加密 签名和SSL握手机制细节

  • 对称加密:加密解密使用同一密钥,加解密速度快。

  • 非对称加密:使用公钥配对加解密,速度慢。公钥从私钥中提取出来,一般拿对方公钥加密来保证数据安全性,拿自己的私钥加密来证明数据来源的身份。

  • 单向加密

  • :不算是加密,也常称为散列运算,用于生成独一无二的校验码(或称指纹、特征码)来保证数据的完整性和一致性,如MD5、SHA。具有雪崩效应,任何一点数据的改变,生成的校验码值变化很大。

互联网数据安全可靠的条件:

  1. 数据来源可信,即数据发送者身份可信。
  2. 数据具备完整性,即数据未被修改过。
  3. 数据安全性,即数据不会被泄露,他们截获后无法解密。

对数据加密的方法有三种:对称加密、私钥加密和公钥加密。三种方法只靠其中一种都有不可容忍的缺点,因此考虑将它们结合使用。

…..

Openssl

命令格式:
openssl command [ comand_opts] [ comand_args ]

Standard commands
asn1parse ca ciphers cms
crl crl2pkcs7 dgst dh
dhparam dsa dsaparam ec
ecparam enc engine errstr
gendh gendsa genpkey genrsa
nseq ocsp passwd pkcs12
pkcs7 pkcs8 pkey pkeyparam
pkeyutl prime rand req
rsa rsautl s_client s_server
s_time sess_id smime speed
spkac ts verify version

Message Digest commands (see the `dgst’ command for more details)
md2 md4 md5 rmd160
sha sha1

Cipher commands (see the `enc’ command for more details)
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb
aes-256-cbc aes-256-ecb base64 bf
bf-cbc bf-cfb bf-ecb bf-ofb
camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb
camellia-256-cbc camellia-256-ecb cast cast-cbc
cast5-cbc cast5-cfb cast5-ecb cast5-ofb
des des-cbc des-cfb des-ecb
des-ede des-ede-cbc des-ede-cfb des-ede-ofb
des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb
des-ofb des3 desx idea
idea-cbc idea-cfb idea-ecb idea-ofb
rc2 rc2-40-cbc rc2-64-cbc rc2-cbc
rc2-cfb rc2-ecb rc2-ofb rc4
rc4-40 rc5 rc5-cbc rc5-cfb
rc5-ecb rc5-ofb seed seed-cbc
seed-cfb seed-ecb seed-ofb zlib

传递密码方式 -passin -passout
pass:password
env:var
file:pathname
fd:number
stdin

生成RSA密钥

usage: genrsa [args] [numbits]
openssl genrsa -h 查看帮助

  • 生成512位rsa私钥输出到屏幕
    openssl genrsa 512
  • 生成512位rsa私钥输出到文件
    openssl genrsa -out genrsa.txt 512
  • 加密私钥文件,指定加密密码12345
    openssl genrsa -out genrsa.txt -des3 -passout pass:12345 512

openssl rsa和openssl pkey

分别是RSA密钥的处理工具和通用非对称密钥处理工具,它们用法基本一致
rsa [options]outfile
openssl rsa -h 查看帮助

  • 创建一个rsa私钥文件genrsa.pri,然后提取rsa公钥到rsa.pub文件中

    1
    2
    openssl genrsa -out genrsa.pri
    openssl rsa -in genrsa.pri -pubout -out rsa.pub

  • 创建一个加密的rsa私钥文件genrsab.pri,然后从此文件输出公钥至文件rsab.pub

    1
    2
    3
    4
    openssl genrsa -out genrsab.pri -des3 -passout pass:12345
    openssl rsa -in genrsab.pri -pubout -out rsak.pub 输入密码才能读取私钥文件
    可使用-passin传递解密的密码
    openssl rsa -in genrsab.pri -pubout -out rsab.pub -passin pass:12345

  • 移除私钥文件或公钥文件的密码。只需输出到新文件即可

    1
    openssl rsa -in genrsa.pri -out genrsa.txt

  • check检测私钥文件的一致性,查看私钥文件是否被修改过

    1
    openssl rsa -in genrsa.pri -check

openssl speed和openssl rand

测试加密算法的性能
openssl speed -h

Available values:
md2 md4 md5 hmac sha1 sha256 sha512 whirlpoolrmd160
idea-cbc seed-cbc rc2-cbc rc5-cbc bf-cbc
des-cbc des-ede3 aes-128-cbc aes-192-cbc aes-256-cbc aes-128-ige aes-192-ige aes-256-ige
camellia-128-cbc camellia-192-cbc camellia-256-cbc rc4
rsa512 rsa1024 rsa2048 rsa4096
dsa512 dsa1024 dsa2048
ecdsap256 ecdsap384 ecdsap521
ecdsa
ecdhp256 ecdhp384 ecdhp521
ecdh
idea seed rc2 des aes camellia rsa blowfish
不指定参数将测试所有算法

openssl rand生成伪随机数

Usage: rand [options] num
where options are
-out file - write to file
-engine e - use engine e, possibly a hardware device.
-rand file:file:… - seed PRNG from files
-base64 - base64 encode output
-hex - hex encode output
不指定-base64或-hex时生成的随机数是二进制形式乱码,且没\n

openssl passwd生成加密密码

用于生成加密的密码
whatis passwd
man sslpasswd
支持3种加密算法方式:不指定算法时,默认使用-crypt
openssl passwd [-crypt] [-1] [-apr1] [-salt string] [-in file] [-stdin] [-noverify] [-quiet][-table] {password}

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
-crypt       standard Unix password algorithm (default)

-1         MD5-based password algorithm

-apr1       MD5-based password algorithm, Apache variant
apache中使用的备选md5算法,不能和“-1”选项一起使用,因为apr1本身就默认了md5。htpasswd工具生成的身份验证密码就是此方法。
-salt string    use provided salt

