当前位置:网站首页>Sign SSL certificate as Ca
Sign SSL certificate as Ca
2022-07-06 02:47:00 【uiop_ uiop_ uiop】
In order to solve ssl Problems with certificate signing . for example : Apply for free ssl There is no way to add certificates dns Parse entry ,vps No domain name filing , Make it impossible to complete the formal ssl Certificate issued .SSL Self signature is not reliable , Many browsers may also not recognize self signed certificates . In order to eradicate this problem directly , We act directly as CA, Use self signature CA Certificate to issue the required SSL certificate . I stepped on a lot of pits during this period , Finally finished .
ssl.conf
[ req ]
default_bits = 4096
distinguished_name = req_distinguished_name
req_extensions = req_ext
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = GB
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = England
localityName = Locality Name (eg, city)
localityName_default = Brighton
organizationName = Organization Name (eg, company)
organizationName_default = Hallmarkdesign
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = IT
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_max = 64
commonName_default = 【SERVER_DOMAIN_NAME_WITH:PORT_NUMBER】
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
IP.1 = 【YOUR_SERVER_PUBLIC_IP】
DNS.1 = 【SERVER_DNS_DOMAIN】
sign.conf
subjectAltName=IP:【SERVER_IP_ADDRESS】,DNS:【DNS_NAME】
Here are the specific commands .
cd ~
openssl rand -writerand .rnd
cd 【WORKING_DIRECTORY】
openssl genrsa -des3 -out rootCA.key 4096
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 99999 -out rootCA.crt
openssl genrsa -out server.key 2048
openssl req -new -sha256 -out server.csr -key server.key -config ssl.conf
openssl x509 -req -in server.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out server.crt -days 99999 -sha256 -extfile sign.conf
The back end here is flask For example . The following configuration ssl Certificate and private key
ssl_context = ("server.crt", "server.key")
Then in order to complete the whole trust chain , take rootCA.crt Import as “ Trusted root certificate ” that will do . Android and Windows All the tests were successful , Painless access https Interface , no need 443 It is normal to replace the port with another port , in front 【SERVER_DOMAIN_NAME_WITH:PORT_NUMBER】 Just mark the port , for instance test.example.com:6666
design sketch :
You may encounter the situation that there is no record when you visit , But try restarting the back-end service program
边栏推荐
- Looking at the trend of sequence modeling of recommended systems in 2022 from the top paper
- Single instance mode of encapsulating PDO with PHP in spare time
- Template_ Find the reverse pair of permutations_ Sort based on merge
- 有沒有sqlcdc監控多張錶 再關聯後 sink到另外一張錶的案例啊?全部在 mysql中操作
- Déduisez la question d'aujourd'hui - 729. Mon emploi du temps I
- [Chongqing Guangdong education] higher mathematics I reference materials of Southwest Petroleum University
- 2022.02.13
- 07 singleton mode
- "Hands on learning in depth" Chapter 2 - preparatory knowledge_ 2.5 automatic differentiation_ Learning thinking and exercise answers
- C language - Blue Bridge Cup - promised score
猜你喜欢
Pure QT version of Chinese chess: realize two-man, man-machine and network games
Is there a completely independent localization database technology
Shell script updates stored procedure to database
Crawler (9) - scrape framework (1) | scrape asynchronous web crawler framework
Taobao focus map layout practice
RobotFramework入门(一)简要介绍及使用
2022.02.13
【 kubernets series】 a Literature Study on the Safe exposure Applications of kubernets Service
Shell脚本更新存储过程到数据库
[Yunju entrepreneurial foundation notes] Chapter II entrepreneur test 19
随机推荐
[Yunju entrepreneurial foundation notes] Chapter II entrepreneur test 18
技术分享 | undo 太大了怎么办
【Kubernetes 系列】一文学会Kubernetes Service安全的暴露应用
Apt installation ZABBIX
CSP date calculation
【Kubernetes 系列】一文學會Kubernetes Service安全的暴露應用
Template_ Find the reverse pair of permutations_ Sort based on merge
Shell script updates stored procedure to database
C language - Blue Bridge Cup - promised score
ReferenceError: primordials is not defined错误解决
Installation and use tutorial of cobaltstrike-4.4-k8 modified version
A doctor's 22 years in Huawei
会员积分营销系统操作的时候怎样提升消费者的积极性?
2.11 simulation summary
Communication between microservices
Differences and usage scenarios between TCP and UDP
如何精准识别主数据?
Maturity of master data management (MDM)
How to improve the enthusiasm of consumers when the member points marketing system is operated?
[matlab] access of variables and files