openssl安装配置
分类: 系统运维
安装openssl# tar –zxvf openssl# cd openssl# ./config --prefix=/usr/local/openssl# make# make install
加密解密传统加密(对称加密)
openssl enc –ciphername(加密算法) –k password(口令)–in file(被加密的算法) -out (输出文件)file
解密
openssl enc –ciphername –k password-d –in file -out file
加密算法有:base64,des,des3,rc2,rc5,aes256
例如:/bin/openssl enc –des3 –k boobooke –in pt.txt –out ct.bin//加密
/bin/openssl enc –des3 –d–k boobooke –in ct.bin –out pt1.txt//解密非对称加密
Generate the private/public keyOpenssl genrsa –out file 1024
例如:Openssl genrsa –out priv.key 1024//用rsa算法生成私钥(priv.key)
Openssl rsa –in file –pubout
例如:Openssl rsa –in priv.key –pubout>pub.key//用私钥priv.key生成公钥,并重定向到pub.key这个文件里面
Encrypt the file with public keyOpenssl rsautl –in file –out file –inkey file –pubin –encrypt
例如:Openssl rsautl –in test.txt –out test.bin –inkey pub.key –pubin –encrypt//利用公钥文件(pub.key)对text.txt文件进行加密,生成加密后的文件text.bin
Decrypt the file the private key
Openssl rsautl –in file –out file –inkey file –decrypt
例如:Openssl rsautl –in text.bin –out text1.txt –inkey priv.key –decrypt//利用私钥priv.key对公钥加密的text.bin进行加密的文件进行解密,生成解密后的文件是text1.txt
Use openssl sign/verify functions(数字签名)
Generate the private/public key生成密钥对
Openssl genrsa –out file 1024O
penssl rsa –in file –puboutSign the file with the private key
Openssl rsautl –in file –out file –inkey file –sign
例如:Openssl rsatul –in test.txt –out test.sig –inkey priv.key –sign//利用私钥对test.txt进行加密也就是签名
Openssl rsautl –in file –out file –inkey file –pubin –verify
例如:Openssl rsautl –in test.sig –out test2.txt –inkey pub.key –pubin –verify //利用公钥对私钥加密后的文件(test.sig)进行解密或是认证
Hash functions(hash函数)……MD5 SHA1
作用:主要是验证文件的完整性,没有被别人篡改!
Generate the md5 hash resultOpenssl dgst –md5 file 或Md5sum file
例如:Openssl dgst –md5 openssl.tar.gz//生成MD5值
Md5sum openssl.tar.gzGenerate the sha1 hash resultOpenssl dgst –sha1file 或Sha1sum file
例如:Openssl –dgst –sha1 openssl.tar.gz//生成sha1值
Install apache
Configure the environmenttar –zxvf httpd-2.0.63.tar.gzcd httpd-2.0.63
./configure –prefix=/usr/local/apache –enable-ssl –with-ssl=/usr/local/opensslmakemake
installConfigure ssl in apache
openssl req -new -x509 -days 30 -keyout server.key -out server.crt -subj '/CN=Test Only Certifiecate'
或者
Openssl req –new –x509 –days 365 –sha1 –nodes –newkey rsa:1024 keyout server.key –out server.crt –subj ‘/O=Seccure/OU=Seccure Labs/CN=www.secdemo.com’Cpy the .key and .crt file to the proper directory //一般都是存放在apache的conf 目录下面,具体存放路径是在apache的配置文件中定义的Vi httpd.conf<IfModule mod_ssl.c>Include
conf/ssl.conf//ssl 的配置文件被包含在conf/ssl.conf</IfModule>Vi conf/ssl.confSSLCertificateKeyFile /usr/local/apache/conf/ssl.crt/server.key//server.key存放路径SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt//server.crt 存放路径Apache2.2直接启动apache服务就可以启动SSLApache2.0启动ssl:apachectl startssl//端口号为443端口Vi conf/ssl.conf<Directory />SSLRequireSSL//此目录只允许使用https协议访问
</Directory><Directory /usr/local/apache/htdocs/ssldemo>SSLRequireSSL</Directory> //https问,
应为利用以一般都是把一些需要中到
<span times="" new="" roman';="" mso-hansi-font-family:="" 'times="" roman'"="" style="word-wrap: break-word;padding: 0px">点依然用http<span times="" new="" roman';="" mso-hansi-font-family:="" 'times="" roman'"="" style="word-wrap: break-word;padding: 0px">
协议访问