-in file      read passwords from file

-stdin       read passwords from stdin

-noverify     never verify when reading password from terminal

-quiet       no warnings

-table       format output as table

-reverse      switch table columns

加盐时,盐相同密码相同,则加密结果相同。默认加密算法-crypt盐只取前两位
不加盐时加密结果不同。

1
2
3
4
5
6
7
8
9
10
[root@bz ~] openssl passwd -apr1 12345
$apr1$JVY5PZY8$IumAZcZivdUoj8YwrIzki/
[root@bz ~] openssl passwd -apr1 12345
$apr1$HYv9lrC/$fpIHYfxW1eo1IzdRpmbdp/
[root@bz ~] openssl passwd -apr1 12345;openssl passwd -apr1 12345
$apr1$/hASpmLe$nA0YzQAxSq06/eM5CGgMD/
$apr1$zGFBlUs8$C.FuJCnisVyDbGnwb.Wsx1
[root@bz ~] openssl passwd -apr1 -salt 'abc123' 12345; openssl passwd -apr1 -salt 'abc123' 12345
$apr1$abc123$bvk9hy9Czy1tumIGOpNPW1
$apr1$abc123$bvk9hy9Czy1tumIGOpNPW1

关于openssl passwd文件,它生成的密码可以直接复制到/etc/shadow文件中,但不支持sha512,如果要生成sha512密码可使用grub-crypt生成,它是一个python脚本。centos7只有grub2,grub-crypt命令没了

python生成方式,见junma

Openssl dgst单向加密工具(生成和验证数字签名)

单向加密工具,用于生成文件的摘要信息,也可以进行数字签名,验证数字签名。
数字签名的过程是计算出数字摘要,然后使用私钥对数字摘要进行签名,而摘要是使用md5、sha512等算法计算得出的。
openssl dgst [-sha|-sha1|-mdc2|-ripemd160|-sha224|-sha256|-sha384|-sha512|-md2|-md4|-md5|-dss1]
[-c] [-d] [-hex] [-binary] [-r] [-non-fips-allow] [-out filename] [-sign filename] [-keyform arg]
[-passin arg] [-verify filename] [-prverify filename] [-signature filename] [-hmac key]
[-non-fips-allow] [-fips-fingerprint] [file…]

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
options are
-c              to output the digest with separating colons
-r              to output the digest in coreutils format
-d              to output debug info
-hex            output as hex dump
-binary         output in binary form
-hmac arg       set the HMAC key to arg
-non-fips-allow allow use of non FIPS digest
-sign   file    sign digest using private key in file  #使用文件中的私钥进行签名摘要
-verify file    verify a signature using public key in file #使用文件中的公钥验证签名
-prverify file  verify a signature using private key in file #使用文件中的私钥验证签名
-keyform arg    key file format (PEM or ENGINE)
-out filename   output to filename rather than stdout
-signature file signature to verify #指定签名文件
-sigopt nm:v    signature parameter
-hmac key       create hashed MAC with key
-mac algorithm  create MAC (not neccessarily HMAC)
-macopt nm:v    MAC algorithm parameters or key
-engine e       use engine e, possibly a hardware device.

file...   file or files to digest. If no files are specified then standard input is used.
1
2
3
4
5
6
7
8
9
10
11
使用md5生成摘要信息
echo 123 | openssl md5 

对a.txt文件生成md5 或sha512摘要信息
openssl dgst -md5 a.txt
openssl dgst -sha512 a.txt
openssl md5和openssl dgst md5的作用是一样的,其他单向加密算法也一样,openssl dgst -sha等价于openssl sha
用私钥genrsa.pri,对a.txt文件数字签名
~] openssl genrsa -out genrsa.pri
~] openssl dgst -md5 -sign genrsa.pri a.txt
生成了一段乱码签名

如果要验证签名,那么生成的签名要保存到一个文件中,且签名时不能用-hex选项,否则验证签名失败

1
openssl dgst -md5 -out a.md5.sign -sign rsa.pri a.txt

验证签名 实际是对待验证文件新生成签名,然后与已有签名文件进行比对,如果比对结果相同,则验证通过。所以,在验证签名时不仅要给定待验证的签名文件,也要给定相同的算法,相同的私钥或公钥文件以及待签名文件以生成新签名信息。

1
2
[root@bz ~] openssl dgst -md5 -prverify rsa.pri -signature a.md5.sign a.txt
Verified OK

使用从私钥提取的公钥验证

1
2
3
openssl rsa -in rsa.pri -pubout -out rsa.pub

openssl dgst -md5 -verify rsa.pub -signature a.md5.sign a.txt

openssl rsautl和openssl pkeyutl(文件的非对称加密)

rsautl是rsa的工具,相当于rsa、dgst的部分功能集合,可用于生成数字签名、验证数字签名、加密和解密文件。
pkeyutl是非对称加密的通用工具和rsautl用法差不多

SYNOPSIS

openssl rsautl [-in file] [-out file] [-inkey file] [-pubin] [-certin] [-sign] [-verify] [-encrypt] [-decrypt]

​ [-pkcs] [-ssl] [-raw] [-hexdump] [-asn1parse]

the input key file, by default it should be an RSA private key.

-pubin the input file is an RSA public key.

-certin the input is a certificate containing an RSA public key.

-sign sign the input data and output the signed result. This requires and RSA private key.

-verify verify the input data and output the recovered data.

-encrypt encrypt the input data using an RSA public key.

-decrypt decrypt the input data using an RSA private key.

rsautl命令的用法和rsa dgst不太一样。首先要已经有非对称密钥,所有的命令操作都用到公钥或私处理;-in指定输入文件,不像dgst一样可把输入文件放在命令尾部;该命令使用的密钥文件 签名文件 证书文件都通过-inkey指定,再通过各选项搭配来实现对应功能。

所有命令的操作都用的公钥或私钥来处理。默认只能对短小的文件进行操作,否则报错。

使用公钥加密a.txt

1
2
3
4
5
6
7
[root@bz ~]openssl rsautl -encrypt -in a.txt -out a_crypt.txt -inkey rsa.pub
#用公钥加密,指定-pubin选项
unable to load Private Key

139960934729616:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:707:Expecting: ANY PRIVATE KEY

[root@bz ~]openssl rsautl -encrypt -in a.txt -out a_crypt.txt -inkey rsa.pub -pubin

使用私钥解密b_crypt.txt

1
openssl rsautl -decrypt -in b_crypt.txt -out b_decrypt.txt -inkey genrsa.pri

openssl enc(对称加密)

  • 对称加密机制:
    根据指定的单向加密算法,对输入的明文密码进行单向加密(默认md5),得到固定长度的加密密钥,即对称密钥,再根据指定的对称加密算法,使用对称密钥加密文件,最后重新编码加密后的文件。即单向加密明文密码结果作为对称密钥、使用对称密钥加密文件、对文件重新编码。

  • 对称解密机制:
    先解码文件,再根据单向加密算法对加密时输入的明文密码计算得到对称密钥,依此对称密钥对称解密解码后的文件。因此,解密过程中使用的解码方式、单向加密和对称加密算法都必须一致,且输入的密码必须是正确密码。

SYNOPSIS

openssl enc -ciphername [-in filename] [-out filename] [-pass arg] [-e] [-d] [-a/-base64] [-A] [-k password] [-kfile filename] [-K key] [-iv IV] [-S salt] [-salt] [-nosalt] [-z] [-md] [-p] [-P] [-bufsize number] [-nopad] [-debug] [-none] [-engine id]

​ the input filename, standard input by default.

