标签归档:openssl

How to Convert Certificate Encodings (DER, JKS, PEM) for TLS/SSL Clients and Services

Client and server processes require specific certificate and keystore file formats. For example, when configured for TLS Level 2, Cloudera Manager Server requires a Java KeyStore (JKS) formatted truststore and certificate to present to requesting Cloudera Manager Agent hosts. The Hue client also connects to Cloudera Manager Server, but Hue requires a PEM-formatted certificate.

Certificates issued by a CA in one format (encoding) can be used to create certificates in a different format using Java Keytool and OpenSSL as detailed below. 继续阅读

HowTo : Check SSL Certificate Expiration Date from the Linux Shell

openssl x509 -noout -in <certificate> -dates

An SSL certificate contains such information as : issuer, validity dates, subject, and other stuff.

It is a quite common task to check if an SSL certificate is valid and when it expires.

You can easily use the Linux command line and the OpenSSL utility to retrieve all this information from the website’s SSL certificate.

Use the Linux command line to connect to a remote https website, decode SSL certificate and get its validity date.
继续阅读

Apache和Nginx的SSL证书的生成及配置

Apache和Nginx的SSL证书的生成及配置

1.生成私钥文件:

openssl genrsa -des3 -out server.key 1024

这种方式,会要求你Enter PEM pass,需要输入私钥加密密码,在apache中配置了SSL后启动443时,会要求输入这个密码的,  不过,你可以这样把密码给去掉:

openssl rsa -in server.key -out my-server.key

然后把2个key文件给mv一下

或者,可以把上2个步骤合为一个:

openssl genrsa -out server.key 1024

这样生成的私钥文件,是不包含密码的 继续阅读

基于 OpenSSL 的 CA 建立及证书签发

前段时间研究了一下 SSL/TLS ,看的是 Eric Rescorla 的 SSL and TLS – Designing and Building Secure Systems 的中文版(关于该中文版的恶劣程度,我在之前的一篇 Blog 中已做了严厉的批判)。本书的作者沿袭了 Stevens 在其神作 TCP/IP Illustrated 中的思想:使用网络嗅探进行协议演示。不同的是,作者并没有使用 tcpdump ,而是使用了自己编写的专用于嗅探 SSL/TLS 通讯的 ssldump 。为了对书中的一些内容进行试验确认,我决定使用 ssldump 进行一些实验。然而,进行 SSL/TLS 通讯,至少需要一份 CA 签发的证书才可以得以完成,仅仅是做个实验,我自然不会花天价去买个证书,所以决定自己建 CA 签发证书。 继续阅读

How To Install Apache 2 with SSL on Linux (with mod_ssl, openssl)

This article gives step by step instructions on how to install Apache 2 with mod_ssl.

I prefer to install Apache from source, as it gives me more flexibility on exactly what modules I want to enable or disable, and I can also upgrade or apply patch immediately after it is released by the Apache foundation. 继续阅读

openssl生成自签SSL证书

Overview

The following is an extremely simplified view of how SSL is implemented and what part the certificate plays in the entire process.

Normal web traffic is sent unencrypted over the Internet. That is, anyone with access to the right tools can snoop all of that traffic. Obviously, this can lead to problems, especially where security and privacy is necessary, such as in credit card data and bank transactions. The Secure Socket Layer is used to encrypt the data stream between the web server and the web client (the browser). 继续阅读

Init: SSLPassPhraseDialog builtin is not supported on Win32

windows下生成自签名SSL证书
SSL (Secure Socket Layer) is used for encryption and decryption, processing of S/MIME signed or encrypted mails, generation of certificates and more. To use it on Windows (32 and 64 bit versions), download the OpenSSL tools from code.google.com/p/openssl-for-windows/downloads/list(apache win安装包也有带openssl版本的).
Uncompress it anywhere you like and start it by double-clicking the openssl.exe executable in the \bin folder. 继续阅读