当前位置:   article > 正文

openssl 配置 linux,openssl安装配置

指定openssl key 连接linux

安装openssl

# tar –zxvf openssl

# cd openssl

# ./config --prefix=/usr/local/openssl

# make

# make install

加密解密

传统加密(对称加密)

openssl enc –ciphername(加密算法) –k password(口令) –in file(被加密的算法)-out(输出文件)file

解密

openssl enc –ciphername –k password-d –in file -out file

加密算法有:base64,des,des3,rc2,rc5,aes256

例如:

/bin/openssl enc –des3 –k boobooke –in pt.txt –out ct.bin//加密

/bin/openssl enc –des3 –d–k boobooke –in ct.bin –out pt1.txt//解密

非对称加密

Generate the private/public key

Openssl genrsa –out file 1024

例如:

Openssl genrsa –out priv.key 1024//用rsa算法生成私钥(priv.key)

Openssl rsa –in file –pubout

例如:

Openssl rsa –in priv.key –pubout>pub.key//用私钥priv.key生成公钥,并重定向到pub.key这个文件里面

Encrypt the file with public key

Openssl rsautl –in file –out file –inkey file –pubin –encrypt

例如:

Openssl rsautl –in test.txt –out test.bin –inkey pub.key –pubin –encrypt//利用公钥文件(pub.key)对text.txt文件进行加密,生成加密后的文件text.bin

Decrypt the file the private key

Openssl rsautl –in file –out file –inkey file –decrypt

例如:

Openssl rsautl –in text.bin –out text1.txt –inkey priv.key –decrypt//利用私钥priv.key对公钥加密的text.bin进行加密的文件进行解密,生成解密后的文件是text1.txt

Use openssl sign/verify functions(数字签名)

Generate the private/public key

生成密钥对

Openssl genrsa –out file 1024

Openssl rsa –in file –pubout

Sign the file with the private key

Openssl rsautl –in file –out file –inkey file –sign

例如:

Openssl rsatul –in test.txt –out test.sig –inkey priv.key –sign//利用私钥对test.txt进行加密也就是签名

Openssl rsautl –in file –out file –inkey file –pubin –verify

例如:

Openssl rsautl –in test.sig –out test2.txt –inkey pub.key –pubin –verify //利用公钥对私钥加密后的文件(test.sig)进行解密或是认证

Hash functions(hash函数)……MD5 SHA1

作用:主要是验证文件的完整性,没有被别人篡改!

Generate the md5 hash result

Openssl dgst –md5 file或

Md5sum file

例如:

Openssl dgst –md5 openssl.tar.gz//生成MD5值

Md5sum openssl.tar.gz

Generate the sha1 hash result

Openssl dgst –sha1file或

Sha1sum file

例如:

Openssl –dgst –sha1 openssl.tar.gz//生成sha1值

Install apache

Configure the environment

tar –zxvf httpd-2.0.63.tar.gz

cd httpd-2.0.63

./configure –prefix=/usr/local/apache –enable-ssl –with-ssl=/usr/local/openssl

make

make install

Configure ssl in apache

openssl req -new -x509 -days 30 -keyout server.key -out server.crt -subj '/CN=Test Only Certifiecate'

或者

Openssl req –new –x509 –days 365 –sha1 –nodes –newkey rsa:1024 keyout server.key –out server.crt –subj ‘/O=Seccure/OU=Seccure Labs/CN=www.secdemo.com’

Cpy the .key and .crt file to the proper directory//一般都是存放在apache的conf目录下面,具体存放路径是在apache的配置文件中定义的

Vi httpd.conf

Include conf/ssl.conf//ssl的配置文件被包含在conf/ssl.conf

Vi conf/ssl.conf

SSLCertificateKeyFile /usr/local/apache/conf/ssl.crt/server.key//server.key存放路径

SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt//server.crt存放路径

Apache2.2直接启动apache服务就可以启动SSL

Apache2.0启动ssl:apachectl startssl//端口号为443端口

Vi conf/ssl.conf

SSLRequireSSL//此目录只允许使用https协议访问

SSLRequireSSL

//ssldemo这个目录必须使用https协议访

问,应为利用ssl安全访问存在着密钥的

加密解密以及传送,所以访问会很慢,所

以一般都是把一些需要中到https协议访

访问的程序放在一个目录中,而其他的站

点依然用http协议访问

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/你好赵伟/article/detail/956379
推荐阅读
相关标签
  

闽ICP备14008679号