-out filename the output filename, standard output by default.

-pass arg the password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1). # 传递加解密时的明文密码。若验证签名时使用的公钥或私钥文件是加密过的,则需传递密码来解密

-salt use a salt in the key derivation routines. This is the default.

-nosalt don’t use a salt in the key derivation routines. This option SHOULD NOT be used except for test purposes or compatibility with ancient versions of OpenSSL and SSLeay.

-e encrypt the input data: this is the default.

-d decrypt the input data.

-a base64 process the data. This means that if encryption is taking place the data is base64 encoded after encryption. If decryption is set then the input data is base64 decoded before being decrypted.

-base64 same as -a

options are

-ininput file

-outoutput file

-passpass phrase source

-e encrypt

-d decrypt

-a/-base64 base64 encode/decode, depending on encryption flag

-k passphrase is the next argument

-kfile passphrase is the first line of the file argument

-md the next argument is the md to use to create a key from a passphrase. See openssl dgst -h for list.

-S salt in hex is the next argument

-K/-iv key/iv in hex is the next argument

-[pP] print the iv/key (then exit if -P)

-bufsizebuffer size

-nopad disable standard block padding

-engine e use engine e, possibly a hardware device.

1
2
3
4
#由于未指定密码选项-k或-pass,所以仅只编码而不进行加密,因此不会提示输入密码
openssl enc -a -in a.txt -out a_base64.txt
#base64格式解码
openssl enc -a -d -in a_base64.txt
1
2
3
4
#使用des3对称加密算法加密a.txt 解密
openssl enc -a -des3 -in a.txt -out a.txt.des3 -pass pass:123 -md md5
openssl enc -a -des3 -d -in a.txt.des3 -out a.txt2 -pass pass:123 -md md5
#解密时不指定-pass选项,则交互时提示输入密码

-S 可指定盐,但盐的值只能是16进制范围内字符的组合,即“0-9a-fA-F”的任意一个或多个组合。解密时不用指定salt值,对称密钥中已包含

1
2
3
4
5
6
7
[root@bz ~]openssl enc -a -des3 -in a.txt -out a.txt.des3 -md md5 -pass pass:123 -p
#-p选项输出的信息
salt=C39457571C05674F

key=D0635CC48563CAC2E9DCC60FBC98C99B6CA1465DF308683D #单向加密明文密码后得到的对称密钥

iv =061DFA7891F1A916 #密码运算时使用的向量值

openssl dhparam(密钥交换)

用于生成和管理dh文件。dh(Diffie-Hellman)是著名的密钥交换协议,或称为密钥协商协议,它可以保证通信双方安全地交换密钥。它不是加密算法,不提供加密功能,仅仅只是保护密钥交换的过程。在openvpn中就使用了该交换协议。

SYNOPSIS

openssl dhparam [-inform DER|PEM] [-outform DER|PEM] [-in filename] [-out filename] [-dsaparam] [-check] [-noout] [-text] [-C] [-2] [-5] [-rand file(s)] [-engine id] [numbits]

-in filename

​ This specifies the input filename to read parameters from or standard input if this option is not specified.

-out filename

​ This specifies the output filename parameters to. Standard output is used if this option is not present. The output filename should not be the same as the input filename.

-rand file(s)

​ a file or files containing random data used to seed the random number generator, or an EGD socket (see

​ RAND_egd(3)). Multiple files can be specified separated by a OS-dependent character. The separator is ;

​ for MS-Windows, , for OpenVMS, and : for all others.

numbits

this option specifies that a parameter set should be generated of size numbits. It must be the last option.

​ If this option is present then the input file is ignored and parameters are generated instead. If this

​ option is not present but a generator (-2 or -5) is present, parameters are generated with a default length of 2048 bits.

-noout

​ this option inhibits the output of the encoded version of the parameters.

-text

​ this option prints out the DH parameters in human readable form.

dh协议文件生成速度随长度增长而急剧增长,使用随机数种子可以加快生成速度。

1
2
3
4
5
#生成1024长度的交换协议文件,消耗的时间
[root@bz ~]time openssl dhparam -out dh.pem 1024
#生成随机文件作为随机种子文件,所用时长减少
[root@bz ~]openssl rand 1024 -hex -out rand.seed
[root@bz ~]time openssl dhparam -rand rand.seed -out dh.pem 2048

openssl命令实现的各种算法和加密功能,它的cpu使用率会非常高,再结合dhparam,可以使得openssl dhparam作为一个不错的cpu压力测试工具,并且可以长时间飙高cpu使用率。

DH密钥协商过程

互联网数据签名

对于数据的完整性和一致性,使用单向加密算法,通过hash函数计算出数据独一无二的校验码,这个校验码称为“信息摘要(Message Degest)”

对于数据的来源可靠性,使用自己的私钥加密即可验证身份,因为获得数据后使用公钥不能解密的就证明数据不是配对私钥加密的。但私钥加密速度慢,所以只用私钥加密摘要信息,加密后的摘要信息称为”数字签名(Signature)”。
只要数据使用数字签名就能保证数据来源的可靠性、数据的完整性和一致性。但不能保证数据泄露。

如果在意数据泄露,就需将数字签名和加密结合起来。两种方案:

  1. 先对数据加密,再对加密后的整体进行数字签名;
  2. 先对数据进行数字签名,再对签名后的整体进行加密。
    在互联网上基本使用第二种方法,用户最终只对数据部分进行校验而不对加密后的数据进行校验。

