Can linux read crt certificate files?

1. Generate server-side private key (key file);

OpenSSL gen RSA-des 3-out server . key 1024

At runtime, you will be prompted to enter a password, which is used to encrypt the key file (parameter des3 is an encryption algorithm, and other security algorithms can be selected). In the future, whenever you need to read this file, you need to enter a password (through commands or APIs provided by openssl). If you don't want the password, remove it: OpenSSL RSA-inserver.key-outserver.key.

2. Generate a server-side certificate signing request file (csr file);

OpenSSL req- new key server

Generate a certificate signing request (csr), and the generated CSR file will be signed by CA to form the server's own certificate. There will be a prompt on the screen, and you can enter the required personal information step by step according to the prompt (such as country, province, city, company, etc.). ).

Two. client

1. Generate the client private key (key file);

OpenSSL gen RSA-des 3-out client . key 1024 2。 Generate a client certificate signing request file (csr file);

Openssl req -new -key client.key-out client.csr

cd /tmp/create_key/ca

3. Generate CA certificate file

#server.csr and client.csr files must be signed by a CA to form a certificate.

1. First generate the key file of the CA:

OpenSSL gen RSA-des 3-out ca . key 1024

2. Generate CA self-signed certificate:

OpenSSL req-new-x509-key ca . key-out ca . CRT

You can add the certificate expiration time option "-365 days".