首页| 新闻| 娱乐| 游戏| 科普| 文学| 编程| 系统| 数据库| 建站| 学院| 产品| 网管| 维修| 办公| 热点
生成证书链
用脚本生成一个根证书, 一个中间证书(intermediate), 三个客户端证书.
中间证书的域名为 localhost.
#!/bin/bash -xset -efor C in `echo root-ca intermediate`; do mkdir $C cd $C mkdir certs crl newcerts private cd .. echo 1000 > $C/serial touch $C/index.txt $C/index.txt.attr echo '[ ca ]default_ca = CA_default[ CA_default ]dir = '$C' # Where everything is keptcerts = $dir/certs # Where the issued certs are keptcrl_dir = $dir/crl # Where the issued crl are keptdatabase = $dir/index.txt # database index file.new_certs_dir = $dir/newcerts # default place for new certs.certificate = $dir/cacert.pem # The CA certificateserial = $dir/serial # The current serial numbercrl = $dir/crl.pem # The current CRLprivate_key = $dir/private/ca.key.pem # The private keyRANDFILE = $dir/.rnd # private random number filenameopt = default_cacertopt = default_capolicy = policy_matchdefault_days = 365default_md = sha256[ policy_match ]countryName = optionalstateOrProvinceName = optionalorganizationName = optionalorganizationalUnitName = optionalcommonName = suppliedemailAddress = optional[req]req_extensions = v3_reqdistinguished_name = req_distinguished_name[req_distinguished_name][v3_req]basicConstraints = CA:TRUE' > $C/openssl.confdoneopenssl genrsa -out root-ca/private/ca.key 2048openssl req -config root-ca/openssl.conf -new -x509 -days 3650 -key root-ca/private/ca.key -sha256 -extensions v3_req -out root-ca/certs/ca.crt -subj '/CN=Root-ca'openssl genrsa -out intermediate/private/intermediate.key 2048openssl req -config intermediate/openssl.conf -sha256 -new -key intermediate/private/intermediate.key -out intermediate/certs/intermediate.csr -subj '/CN=localhost.'openssl ca -batch -config root-ca/openssl.conf -keyfile root-ca/private/ca.key -cert root-ca/certs/ca.crt -extensions v3_req -notext -md sha256 -in intermediate/certs/intermediate.csr -out intermediate/certs/intermediate.crtmkdir outfor I in `seq 1 3` ; do openssl req -new -keyout out/$I.key -out out/$I.request -days 365 -nodes -subj "/CN=$I.example.com" -newkey rsa:2048 openssl ca -batch -config root-ca/openssl.conf -keyfile intermediate/private/intermediate.key -cert intermediate/certs/intermediate.crt -out out/$I.crt -infiles out/$I.requestdone
服务器
nginx 配置
worker_processes 1;events { worker_connections 1024;}stream{ upstream backend{ server 127.0.0.1:8080; } server { listen 8888 ssl; proxy_pass backend; ssl_certificate intermediate.crt; ssl_certificate_key intermediate.key; ssl_verify_depth 2; ssl_client_certificate root.crt; ssl_verify_client optional_no_ca; }}
客户端
curl / -I / -vv / -x https://localhost:8888/ / --proxy-cert client1.crt / --proxy-key client1.key / --proxy-cacert ca.crt / https://www.baidu.com/
总结
以上就是这篇文章的全部内容了,希望本文的内容对大家的学习或者工作具有一定的参考学习价值,谢谢大家对VEVB武林网的支持。
练就火眼金睛 十一种常见电脑
打印机共享提示“操作无法完成
如何查找有故障的配件
回眸一笑百魅生,六宫粉黛无颜色
岁月静美,剪一影烟雨江南
芜湖有个“松鼠小镇”
小满:小得盈满,一切刚刚好!
一串串晶莹剔透的葡萄,像一颗颗宝石挂在藤
正宗老北京脆皮烤鸭
人逢知己千杯少,喝酒搞笑图集
搞笑试卷,学生恶搞答题
新闻热点
疑难解答
图片精选
帝国cms7.2默认伪静态规则提供apac
nginx针对单个文件夹目录浏览功能
Nginx实现动静分离的示例代码
负载均衡的基本知识以及使用nginx
网友关注