CA、PKI及信任CA

PKI:Public Key Infrastructure
CA
RA
CRL
建立私有CA:
OpenCA
OPenssl

证书存取库
CA(Certificate Authority)数字认证中心,证书颁发机构,申请者提交自己的公钥和一些个人信息(如申请者国家,姓名,单位等)给CA,CA对申请者的这些信息单向加密生成摘要信息,然后使用自己的私钥加密整个摘要信息,这样就得到了CA对申请者的数字签名,在数字签名上再加上CA自己的一些信息(如CA的机构层次,CA层次路径等)以及该证书的信息(如证书有效期限),就得到了所谓的数字证书。

根CA通过自签署数字证书的方式标榜自己的可信性和合法性,根CA颁发第一级子CA数字证书,依次向下签,中间CA的证书称为chain证书。如果购买的证书发给你的文件中包含了chain.crt文件,则说明他是中间CA,且有些浏览器或操作系统中没有内置它的CA,这时应该将chain证书也配置到web server上。
正是这些根CA和子CA组成了PKI

信任CA后,每次接收到需要解密的数字证书时,还要去颁发机构指定网站的证书吊销列表(CRL)中查询该证书是否被吊销。也有公司使用自签证书

数字证书类型和内容

PKI的两种实现方式TLS和SSL使用的证书格式都是x509,TLSv1和SSLv3基本等价,只不过SSL实现在OSI 4层模型中的应用层和传输层的中间,TLS实现在传输层。
PKI的另一种实现方式GPG,它的证书使用的不是x509格式。

openssl req(生成证书请求和自建CA)

req大致3个功能: 生成证书请求文件、验证证书请求文件和创建根CA。

SYNOPSIS

openssl req [-inform PEM|DER] [-outform PEM|DER] [-in filename] [-passin arg] [-out filename] [-passout arg] [-text] [-pubkey] [-noout] [-verify] [-modulus] [-new] [-rand file(s)] [-newkey rsa:bits] [-newkey alg:file] [-nodes] [-key filename] [-keyform PEM|DER] [-keyout filename] [-keygen_engine id] [-[digest]] [-config filename] [-multivalue-rdn] [-x509] [-days n] [-set_serial n] [-asn1-kludge] [-no-asn1-kludge] [-newhdr] [-extensions section] [-reqexts section] [-utf8] [-nameopt] [-reqopt] [-subject] [-subj arg] [-batch] [-verbose] [-engine id]

where options are

-inform arg input format - DER or PEM

-outform arg output format - DER or PEM

-in arg input file

-out arg output file

-text text form of request

-pubkey output public key

-noout do not output REQ

-verify verify signature on REQ

-modulus RSA modulus

-nodes don’t encrypt the output key

-engine e use engine e, possibly a hardware device

-subject output the request’s subject

-passin private key password source

-key file use the private key contained in file

-keyform arg key file format

-keyout arg file to send the key to

-rand file:file:…

​ load the file (or the files in the directory) into

​ the random number generator

-newkey rsa:bits generate a new RSA key of ‘bits’ in size

-newkey dsa:file generate a new DSA key, parameters taken from CA in ‘file’

-newkey ec:file generate a new EC key, parameters taken from CA in ‘file’

-[digest] Digest to sign with (see openssl dgst -h for list)

-config file request template file.

-subj arg set or modify request subject

-multivalue-rdn enable support for multivalued RDNs

-new new request.

-batch do not ask anything during request generation

-x509 output a x509 structure instead of a cert. req.

-days number of days a certificate generated by -x509 is valid for.

生成证书请求文件

根据私钥pri_key.pem生成一个新的证书请求文件。其中”-new“表示新生成一个新的证书请求文件,”-key”指定私钥文件,“out”指定输出文件

1
openssl req -new -key pri_key.pem -out req1.csr

默认会进入交互模式填写相关信息,输入点”.”表示该信息留空。-newkey选项也可创建证书请求。
查看证书请求文件
cat req1.csr或openssl req -in req1.csr

1
2
3
4
5
6
7
8
9
10
11
12
openssl req -in req1.csr -text  #-text 以文本格式输出,结合-noout只输出证书请求的文件头部分

#只输出subject部分的内容
openssl req -in req2.csr -subject -noout

#-pubkey 输出请求文件中的公钥内容,和证书请求时提供的私钥中提取的公钥肯定是一致的
openssl req -in req1.csr -pubkey -noout

#指定证书请求文件中的签名算法
openssl req -new -key pri_key.pem -out req2.csr -md5
#更多支持的算法openssl dgst --help查看

也可让req自动创建所需的私钥文件
默认保存位置为当前目录,文件名为prikey.pem,具体保存的位置和文件名由配置文件(默认为/etc/pki/tls/openssl.cnf)决定,”-keyout”选项可指定私钥保存位置

1
2
openssl req -new -out req3.csr #提示输入私钥加密的密码
openssl req -new -out req3.csr -nodes #"-node"禁止加密私钥文件

-newkey可指定私钥的算法和长度,-newkey arg,arg格式为rsa:numbits,rsa表示rsa私钥,numbits表示私钥的长度,如果不给定长度则默认从配置文件(/etc/pki/tls/openssl.cnf)中读取长度。
除了rsa私钥,当然还有其它种类私钥。

1
openssl req -newkey rsa:2048 -out req3.csr -nodes -keyout myprivkey.pem

openssl req在自动创建私钥时,将总是加密该私钥文件,并提示加密的密码。可使用”-nodes”选项禁止加密私钥文件。“-keyout”选项指定私钥保存的位置和文件名。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
/etc/pki/tls/openssl.cnf配置文件部分
[ ca ]
default_ca      = CA_default            # The default ca section
[ CA_default ]
dir             = /etc/pki/CA           # Where everything is kept
certs           = $dir/certs            # Where the issued certs are kept
crl_dir         = $dir/crl              # Where the issued crl are kept
database        = $dir/index.txt        # database index file.

