0%

需要注意的几点:

ca证书和user证书密码必须一致;
默认配置的webserver,如果是直接文件路径则必须是get请求(不能是post请求)
android、ios下载客户端文件前,需要先安装ca公钥证书

步骤:

安装并配置erlang、yaws基础环境包

制作https需要的证书

  1. 建立serial文件,输入序列号值,如010000000001,16进制)6字节存储的序列号
    1
    [root@mbank demoCA]# vim serial
  2. 建立index.txt文件
    1
    [root@mbank demoCA]# vim index.txt
  3. Linux下生成需要修改配置文件:/etc/pki/tls/openssl.cnf
    1
    2
    [ CA_default ]
    dir = ./cert
  4. 生成2048的CA证书私钥
    1
    openssl genrsa -des3 -out ca_private.key 2048
Read more »

最近项目上有关于同时生产openssl和keystore证书的需求。于是简单的了解了一下。以下是生成证书步骤:

  1. 生成ca证书认证中心的公钥证书和私钥
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    [root@localcert]# opensslreq-newkeyrsa:2048-x509-keyoutca.key-outca.crt
    Generatinga2048bitRSAprivatekey
    ....................................................+++
    ........................+++
    writingnewprivatekeyto'ca.key'
    EnterPEMpassphrase:输入CA密码
    Verifying-EnterPEMpassphrase:再次输入CA密码
    -----
    Youareabouttobeaskedtoenterinformationthatwillbeincorporated
    intoyourcertificaterequest.
    WhatyouareabouttoenteriswhatiscalledaDistinguishedNameoraDN.
    Therearequiteafewfieldsbutyoucanleavesomeblank
    Forsomefieldstherewillbeadefaultvalue,
    Ifyouenter'.',thefieldwillbeleftblank.
    -----
    CountryName(2lettercode)[XX]:CN
    StateorProvinceName(fullname)[]:BeiJing
    LocalityName(eg,city)[DefaultCity]:BeiJing
    OrganizationName(eg,company)[DefaultCompanyLtd]:BankOfMobile
    OrganizationalUnitName(eg,section)[]:Inc
    CommonName(eg,yournameoryourserver\'shostname)[]:BankOfCA
    EmailAddress[]:394806487@qq.com
  2. 生成keystore文件
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    [root@localcert]# keytool-genkey-aliasbank_server-validity3650-keyalgRSA
    -keysize2048-keypass123456-storepass123456-keystoreserver_keystore
    您的名字与姓氏是什么?
    [Unknown]:liu.weihua
    您的组织单位名称是什么?
    [Unknown]:BankOfMobile
    您的组织名称是什么?
    [Unknown]:Inc
    您所在的城市或区域名称是什么?
    [Unknown]:BeiJing
    您所在的省/市/自治区名称是什么?
    [Unknown]:BeiJing
    该单位的双字母国家/地区代码是什么?
    [Unknown]:CN
    CN=liu.weihua,OU=BankOfMobile,O=Inc,L=BeiJing,ST=BeiJing,C=CN是否正确?
    [否]:是
    Read more »

Welcome to Hexo! This is your very first post. Check documentation for more info. If you get any problems when using Hexo, you can find the answer in troubleshooting or you can ask me on GitHub.

Quick Start

Create a new post

1
$ hexo new "My New Post"

More info: Writing

Run server

1
$ hexo server

More info: Server

Generate static files

1
$ hexo generate

More info: Generating

Deploy to remote sites

1
$ hexo deploy

More info: Deployment