zhb8015

命令运行过程DOS窗口全记录

C:\TEMP\2>openssl genrsa -des3 -out server.key 1024
Loading 'screen' into random state - done
Generating RSA private key, 1024 bit long modulus
...++++++
.............................................................++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
5816:error:28069065:lib(40):UI_set_result:result too small:.\crypto\ui\ui_lib.c:850:You must type in 4 to 511 characters

Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:

C:\TEMP\2>openssl req -new -key server.key -out server.csr -config openssl.cfg
Enter pass phrase for server.key:
Loading 'screen' into random state - done
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:cn
State or Province Name (full name) [Some-State]:bj
Locality Name (eg, city) []:bj
Organization Name (eg, company) [Internet Widgits Pty Ltd]:v
Organizational Unit Name (eg, section) []:v
Common Name (eg, YOUR name) []:z
Email Address []:p@1

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:1234
An optional company name []:v

C:\TEMP\2>openssl genrsa -des3 -out client.key 1024
Loading 'screen' into random state - done
Generating RSA private key, 1024 bit long modulus
..........................++++++
.++++++
e is 65537 (0x10001)
Enter pass phrase for client.key:
Verifying - Enter pass phrase for client.key:

C:\TEMP\2>openssl req -new -key client.key -out client.csr -config openssl.cfg
Enter pass phrase for client.key:
Loading 'screen' into random state - done
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:cn
State or Province Name (full name) [Some-State]:bj
Locality Name (eg, city) []:bj
Organization Name (eg, company) [Internet Widgits Pty Ltd]:v
Organizational Unit Name (eg, section) []:v
Common Name (eg, YOUR name) []:z
Email Address []:p@1

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:1234
An optional company name []:v

C:\TEMP\2>openssl req -new -x509 -keyout ca.key -out ca.crt -config openssl.cfg
Loading 'screen' into random state - done
Generating a 1024 bit RSA private key
.......................................++++++
................++++++
writing new private key to 'ca.key'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:cn
State or Province Name (full name) [Some-State]:bj
Locality Name (eg, city) []:bj
Organization Name (eg, company) [Internet Widgits Pty Ltd]:v
Organizational Unit Name (eg, section) []:v
Common Name (eg, YOUR name) []:z
Email Address []:p@1

C:\TEMP\2>Openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config openssl.cfg
Using configuration from openssl.cfg
Loading 'screen' into random state - done
Enter pass phrase for ca.key:
unable to load number from C:/TEMP/2/demoCA/serial
error while loading serial number
4176:error:0D066091:asn1 encoding routines:a2i_ASN1_INTEGER:odd number of chars:.\crypto\asn1\f_int.c:162:

C:\TEMP\2>Openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config openssl.cfg
Using configuration from openssl.cfg
Loading 'screen' into random state - done
Enter pass phrase for ca.key:
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Apr 24 02:31:47 2012 GMT
            Not After : Apr 24 02:31:47 2013 GMT
        Subject:
            countryName               = cn
            stateOrProvinceName       = bj
            organizationName          = v
            organizationalUnitName    = v
            commonName                = z
            emailAddress              = p@1
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Comment:
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier:
                E5:BE:16:C6:48:0D:91:1D:52:7C:3A:2C:7C:EF:9C:2D:FA:9A:12:32
            X509v3 Authority Key Identifier:
                keyid:97:6F:59:B9:97:EB:37:BB:89:54:12:7E:A3:72:BE:92:AE:83:2E:5B

Certificate is to be certified until Apr 24 02:31:47 2013 GMT (365 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

C:\TEMP\2>Openssl ca -in client.csr -out client.crt -cert ca.crt -keyfile ca.key -config openssl.cnf
Using configuration from openssl.cnf
error loading the config file 'openssl.cnf'
1920:error:02001002:system library:fopen:No such file or directory:.\crypto\bio\bss_file.c:126:fopen('openssl.cnf','rb')

1920:error:2006D080:BIO routines:BIO_new_file:no such file:.\crypto\bio\bss_file.c:129:
1920:error:0E078072:configuration file routines:DEF_LOAD:no such file:.\crypto\conf\conf_def.c:197:

C:\TEMP\2>Openssl ca -in client.csr -out client.crt -cert ca.crt -keyfile ca.key -config openssl.cnf
Using configuration from openssl.cnf
error loading the config file 'openssl.cnf'
2608:error:02001002:system library:fopen:No such file or directory:.\crypto\bio\bss_file.c:126:fopen('openssl.cnf','rb')

2608:error:2006D080:BIO routines:BIO_new_file:no such file:.\crypto\bio\bss_file.c:129:
2608:error:0E078072:configuration file routines:DEF_LOAD:no such file:.\crypto\conf\conf_def.c:197:

C:\TEMP\2>Openssl ca -in client.csr -out client.crt -cert ca.crt -keyfile ca.key -config openssl.cfg
Using configuration from openssl.cfg
Loading 'screen' into random state - done
Enter pass phrase for ca.key:
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 2 (0x2)
        Validity
            Not Before: Apr 24 02:35:33 2012 GMT
            Not After : Apr 24 02:35:33 2013 GMT
        Subject:
            countryName               = cn
            stateOrProvinceName       = bj
            organizationName          = v
            organizationalUnitName    = v
            commonName                = z
            emailAddress              = p@1
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Comment:
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier:
                50:61:5E:EE:38:C3:7D:41:66:C7:68:5F:29:9C:96:1E:C2:67:7C:E3
            X509v3 Authority Key Identifier:
                keyid:97:6F:59:B9:97:EB:37:BB:89:54:12:7E:A3:72:BE:92:AE:83:2E:5B

Certificate is to be certified until Apr 24 02:35:33 2013 GMT (365 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

C:\TEMP\2>type client.crt client.key > client.pem

client.crt

client.key

C:\TEMP\2>type server.crt server.key > server.pem

server.crt

server.key

C:\TEMP\2>openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.p12
Loading 'screen' into random state - done
Enter pass phrase for client.key:
Enter Export Password:
Verifying - Enter Export Password:

C:\TEMP\2>openssl pkcs12 -export -clcerts -in server.crt -inkey server.key -out server.p12
Loading 'screen' into random state - done
Enter pass phrase for server.key:
Enter Export Password:
Verifying - Enter Export Password:

C:\TEMP\2>C:\TEMP\2>openssl genrsa -des3 -out server.key 1024
Loading 'screen' into random state - done
Generating RSA private key, 1024 bit long modulus
...++++++
.............................................................++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
5816:error:28069065:lib(40):UI_set_result:result too small:.\crypto\ui\ui_lib.c:850:You must type in 4 to 511 characters

Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:

C:\TEMP\2>openssl req -new -key server.key -out server.csr -config openssl.cfg
Enter pass phrase for server.key:
Loading 'screen' into random state - done
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:cn
State or Province Name (full name) [Some-State]:bj
Locality Name (eg, city) []:bj
Organization Name (eg, company) [Internet Widgits Pty Ltd]:v
Organizational Unit Name (eg, section) []:v
Common Name (eg, YOUR name) []:z
Email Address []:p@1

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:1234
An optional company name []:v

C:\TEMP\2>openssl genrsa -des3 -out client.key 1024
Loading 'screen' into random state - done
Generating RSA private key, 1024 bit long modulus
..........................++++++
.++++++
e is 65537 (0x10001)
Enter pass phrase for client.key:
Verifying - Enter pass phrase for client.key:

C:\TEMP\2>openssl req -new -key client.key -out client.csr -config openssl.cfg
Enter pass phrase for client.key:
Loading 'screen' into random state - done
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:cn
State or Province Name (full name) [Some-State]:bj
Locality Name (eg, city) []:bj
Organization Name (eg, company) [Internet Widgits Pty Ltd]:v
Organizational Unit Name (eg, section) []:v
Common Name (eg, YOUR name) []:z
Email Address []:p@1

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:1234
An optional company name []:v

C:\TEMP\2>openssl req -new -x509 -keyout ca.key -out ca.crt -config openssl.cfg
Loading 'screen' into random state - done
Generating a 1024 bit RSA private key
.......................................++++++
................++++++
writing new private key to 'ca.key'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:cn
State or Province Name (full name) [Some-State]:bj
Locality Name (eg, city) []:bj
Organization Name (eg, company) [Internet Widgits Pty Ltd]:v
Organizational Unit Name (eg, section) []:v
Common Name (eg, YOUR name) []:z
Email Address []:p@1