                                        # several ctificates with same subject.
new_certs_dir   = $dir/newcerts         # default place for new certs.
certificate     = $dir/cacert.pem       # The CA certificate
serial          = $dir/serial           # The current serial number
crlnumber       = $dir/crlnumber        # the current crl number
                                        # must be commented out to leave a V1 CRL
crl             = $dir/crl.pem          # The current CRL
private_key     = $dir/private/cakey.pem# The private key
RANDFILE        = $dir/private/.rand    # private random number file
x509_extensions = usr_cert              # The extentions to add to the cert
name_opt        = ca_default            # Subject Name options
cert_opt        = ca_default            # Certificate field options
default_days    = 365                   # how long to certify for
default_crl_days= 30                    # how long before next CRL
default_md      = sha256                # use SHA-256 by default
preserve        = no                    # keep passed DN ordering
policy          = policy_match

[ req ]
default_bits            = 2048
default_md              = sha256
default_keyfile         = privkey.pem
distinguished_name      = req_distinguished_name
attributes              = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
string_mask = utf8only

验证请求文件的数字签名

1
2
#验证请求文件的数字签名,可验证证书请求文件是否被篡改过,加“-noout”不输出证书请求内容
openssl req -verify -in req2.csr

自签证书,可用于自建根CA时

1
2
3
4
5
6
7
8
9
10
11
#自签证书,可用于自建根CA,需使用"-x509"选项,由于是签署证书请求文件,可指定"-days"指定所颁发的证书有效期。
openssl req -x509 -key pri_key.pem -in req1.csr -out CA1.crt -days 365

#-x509和-new或-newkey配合,可不指定证书请求文件,它在自签过程中将在内存中自动创建证书请求文件,输入相关信息
openssl req -new -x509 -key pri_key.pem -out CA1.crt -days 365

openssl req -newkey rsa:2048 -x509 -out CA3.crt -days 365

openssl req -x509 -out CA1.crt -days 365


openssl ca(签署和自建CA)

SYNOPSIS

openssl ca [-verbose] [-config filename] [-name section] [-gencrl] [-revoke file] [-status serial] [-updatedb] [-crl_reason reason] [-crl_hold instruction] [-crl_compromise time] [-crl_CA_compromise time] [-crldays days] [-crlhours hours] [-crlexts section] [-startdate date] [-enddate date] [-days arg] [-md arg] [-policy arg] [-keyfile arg] [-keyform PEM|DER] [-key arg] [-passin arg] [-cert file] [-selfsign] [-in file] [-out file] [-notext] [-outdir dir] [-infiles] [-spkac file] [-ss_cert file] [-preserveDN] [-noemailDN] [-batch] [-msie_hack] [-extensions section] [-extfile section] [-engine id] [-subj arg] [-utf8] [-multivalue-rdn]

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
usage: ca args

 -verbose        - Talk alot while doing things
 -config file    - A config file
 -name arg       - The particular CA definition to use
 -gencrl         - Generate a new CRL
 -crldays days   - Days is when the next CRL is due
 -crlhours hours - Hours is when the next CRL is due
 -startdate YYMMDDHHMMSSZ  - certificate validity notBefore
 -enddate YYMMDDHHMMSSZ    - certificate validity notAfter (overrides -days)
 -days arg       - number of days to certify the certificate for
 -md arg         - md to use, see openssl dgst -h for list
 -policy arg     - The CA 'policy' to support
 -keyfile arg    - private key file
 -keyform arg    - private key file format (PEM or ENGINE)
 -key arg        - key to decode the private key if it is encrypted
 -cert file      - The CA certificate
 -selfsign       - sign a certificate with the key associated with it
 -in file        - The input PEM encoded certificate request(s)
 -out file       - Where to put the output file(s)
 -outdir dir     - Where to put output certificates
 -infiles ....   - The last argument, requests to process
 -spkac file     - File contains DN and signed public key and challenge
 -ss_cert file   - File contains a self signed cert to sign
 -preserveDN     - Don't re-order the DN
 -noemailDN      - Don't add the EMAIL field into certificate' subject
 -batch          - Don't ask questions
 -msie_hack      - msie modifications to handle all those universal strings
 -revoke file    - Revoke a certificate (given in file)
 -subj arg       - Use arg instead of request's subject
 -utf8           - input characters are UTF8 (default ASCII)
 -multivalue-rdn - enable support for multivalued RDNs
 -extensions ..  - Extension section (override value in config file)
 -extfile file   - Configuration file with X509v3 extentions to add
 -crlexts ..     - CRL extension section (override value in config file)
 -engine e       - use engine e, possibly a hardware device.
 -status serial  - Shows certificate status given the serial number
 -updatedb       - Updates db for expired certificates

用于签署证书请求、生成吊销列表CRL以及维护已颁发证书列表和这些证书状态的数据库。

证书请求文件使用CA的私钥签署之后就是证书,签署之后将证书发给申请者就是颁发证书。在签署 时,为了保证证书的完整性和一致性,还应该对签署的证书请求生成数字摘要,即使用单向加密算法。

openssl ca命令对配置文件/etc/pki/tls/openssl.cnf的依赖性非常强

1
2
3
4
5
6
7
8
9
10
11
12
13
14
[ ca ]
default_ca      = CA_default            # The default ca section
[ CA_default ]
dir             = /etc/pki/CA           # Where everything is kept
certs           = $dir/certs            # Where the issued certs are kept
crl_dir         = $dir/crl              # Where the issued crl are kept
database        = $dir/index.txt        # database index file.
                                        # several ctificates with same subject.
new_certs_dir   = $dir/newcerts         # default place for new certs.
certificate     = $dir/cacert.pem       # The CA certificate
serial          = $dir/serial           # The current serial number
crlnumber       = $dir/crlnumber        # the current crl number
                                        # must be commented out to leave a V1 CRL
crl             = $dir/crl.pem

其中目录/etc/pki/CA/{certs,newcerts,private}在安装openssl后就默认存在,所以无需独立创建,但证书的database文件index.txt和序列文件serial必须创建好,且序列号文件中得先给定一个序号,如”01”。

1
touch /etc/pki/CA/index.txt;echo "01" >/etc/pki/CA/serial

签署证书请求,需要CA自己的私钥文件以及CA自己的证书,先创建好CA的私钥,存放位置为配置文件中的private_key所指定的值,默认为/etc/pki/CA/private/cakey.pem。

