命令运行过程DOS窗口全记录C:\TEMP\2>openssl genrsa -des3 -out server.key 1024Loading 'screen' into random state - doneGenerating RSA private key, 1024 bit long modulus...++++++.............................................................++++++e is 65537 (0x10001)Enter pass phrase for server.key:5816:error:28069065:lib(40):UI_set_result:result too small:.\crypto\ui\ui_lib.c:850:You must type in 4 to 511 characters
Enter pass phrase for server.key:Verifying - Enter pass phrase for server.key:
C:\TEMP\2>openssl req -new -key server.key -out server.csr -config openssl.cfgEnter pass phrase for server.key:Loading 'screen' into random state - doneYou are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [AU]:cnState or Province Name (full name) [Some-State]:bjLocality Name (eg, city) []:bjOrganization Name (eg, company) [Internet Widgits Pty Ltd]:vOrganizational Unit Name (eg, section) []:vCommon Name (eg, YOUR name) []:zEmail Address []:p@1
Please enter the following 'extra' attributesto be sent with your certificate requestA challenge password []:1234An optional company name []:v
C:\TEMP\2>openssl genrsa -des3 -out client.key 1024Loading 'screen' into random state - doneGenerating RSA private key, 1024 bit long modulus..........................++++++.++++++e is 65537 (0x10001)Enter pass phrase for client.key:Verifying - Enter pass phrase for client.key:
C:\TEMP\2>openssl req -new -key client.key -out client.csr -config openssl.cfgEnter pass phrase for client.key:Loading 'screen' into random state - doneYou are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [AU]:cnState or Province Name (full name) [Some-State]:bjLocality Name (eg, city) []:bjOrganization Name (eg, company) [Internet Widgits Pty Ltd]:vOrganizational Unit Name (eg, section) []:vCommon Name (eg, YOUR name) []:zEmail Address []:p@1
C:\TEMP\2>openssl req -new -x509 -keyout ca.key -out ca.crt -config openssl.cfgLoading 'screen' into random state - doneGenerating a 1024 bit RSA private key.......................................++++++................++++++writing new private key to 'ca.key'Enter PEM pass phrase:Verifying - Enter PEM pass phrase:-----You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [AU]:cnState or Province Name (full name) [Some-State]:bjLocality Name (eg, city) []:bjOrganization Name (eg, company) [Internet Widgits Pty Ltd]:vOrganizational Unit Name (eg, section) []:vCommon Name (eg, YOUR name) []:zEmail Address []:p@1
C:\TEMP\2>Openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config openssl.cfgUsing configuration from openssl.cfgLoading 'screen' into random state - doneEnter pass phrase for ca.key:unable to load number from C:/TEMP/2/demoCA/serialerror while loading serial number4176:error:0D066091:asn1 encoding routines:a2i_ASN1_INTEGER:odd number of chars:.\crypto\asn1\f_int.c:162:
C:\TEMP\2>Openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config openssl.cfgUsing configuration from openssl.cfgLoading 'screen' into random state - doneEnter pass phrase for ca.key:Check that the request matches the signatureSignature okCertificate Details: Serial Number: 1 (0x1) Validity Not Before: Apr 24 02:31:47 2012 GMT Not After : Apr 24 02:31:47 2013 GMT Subject: countryName = cn stateOrProvinceName = bj organizationName = v organizationalUnitName = v commonName = z emailAddress = p@1 X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: E5:BE:16:C6:48:0D:91:1D:52:7C:3A:2C:7C:EF:9C:2D:FA:9A:12:32 X509v3 Authority Key Identifier: keyid:97:6F:59:B9:97:EB:37:BB:89:54:12:7E:A3:72:BE:92:AE:83:2E:5B
Certificate is to be certified until Apr 24 02:31:47 2013 GMT (365 days)Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]yWrite out database with 1 new entriesData Base Updated
C:\TEMP\2>Openssl ca -in client.csr -out client.crt -cert ca.crt -keyfile ca.key -config openssl.cnfUsing configuration from openssl.cnferror loading the config file 'openssl.cnf'1920:error:02001002:system library:fopen:No such file or directory:.\crypto\bio\bss_file.c:126:fopen('openssl.cnf','rb')
1920:error:2006D080:BIO routines:BIO_new_file:no such file:.\crypto\bio\bss_file.c:129:1920:error:0E078072:configuration file routines:DEF_LOAD:no such file:.\crypto\conf\conf_def.c:197:
C:\TEMP\2>Openssl ca -in client.csr -out client.crt -cert ca.crt -keyfile ca.key -config openssl.cnfUsing configuration from openssl.cnferror loading the config file 'openssl.cnf'2608:error:02001002:system library:fopen:No such file or directory:.\crypto\bio\bss_file.c:126:fopen('openssl.cnf','rb')
2608:error:2006D080:BIO routines:BIO_new_file:no such file:.\crypto\bio\bss_file.c:129:2608:error:0E078072:configuration file routines:DEF_LOAD:no such file:.\crypto\conf\conf_def.c:197:
C:\TEMP\2>Openssl ca -in client.csr -out client.crt -cert ca.crt -keyfile ca.key -config openssl.cfgUsing configuration from openssl.cfgLoading 'screen' into random state - doneEnter pass phrase for ca.key:Check that the request matches the signatureSignature okCertificate Details: Serial Number: 2 (0x2) Validity Not Before: Apr 24 02:35:33 2012 GMT Not After : Apr 24 02:35:33 2013 GMT Subject: countryName = cn stateOrProvinceName = bj organizationName = v organizationalUnitName = v commonName = z emailAddress = p@1 X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 50:61:5E:EE:38:C3:7D:41:66:C7:68:5F:29:9C:96:1E:C2:67:7C:E3 X509v3 Authority Key Identifier: keyid:97:6F:59:B9:97:EB:37:BB:89:54:12:7E:A3:72:BE:92:AE:83:2E:5B
Certificate is to be certified until Apr 24 02:35:33 2013 GMT (365 days)Sign the certificate? [y/n]:y
C:\TEMP\2>type client.crt client.key > client.pem
client.crt
client.key
C:\TEMP\2>type server.crt server.key > server.pem
server.crt
server.key
C:\TEMP\2>openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.p12Loading 'screen' into random state - doneEnter pass phrase for client.key:Enter Export Password:Verifying - Enter Export Password:
C:\TEMP\2>openssl pkcs12 -export -clcerts -in server.crt -inkey server.key -out server.p12Loading 'screen' into random state - doneEnter pass phrase for server.key:Enter Export Password:Verifying - Enter Export Password:
C:\TEMP\2>C:\TEMP\2>openssl genrsa -des3 -out server.key 1024Loading 'screen' into random state - doneGenerating RSA private key, 1024 bit long modulus...++++++.............................................................++++++e is 65537 (0x10001)Enter pass phrase for server.key:5816:error:28069065:lib(40):UI_set_result:result too small:.\crypto\ui\ui_lib.c:850:You must type in 4 to 511 characters
C:\TEMP\2>
posted on 2012-04-24 11:30 zhb8015 阅读(9877) 评论(0) 编辑 收藏 所属分类: tibco