Tomcat6配置使用SSL双向认证(上)
时间:2009-03-09 来源:h0ng123
1.创建私钥 :C:\OpenSSL\apps>openssl genrsa -out root/root-key.pem 1024 2.创建证书请求 :C:\OpenSSL\apps>openssl req -new -out root/root-req.csr -key root/root-key.pem
3.自签署证书 :C:\OpenSSL\apps>openssl x509 -req -in root/root-req.csr -out root/root-cert.pem -signkey
root/root-key.pem -days 3650
4.将证书导出成浏览器支持的.p12格式 :C:\OpenSSL\apps>openssl pkcs12 -export -clcerts -in root/root-cert.pem -inkey
root/root-key.pem -out root/root.p12 2)生成server证书。
1.创建私钥 :C:\OpenSSL\apps>openssl genrsa -out server/server-key.pem 1024
2.创建证书请求 :C:\OpenSSL\apps>openssl req -new -out server/server-req.csr -key server/server-key.pem
3.自签署证书 :C:\OpenSSL\apps>openssl x509 -req -in server/server-req.csr -out server/server-cert.pem -signkey
server/server-key.pem -CA root/root-cert.pem -CAkey root/root-key.pem -CAcreateserial -days 3650
4.将证书导出成浏览器支持的.p12格式 :C:\OpenSSL\apps>openssl pkcs12 -export -clcerts -in server/server-cert.pem -inkey
server/server-key.pem -out server/server.p12 3)生成client证书。
1.创建私钥 :C:\OpenSSL\apps>openssl genrsa -out client/client-key.pem 1024
2.创建证书请求 :C:\OpenSSL\apps>openssl req -new -out client/client-req.csr -key client/client-key.pem
3.自签署证书 :C:\OpenSSL\apps>openssl x509 -req -in client/client-req.csr -out client/client-cert.pem -signkey
client/client-key.pem -CA root/root-cert.pem -CAkey root/root-key.pem -CAcreateserial -days 3650
4.将证书导出成浏览器支持的.p12格式 :C:\OpenSSL\apps>openssl pkcs12 -export -clcerts -in client/client-cert.pem -inkey
client/client-key.pem -out client/client.p12
相关阅读 更多 +