1
openssl genrsa -out /etc/pki/CA/private/cakey.pem

使用openssl ca自建CA

要提供CA自己的证书,测试环境只能自签署,使用openssl req -x509 、openssl x509和openssl ca都可以自签署证书请求。

先创建证书请求文件,建议使用CA的私钥文件/etc/pki/CA/private/cakey.pem来创建待自签署的证书请求文件,虽非必须,但方便管理。

1
openssl req -new -key /etc/pki/CA/private/cakey.pem -out rootCA.csr

使用openssl ca自签证书请求文件。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
[root@bz ~]openssl ca -selfsign -in rootCA.csr 
Using configuration from /etc/pki/tls/openssl.cnf #默认的配置文件
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1) #序列号为1
        Validity
            Not Before: Apr  7 10:26:47 2022 GMT #证书有效期起始日
            Not After : Apr  7 10:26:47 2023 GMT #证书有效期终止日
        Subject:                                 #subject信息,是非常重要的信息
            countryName               = CN
            stateOrProvinceName       = Shanxi
            organizationName          = bz
            organizationalUnitName    = bz
            commonName                = bz
            emailAddress              = xttmg310@163.com
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                46:90:38:3D:B2:F1:26:7C:39:05:FB:A3:49:79:25:BE:39:39:72:3F
            X509v3 Authority Key Identifier: 
                keyid:46:90:38:3D:B2:F1:26:7C:39:05:FB:A3:49:79:25:BE:39:39:72:3F

Certificate is to be certified until Apr  7 10:26:47 2023 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries  #向数据库文件添加一条该证书的记录
Certificate:                           #该证书的信息
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=CN, ST=Shanxi, O=bz, OU=bz, CN=bz/emailAddress=xttmg310@163.com
        Validity
            Not Before: Apr  7 10:26:47 2022 GMT
            Not After : Apr  7 10:26:47 2023 GMT
        Subject: C=CN, ST=Shanxi, O=bz, OU=bz, CN=bz/emailAddress=xttmg310@163.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:9d:78:00:e4:12:f3:b9:ab:a0:a1:4c:33:e9:48:
                    7f:cb:93:23:fb:5c:5f:ae:5e:13:55:76:66:d1:99:
                    14:e0:8e:79:fa:b1:f7:ab:00:4c:b3:e8:23:19:a5:
                    7c:cd:f9:61:57:fa:82:e6:73:02:4c:35:ae:4c:65:
                    46:02:ba:61:1e:7d:ad:b4:93:e6:b1:65:93:6e:84:
                    60:a0:8d:f2:28:40:20:c8:99:37:25:f5:c6:5b:ec:
                    75:56:86:ae:63:cc:25:12:d0:7c:a3:94:7d:4a:44:
                    78:bf:88:88:ee:d4:72:41:33:a6:b8:ac:34:c9:a4:
                    0c:1a:a4:a5:e3:a2:42:a3:5c:5d:64:1d:13:d9:74:
                    bc:52:b5:47:5b:7b:5a:99:9a:0f:e7:2f:49:3d:78:
                    0d:58:1b:ed:18:98:7a:57:f9:97:9f:f8:4f:d6:c7:
                    50:33:da:a1:50:35:49:e9:f0:b3:89:2d:d4:33:f2:
                    01:07:e9:86:33:fb:ef:f2:3e:03:20:13:95:32:2c:
                    2f:30:7a:c5:ca:52:42:72:58:c3:4f:0b:ea:f5:63:
                    2e:94:6d:4a:a9:d0:e0:d5:b6:86:c4:76:e1:9b:87:
                    95:6e:69:e9:e5:11:19:c2:cd:ea:ae:21:46:98:6e:
                    15:01:aa:3c:45:85:54:af:eb:f4:70:1c:28:c0:60:
                    be:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                46:90:38:3D:B2:F1:26:7C:39:05:FB:A3:49:79:25:BE:39:39:72:3F
            X509v3 Authority Key Identifier: 
                keyid:46:90:38:3D:B2:F1:26:7C:39:05:FB:A3:49:79:25:BE:39:39:72:3F

    Signature Algorithm: sha256WithRSAEncryption
         6a:45:1e:76:10:10:89:38:22:00:ed:1e:57:79:05:fb:c9:0e:
         bf:03:e8:4c:20:f3:5c:9a:cc:a2:29:ec:1f:f4:c3:00:67:78:
         75:b4:4c:a1:50:93:f8:93:a6:35:50:e3:30:79:70:03:28:41:
         c7:27:e0:c0:f4:08:ca:ff:f5:7c:05:00:98:a6:10:e7:57:88:
         de:fa:84:74:c7:94:c6:61:02:51:86:98:3a:db:2f:71:a3:3e:
         8f:19:bc:7d:c3:85:91:a7:ad:05:23:dc:b0:f0:58:5a:d2:76:
         c0:cd:ca:1c:c2:71:dc:6a:85:30:17:66:d2:48:e9:9f:a0:a0:
         81:1e:40:29:4b:b9:91:b2:e5:d6:1b:29:15:b5:b9:f4:95:77:
         fb:e3:5c:7d:0f:0e:5e:6a:3c:cc:f3:02:fa:58:56:2a:48:8b:
         f5:22:b0:fc:34:74:8f:d6:c1:63:7f:82:84:39:3b:18:c3:42:
         3f:4c:b3:70:4b:ef:51:b9:56:e7:e7:ba:28:29:93:0c:86:02:
         d1:16:77:75:4a:39:14:c9:df:06:51:dc:af:a5:78:63:1b:0c:
         4b:c4:c1:a9:3a:0e:3a:1e:7f:15:4e:f5:af:db:11:b4:8a:0e:
         bf:d0:5a:ce:75:17:ad:37:ae:93:68:c0:2f:bc:4b:48:a2:ad:
         36:63:9d:93
-----BEGIN CERTIFICATE-----
MIIDwjCCAqqgAwIBAgIBATANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJDTjEP
MA0GA1UECAwGU2hhbnhpMQswCQYDVQQKDAJiejELMAkGA1UECwwCYnoxCzAJBgNV
BAMMAmJ6MR8wHQYJKoZIhvcNAQkBFhB4dHRtZzMxMEAxNjMuY29tMB4XDTIyMDQw
NzEwMjY0N1oXDTIzMDQwNzEwMjY0N1owZjELMAkGA1UEBhMCQ04xDzANBgNVBAgM
BlNoYW54aTELMAkGA1UECgwCYnoxCzAJBgNVBAsMAmJ6MQswCQYDVQQDDAJiejEf
MB0GCSqGSIb3DQEJARYQeHR0bWczMTBAMTYzLmNvbTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAJ14AOQS87mroKFMM+lIf8uTI/tcX65eE1V2ZtGZFOCO
efqx96sATLPoIxmlfM35YVf6guZzAkw1rkxlRgK6YR59rbST5rFlk26EYKCN8ihA
IMiZNyX1xlvsdVaGrmPMJRLQfKOUfUpEeL+IiO7UckEzprisNMmkDBqkpeOiQqNc
XWQdE9l0vFK1R1t7WpmaD+cvST14DVgb7RiYelf5l5/4T9bHUDPaoVA1Senws4kt
1DPyAQfphjP77/I+AyATlTIsLzB6xcpSQnJYw08L6vVjLpRtSqnQ4NW2hsR24ZuH
lW5p6eURGcLN6q4hRphuFQGqPEWFVK/r9HAcKMBgvjcCAwEAAaN7MHkwCQYDVR0T
BAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNh
dGUwHQYDVR0OBBYEFEaQOD2y8SZ8OQX7o0l5Jb45OXI/MB8GA1UdIwQYMBaAFEaQ
OD2y8SZ8OQX7o0l5Jb45OXI/MA0GCSqGSIb3DQEBCwUAA4IBAQBqRR52EBCJOCIA
7R5XeQX7yQ6/A+hMIPNcmsyiKewf9MMAZ3h1tEyhUJP4k6Y1UOMweXADKEHHJ+DA
9AjK//V8BQCYphDnV4je+oR0x5TGYQJRhpg62y9xoz6PGbx9w4WRp60FI9yw8Fha
0nbAzcocwnHcaoUwF2bSSOmfoKCBHkApS7mRsuXWGykVtbn0lXf741x9Dw5eajzM
8wL6WFYqSIv1IrD8NHSP1sFjf4KEOTsYw0I/TLNwS+9RuVbn57ooKZMMhgLRFnd1
SjkUyd8GUdyvpXhjGwxLxMGpOg46Hn8VTvWv2xG0ig6/0FrOdRetN66TaMAvvEtI
oq02Y52T
-----END CERTIFICATE-----
Data Base Updated

