Shulou(Shulou.com)06/01 Report--

SSL is the abbreviation of Secure Socket Layer (Secure Socket Layer Protocol). OpenSSL provides quite powerful and comprehensive functions, including major cryptographic algorithms, common key and certificate encapsulation management functions, and SSL protocol, and provides rich applications for testing or other purposes.

Check if you have openssl package installed. If not, install openssl first. Use yum here to install:

[root@master ~]# rpm -q openssl

openssl-1.0.1e-30.el6.x86_64

[root@master ~]# yum -y install openssl

1. Use OpenSSL to achieve symmetric encryption and decryption of files

Use the enc tool as an example to encrypt the/tmp/test.txt file to generate the test.aes file

Decrypt the test.aes file

Second, use openssl to generate key pairs

First, create a private key.

Extract the public key from the private key

Third, use openssl to achieve one-way encryption and extract file fingerprints

Take dgst tool, md5 algorithm as an example

Fourth, use openssl to build a private CA

The main configuration file for openssl: /etc/pki/tls/openssl.cnf

[CA_default]

dir: CA's home directory

certs: Storage location for issued certificates

crl_dir: Storage location for revoked certificates

database: certificate index file

new_certs_dir: Storage location for newly issued certificates

certificate: CA certificate file

serial: current serial number at the time of certificate issuance

crlnumber: The current serial number of the revoked certificate

crl: CRL currently in use

private_key: CA private key

RANDFILE: Private random number generator file

(1) Generating a private key

(2) Generate self-signed certificate

(3) Follow-up work

V. Issuing certificates to nodes

(1) Node Application Certificate

1. Generate private key

2. Generate certificate signing request

Send the request to CA

(2) CA Signature Certificate

1. Verify the requester's information and sign the certificate

2. Send the signed certificate to the requester

(3) View certificate information

VI. Revocation of certificate (node)

(1) serial (certificate holder)

(2) CA determines whether to revoke the certificate according to whether the serial and subject information submitted by the certificate holder is consistent with the information in the index.txt database file

(3) Follow-up to the first revocation

1. Number of revoked certificate generated

2. Update certificate revocation list and view crl file

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.