输入密码
? -passout pass:1234 输出密码
2. 客户端证书请求
openssl req -new -newkey rsa:1024 -keyout ddmdd_a.key -out ddmdd_a.req -passout pass:1111 \
-subj /C=CN/ST=shanghai/O=enfang/L=sh/OU=comp/CN=yingyao
-subj arg ,arg ex:/type0=value0/type1=value1/type2=...,
/C=CN/ST=shanghai/O=enfang/L=sh/OU=comp/CN=1224RA1
where CN means Common Name, OU means Organizational Unit, O means Organization,
L means Locality, ST means State (or province) and C means country.
Also seen in the wild are DC (Domain Component, a piece of a DNS domain e.g. dc=google,dc=com),
and various longer forms or "OID"s.
Country Name (2 letter code) [GB]:
State or Province Name (full name) [Berkshire]:
Organization Name (eg, company) [My Company Ltd]:
此3项需和CA证书相同,否则签名通不过
3. 为客户签发证书
echo "01">../../CA/serial #先设置个证书序列号
openssl ca -keyfile ./CA.key -cert ./CA.pem -in ddmdd_a.req -out ddmdd_a.pem -notext -passin pass:1234 -batch
4. 转换证书格式
openssl pkcs12 -export -in ddmdd_a.pem -inkey ddmdd_a.key -out ddmdd_a.pfx -passin pass:1111 -passout pass:2222