自签署成功后,在/etc/pki/CA目录下生成一系列文件。

1
2
3
4
5
6
7
8
9
10
11
12
13
[root@bz ~]tree /etc/pki/CA/
/etc/pki/CA/
├── certs
├── crl
├── index.txt
├── index.txt.attr
├── index.txt.old
├── newcerts
│   └── 01.pem
├── private
│   └── cakey.pem
├── serial
└── serial.old

其中newcerts目录下的01.pem即为刚签署的证书文件,因为它是CA自身的证书,所以根据配置文件中的”certificate=$dir/cacert.pem”项,应该将其放入/etc/pki/CA目录下,且命名为cacert.pem,只有这样以后才能签署其它证书请求。

1
cp /etc/pki/CA/newcerts/01.pem /etc/pki/CA/cacert.pem

以上过程是完全读取默认配置文件创建的,可以指定很多选项覆盖配置文件中的项

为他人颁发证书

首先申请者创建一个证书请求文件

其中Country Name、State or Province Name、Organization Name和Common Name必须提供,且前三者必须和CA的subject中的对应项完全相同。这些是由配置文件中的匹配策略决定的。

1
2
3
4
5
6
7
[ policy_match ]
countryName             = match
stateOrProvinceName     = match
organizationName        = match
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional

“match”表示openssl ca要签署的证书请求文件中的项要和CA证书中的项匹配,”supplied”表示必须要提供的项,”optional”表示可选项,所以可以留空。

1
openssl ca -in 证书请求文件

-selfsign选项自签署证书,-infiles 指定多个待签署文件,-keyfile指定私钥文件,-out指定输出的证书文件。

openssl x509

主要用于输出证书信息,也能够签署证书请求文件、自签署、转换证书格式等

openssl x509工具不会使用openssl配置文件中的设定,而完全需要自行设定或者使用该伪命令的默认值,它就像一个完整的小型的CA工具箱。

SYNOPSIS

openssl x509 [-inform DER|PEM|NET] [-outform DER|PEM|NET] [-keyform DER|PEM] [-CAform DER|PEM] [-CAkeyform DER|PEM] [-in filename] [-out filename] [-serial] [-hash] [-subject_hash] [-issuer_hash] [-ocspid] [-subject] [-issuer] [-nameopt option] [-email] [-ocsp_uri] [-startdate] [-enddate] [-purpose] [-dates] [-checkend num] [-modulus] [-pubkey] [-fingerprint] [-alias] [-noout] [-trustout] [-clrtrust] [-clrreject] [-addtrust arg] [-addreject arg] [-setalias arg] [-days arg] [-set_serial n] [-signkey filename] [-passin arg] [-x509toreq] [-req] [-CA filename] [-CAkey filename] [-CAcreateserial] [-CAserial filename] [-force_pubkey key] [-text] [-certopt option] [-C] [-md2|-md5|-sha1|-mdc2] [-clrext] [-extfile filename] [-extensions section] [-engine id]

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
usage: x509 args
 -inform arg     - input format - default PEM (one of DER, NET or PEM)
 -outform arg    - output format - default PEM (one of DER, NET or PEM)
 -keyform arg    - private key format - default PEM
 -CAform arg     - CA format - default PEM
 -CAkeyform arg  - CA key format - default PEM
 -in arg         - input file - default stdin
 -out arg        - output file - default stdout
 -passin arg     - private key password source
 -serial         - print serial number value
 -subject_hash   - print subject hash value
 -subject_hash_old   - print old-style (MD5) subject hash value
 -issuer_hash    - print issuer hash value
 -issuer_hash_old    - print old-style (MD5) issuer hash value
 -hash           - synonym for -subject_hash
 -subject        - print subject DN
 -issuer         - print issuer DN
 -email          - print email address(es)
 -startdate      - notBefore field
 -enddate        - notAfter field
 -purpose        - print out certificate purposes
 -dates          - both Before and After dates
 -modulus        - print the RSA key modulus
 -pubkey         - output the public key
 -fingerprint    - print the certificate fingerprint
 -alias          - output certificate alias
 -noout          - no certificate output
 -ocspid         - print OCSP hash values for the subject name and public key
 -ocsp_uri       - print OCSP Responder URL(s)
 -trustout       - output a "trusted" certificate
 -clrtrust       - clear all trusted purposes
 -clrreject      - clear all rejected purposes
 -addtrust arg   - trust certificate for a given purpose
 -addreject arg  - reject certificate for a given purpose
 -setalias arg   - set certificate alias
 -days arg       - How long till expiry of a signed certificate - def 30 days
 -checkend arg   - check whether the cert expires in the next arg seconds
                   exit 1 if so, 0 if not
 -signkey arg    - self sign cert with arg
 -x509toreq      - output a certification request object
 -req            - input is a certificate request, sign and output.
 -CA arg         - set the CA certificate, must be PEM format.
 -CAkey arg      - set the CA key, must be PEM format
                   missing, it is assumed to be in the CA file.
 -CAcreateserial - create serial number file if it does not exist
 -CAserial arg   - serial file
 -set_serial     - serial number to use
 -text           - print the certificate in text form
 -C              - print out C code forms
 -<dgst>         - digest to use, see openssl dgst -h output for list
 -extfile        - configuration file with X509V3 extensions to add
 -extensions     - section from config file with X509V3 extensions to add
 -clrext         - delete extensions before signing and input certificate
 -nameopt arg    - various certificate name options
 -engine e       - use engine e, possibly a hardware device.
 -certopt arg    - various certificate text options
 -checkhost host - check certificate matches "host"
 -checkemail email - check certificate matches "email"
 -checkip ipaddr - check certificate matches "ipaddr"

