Current location - Quotes Website - Personality signature - How to configure openssl locally
How to configure openssl locally
Preparatory work/about to start work

1.windows2003 Add Components

Add IIS: Check "Application Server", then double-click to enter the following figure, and check "IIS" and "ASP". Net ".

Add Certificate System: Select Certificate Service.

When adding a component, just fill in the required content according to the operation, and then go to the next step until it is completed.

2. Decompress openssl (executive version, some called compiled version) to D:, of course, any disk will do.

Second, request IIS certificate.

After setting up the IIS Web site, click the Server Certificate button in the Directory Security tab. Next, create a new certificate, and now prepare the certificate request-next, enter the name, company and department, public name, country, province and city, next, next, finish. The certificate request of IIS has been obtained. The certificate is C: \ certreq.txt. Please remember the information you entered here.

Third, start operating openssl.

(cmd-& gt; d:\openssl-0.9.7\out32dll?

Do the following under, pay attention to the openssl.cnf file, which is used to compile the following commands)

1. Generate a self-signed root certificate

openssl?

req-x509-new key RSA: 1024-keyut cakey . PEM-out cacert . PEM-days 3650-config?

d:\ OpenSSL-0 . 9 . 7 \ apps \ OpenSSL . CNF?

Pemppassphrase: The password of the root certificate is of course important! ?

Country?

Name: CN // two-letter country code?

State or province name: Guangdong//province name?

Locality?

Name: Guangzhou//City name?

Organization name: Rising Sun//Company name?

Name of organizational unit: home//department name?

Common name: besunny?

//Your name (if you want to generate a server-side certificate, you must enter a domain name or ip address)?

Email address: email address

2. copy cakey.pem to \demoCA\private,?

Copy cacert.pem to out32dll\demoCA.

Copy cakey.pem?

demoCA\private?

Copy cacert.pem?

Demoka

Reminder: At this time, there are three files: cakey.pem: the private key file of CA, cacert.pem: the self-signed root certificate of CA, and certreq.txt: the certificate request file of IIS.

3. use CA certificate cacert.pem to request certreq.txt for IIS and issue the certificate server.pem?

OpenSSL ca-in certreq . txt-out server . PEM-config?

d:\ OpenSSL-0 . 9 . 7 \ apps \ OpenSSL . CNF

4. Convert server.pem to x509 format?

openssl?

x509 -in server.pem -out?

server.cer

Reminder: At this time, you have two more files, one is server.pem and the other is server.cer. Now copy the server.cer under bin to C:

5. Import the generated certificate server.cer into IIS.

Open IIS, right-click the properties of the default web site, and then click the server certificate button in the directory security tab. Next, choose to process the pending request and install the certificate, and then proceed to the next step. Normally, you have seen c:\server.cer in the text box. If not, please click the "Browse" button to find it yourself and go to the next step. Next, finish. Return to the Directory Security tab, click the Edit button in the secure communication column, check Require Secure Channel (SSL), check Require 128-bit encryption, select Require Client Certificate, and then click OK.

6. Generate a client certificate?

openssl?

req-new key RSA: 1024-keyut clikey . PEM-out clireq . PEM-days 365-config?

d:\ OpenSSL-0 . 9 . 7 \ apps \ OpenSSL . CNF

Fill in the certificate information by yourself, and some contents should be consistent with the root certificate.

7.CA issues customer certificates?

openssl ca -in?

CLI req . PEM-out client . CRT-config d:\ OpenSSL-0 . 9 . 7 \ apps \ OpenSSL . CNF

8. Convert the client certificate to pk 12 format?

OpenSSL pkcs 12-export-CLC ERTs-in client . CRT-inkey clikey . PEM-out?

client . p 12-config d:\ OpenSSL-0 . 9 . 7 \ apps \ OpenSSL . cn f

9. Install a trusted root certificate

Rename cacert.pem to cacert.cer, double-click the cacert.cer file to open the certificate information window, and then click the Install Certificate button. Next.

As a reminder, the following are the most critical:

Select to put all certificates in the following storage area, and then click the browse button.

[URL = file:///C:/Documents][/URL]?

Select a trusted root certification authority, check the physical storage area, select a trusted root certification authority, click Local Computer, and then click OK. Next, finish. Yes, the root certificate has been installed! Check the physical storage area, select a trusted root certification authority, click Local Computer, and then click OK.

[URL = file:///C:/Documents][/URL]?

The installation of "clent.crt" is also the same step as above.

10. Install the client certificate

Locate the client.p 12 file and copy it to your local computer, and then double-click. Next, enter the password of the client certificate, and then complete and confirm. At this point, the client's certificate has been installed.

Related articles
  • Model essay on layoff notice
  • Fantastic copywriting suitable for posting on Moments
  • How to create jagged effect on text in PS
  • Think of one for me: I accompany you on the sea to listen to the ebb and flow of the tide, and I accompany you on the wind to watch the sun rise and the moon set. A personalized signature that matches
  • Interpretation of the Sixth Chapter of Tao Te Ching
  • How to set the avatar of soda?
  • What is Agricultural Bank of China Mobile Shield?
  • How to write hard pen calligraphy?
  • Who are the stars in the entertainment circle who broke the Guinness Book of Records?
  • Sunshine is the most generous thing in the world. --What does "Can't Hide Secretly" mean?

    • copyright 2024 Quotes Website All rights reserved