Linux命令系列:openssl

GNULINUXCommand , Comments

example 1

1
2
3
4
5
6
7
8
9
10
11
12
#生成私钥
(umask 077; openssl genrsa -out dashboard.key 2048)
#根据私钥生成证书签名请求
openssl req -new -key dashboard.key -out dashboard.csr -subj "/O=dashboard/CN=dashboard"
#用CA签署证书(根据csr生成证书)
openssl x509 -req -in dashboard.csr -CA ca.crt -CAkey ca.key -out dashboard.crt -CAcreateserial -days 3650

#查看证书信息
openssl x509 -in apiserver-kubelet-client.crt -text -noout

#生成自签证书
openssl req -new -x509 -key tls.key -out tls.crt -subj "/CN=aaa.baidu.com"

example 2

1
2
3
4
5
6
7
8
9
10
11
12
13
14
#生成ca的key
(umask 077; openssl genrsa -out cakey.pem 2048)

#生成ca的自签名证书
openssl req -new -x509 -key cakey.pem -out cacert.pem -days 365 -subj "/O=devops/CN=ca.ilinux.com"

#生成客户端的key
openssl genrsa -out nginx.key

#生成客户端的证书签名请求,假设CN为www.ilinux.com
openssl req -new -key nginx.key -out nginx.csr -subj "/O=devops/CN=www.ilinux.com"

#根据客户端的签名请求生成证书
openssl x509 -req -in nginx.csr -CA cacert.pem -CAkey cakey.pem -out nginx.crt -CAcreateserial -days 3650

素丶素丶丶wodetian

忍一时越想越气,退一步越想越亏。