-in filename 指定输入文件,若同时指定了-req选项,则表示输入文件为证书请求文件。

使用x509工具自建CA。由于x509无法建立证书请求文件,所以只能使用openssl req来生成请求文件,然后使用x509来自签署。自签署时,使用”-req”选项明确表示输入文件为证书请求文件,否则将默认以为是证书文件,再使用”-signkey”提供自签署时使用的私钥。

1
2
openssl req -new -keyout key.pem -out req.csr
openssl x509 -req -in req.csr -signkey key.pem -out x509.crt

x509也可以用来签署他人的证书请求,即为他人颁发证书。注意,为他人颁发证书时,确保serial文件存在,建议使用自动创建的选项”-CAcreateserial”。

1
openssl x509 -req -in req.csr -CA ca.crt -CAkey ca.key -out x509.crt -CAcreateserial

openssl 签署和自签署证书的多种实现方式

采用自定义配置文件的实现方法

自建CA

自建CA的机制:1.生成私钥;2.创建证书请求;3.使用私钥对证书请求签名

创建openssl的目录结构

创建配置文件

CA自签名

普通的证书请求需要使用CA的私钥进行签名变成证书,既然是自签名证书当然是使用自己的私钥签。可使用req、ca、x509。

openssl req -x509 -new -out req.crt -config ssl.conf -days 365

创建私钥和证书请求合并而签名独自进行

openssl req -newkey rsa:2048 -keyout key.pem -out req1.csr -config ssl.conf -days 365

openssl req -x509 -in req1.csr -key key.pem -out req1.crt

openssl x509 -noout -dates -in req1.crt

独自生成私钥,而请求和签名合并的方法

(Umask 077;openssl genrsa -out key1.pem 1024)

openssl req -x509 -new -key key1.pem -out req2.crt -config ssl .conf -days 365

openssl x509 -noout -dates -in req2.crt

完全分步进行

(umask 077;openssl genrsa -out key.pem 1024)

openssl req -new -key key.pem -out req.csr -config ssl.conf

openssl req -x509 -key key.pem -in req.csr -out req.crt -days 365

openssl x509 -noout -dates -in req.crt

虽然证书请求使用的是公钥,但是却不能使用-key选项指定公钥,而是只能指定公钥,因为req -new或-newkey选项会调用openssl rsa命令来提取公钥,指定公钥该调用将失败

使用x509伪命令创建CA

需要提供请求文件,因此先创建证书请求文件。由于x509伪命令签名时不读取配置文件,所以不需要设置配置文件,若需要某选项,只需使用x509中对应的选项来达成即可。需-signkey提供签名所需私钥

openssl req -new -keyout key.pem -out req.csr -config ssl.conf

openssl x509 -req -in req.csr -signkey key.pem -out x509.crt

使用ca伪命令创建CA

使用ca自签名会读取配置文件中的ca部分,所以配置文件中所需的目录和文件结构都需要创建好,如CA目录 private certs 文件CA/index CA/serial,并向serial中写入一个序列号。由于是自签名,可自行指定私钥文件,因此对于签名所需CA私钥文件无需放置在private目录中。

touch CA/{serial,index}

echo “01” > CA/serial

openssl req -new -keyout key.pem -out req.csr -config ssl.conf

openssl ca -selfsign -keyfile key.pem -in req.csr -config ssl.conf

在此签名中有两次询问,若要无交互,则使用-batch进入批处理模式。

openssl ca -selfsign -keyfile key.pem -in req.csr -config ssl.conf -batch

为其他证书请求签名

CA为其他请求或证书签名时,需要使用到的文件有:自己的CA证书和自己的私钥文件。因此签名过程需要提供这两个文件。

openssl ca -in /tmp/req.csr -keyfile key.pem -cert certs/01.pem -config ssl.conf -batch

这插麻烦,因每次为别人签名时都要指定-cert和-keyfile,可以将CA的证书和CA的私钥文件移动到配置文件中指定的路径下:

certificate = $home/$name.crt

private_key = $home/private/$name.key

mv certs/01.pem root-ca.crt

mv key.pem private/root-ca.key

再使用ca签名时将可以使用默认值

openssl ca -in /tmp/req.csr -config ssl.conf -batch

使用x509伪命令为其他证书请求签名

由于x509不会读取配置文件,所以需要提供签名的序列号,使用-CAcreateserial可以在没有序列号文件时自动创建;由于x509默认-in指定的输入文件是证书文件,所以要对请求文件签名,需要使用-req来表示输入文件为请求文件。

openssl x509 -req -in /tmp/req.csr -CA root-ca.crt -CAkey private/root-ca.key -out x509.crt -CAcreateserial

采用默认配置文件/etc/pki/tls/openssl.cnf实现方法

这是推荐采用的方法,因为方便管理,但需要进行一些初始化动作。

touch /etc/pki/CA/index.txt

echo “01” > /etc/pki/CA/serial

openssl genrsa -out /etc/pki/CA/private/cakey.pem

openssl req -new -key /etc/pki/CA/private/cakey.pem -out rootCA.csr

openssl ca -selfsign -in rootCA.csr

cp /etc/pki/CA/newcerts/01.pem /etc/pki/CA/cacert.pem #将自签署的证书按照配置文件的配置复制到指定位置

为他人颁发证书

openssl ca -in any.csr

签署成功后,证书位于/etc/pki/CA/newcert目录下,将新生成的证书文件发送给申请者即可。