C:\TEMP\2>Openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config openssl.cfg
Using configuration from openssl.cfg
Loading 'screen' into random state - done
Enter pass phrase for ca.key:
unable to load number from C:/TEMP/2/demoCA/serial
error while loading serial number
4176:error:0D066091:asn1 encoding routines:a2i_ASN1_INTEGER:odd number of chars:.\crypto\asn1\f_int.c:162:

C:\TEMP\2>Openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config openssl.cfg
Using configuration from openssl.cfg
Loading 'screen' into random state - done
Enter pass phrase for ca.key:
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Apr 24 02:31:47 2012 GMT
            Not After : Apr 24 02:31:47 2013 GMT
        Subject:
            countryName               = cn
            stateOrProvinceName       = bj
            organizationName          = v
            organizationalUnitName    = v
            commonName                = z
            emailAddress              = p@1
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Comment:
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier:
                E5:BE:16:C6:48:0D:91:1D:52:7C:3A:2C:7C:EF:9C:2D:FA:9A:12:32
            X509v3 Authority Key Identifier:
                keyid:97:6F:59:B9:97:EB:37:BB:89:54:12:7E:A3:72:BE:92:AE:83:2E:5B

Certificate is to be certified until Apr 24 02:31:47 2013 GMT (365 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

C:\TEMP\2>Openssl ca -in client.csr -out client.crt -cert ca.crt -keyfile ca.key -config openssl.cnf
Using configuration from openssl.cnf
error loading the config file 'openssl.cnf'
1920:error:02001002:system library:fopen:No such file or directory:.\crypto\bio\bss_file.c:126:fopen('openssl.cnf','rb')

1920:error:2006D080:BIO routines:BIO_new_file:no such file:.\crypto\bio\bss_file.c:129:
1920:error:0E078072:configuration file routines:DEF_LOAD:no such file:.\crypto\conf\conf_def.c:197:

C:\TEMP\2>Openssl ca -in client.csr -out client.crt -cert ca.crt -keyfile ca.key -config openssl.cnf
Using configuration from openssl.cnf
error loading the config file 'openssl.cnf'
2608:error:02001002:system library:fopen:No such file or directory:.\crypto\bio\bss_file.c:126:fopen('openssl.cnf','rb')

2608:error:2006D080:BIO routines:BIO_new_file:no such file:.\crypto\bio\bss_file.c:129:
2608:error:0E078072:configuration file routines:DEF_LOAD:no such file:.\crypto\conf\conf_def.c:197:

C:\TEMP\2>Openssl ca -in client.csr -out client.crt -cert ca.crt -keyfile ca.key -config openssl.cfg
Using configuration from openssl.cfg
Loading 'screen' into random state - done
Enter pass phrase for ca.key:
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 2 (0x2)
        Validity
            Not Before: Apr 24 02:35:33 2012 GMT
            Not After : Apr 24 02:35:33 2013 GMT
        Subject:
            countryName               = cn
            stateOrProvinceName       = bj
            organizationName          = v
            organizationalUnitName    = v
            commonName                = z
            emailAddress              = p@1
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Comment:
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier:
                50:61:5E:EE:38:C3:7D:41:66:C7:68:5F:29:9C:96:1E:C2:67:7C:E3
            X509v3 Authority Key Identifier:
                keyid:97:6F:59:B9:97:EB:37:BB:89:54:12:7E:A3:72:BE:92:AE:83:2E:5B

Certificate is to be certified until Apr 24 02:35:33 2013 GMT (365 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

C:\TEMP\2>type client.crt client.key > client.pem

client.crt

client.key

C:\TEMP\2>type server.crt server.key > server.pem

server.crt

server.key

C:\TEMP\2>openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.p12
Loading 'screen' into random state - done
Enter pass phrase for client.key:
Enter Export Password:
Verifying - Enter Export Password:

C:\TEMP\2>openssl pkcs12 -export -clcerts -in server.crt -inkey server.key -out server.p12
Loading 'screen' into random state - done
Enter pass phrase for server.key:
Enter Export Password:
Verifying - Enter Export Password:

C:\TEMP\2>