openssl生成公钥私钥

  1. 生成RSA私钥
  2. [root@localhost ]# openssl genrsa -out rsa_private_key.pem 1024
  3. Generating RSA private key, 1024 bit long modulus
  4. ...................................................++++++
  5. ................................++++++
  6. e is 65537 (0x10001)
  7.  
  8. RSA私钥转换成PKCS8格式
  9. [root@localhost ]# openssl pkcs8 -topk8 -inform PEM -in rsa_private_key.pem -outform PEM -nocrypt >>PKCS8
  10. -----BEGIN PRIVATE KEY-----
  11. MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAK3yRORPFpdAroGb
  12. zf8fZSJk+W4FUJKOwtFuiFYb/U1IpcRwHIZOILOPHsMPxoKY26rS2Ou12NRv7Un+
  13. xdWV71237Bxch3lC8BgxYOOPW0Kf/Coz0nqQH6t8z74MI5M+lUn8wleYUVGnZpzC
  14. qiAIn/eAQCeN8TN+UacU6Tt8rtFBAgMBAAECgYAskky219EpFqjgiyTgv5Gxm4AS
  15. ggggVbZz5cfHkMp6OChJypR0kaZtfDncr7klE7gN8JMm6uTRopCCCmd1EENSKtYx
  16. dMrNyTKJfy+ZaApmAn1ecRXuIbsTSfpILy1RSBv9kJFY1ZQs8NBLM62V8u5SM7YJ
  17. g1elwFLQmccF2bmE5QJBAOYptj2dPyUsxEzpreCMnlH8FZE4Nf50alcISwEkWSN3
  18. cul2NNCt2Zn/mId0e9Fj15z/khHIWZsaCxe9WXUv3H8CQQDBeQnFJtSDEpp+Yyti
  19. EdLFfupa+oCywvGtbkRTtJFjnXDt19hXoy/HUfLOrBybyHpoozZK+oGvAviucIjK
  20. yXI/AkEA3oyMm20VppNvx9LX/tzZJPrzu7Q3eTAFttvc8mC8FDAmm5lhnjnLwz1C
  21. tg8qvh+lVzhDfBBWnEOFYFIFUuuRbwJBAK4ha0q3dSN3VfeU+BHvKr24SeOSfMzn
  22. qi9HBFY2OXjn1iErWLsf07vYpOmgfKs1V/7fjtkS+C91RC90d5nUj28CQQCmmgdJ
  23. xn10l0N4iQ4co0UclmGYKNkYd+BXLrvPzaSx0v8FlQgcggOOqpDUuSR0Qq3XEhqI
  24. vKnLReXzcEEJuv55
  25. -----END PRIVATE KEY-----
  26.  
  27. 生成公钥
  28. [root@localhost ]# openssl rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem
  29. writing RSA key
  30.  
  31.  
  32. [root@localhost 1]# ls -1
  33. PKCS8 #PKCS8格式的私钥,从RSA私钥来的
  34. rsa_private_key.pem #RSA私钥
  35. rsa_public_key.pem #RSA公钥

Nginx下openssl颁发SSL证书

  1. Nginxopenssl颁发SSL证书
  2.  
  3. 1) rpm -ivh http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm
  4. 2) yum install nginx php-fpm.x86_64 -y
  5. 3) cd /etc/nginx/conf.d
  6. 4) openssl genrsa -des3 -out baiqiuyi.com.key 2048 #创建私钥 (没密码 openssl genrsa -out baiqiuyi.com.key 2048)
  7. 5) openssl req -new -key baiqiuyi.com.key -out baiqiuyi.com.csr #证书签名
  8. 6) openssl x509 -req -days 365 -in baiqiuyi.com.csr -signkey baiqiuyi.com.key -out baiqiuyi.com.crt #用私钥及证书签名颁发证书
  9. 7) #添加至nginx配置文件
  10. ssl on;
  11. ssl_certificate /etc/nginx/conf.d/baiqiuyi.com.crt;
  12. ssl_certificate_key /etc/nginx/conf.d/baiqiuyi.com.key;
  13. 8) openssl rsa -in baiqiuyi.com.key  -out nopasswd.baiqiuyi.com.key #移除密码,如果不希望Nginx重启需要输入密码则使用这个key
  14. #nginx配置文件
  15. server {
  16.     listen       80;
  17.     listen       443;
  18. #
  19. ssl on;
  20. ssl_certificate /etc/nginx/conf.d/baiqiuyi.com.crt;
  21. #ssl_certificate_key /etc/nginx/conf.d/baiqiuyi.com.key;
  22. ssl_certificate_key /etc/nginx/conf.d/nopasswd.baiqiuyi.com.key;
  23.     server_name  localhost;
  24.     location / {
  25.         root   /usr/share/nginx/html;
  26.         index  index.php index.html index.htm;
  27.     }
  28.     location ~ \.php$ {
  29.         root          /usr/share/nginx/html;
  30.         fastcgi_pass   127.0.0.1:9000;
  31.         fastcgi_index  index.php;
  32.         fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
  33.         include        fastcgi_params;
  34.     }
  35. }
1 1