Shulou(Shulou.com)06/01 Report--

Today, the editor to share with you is a simple SSL certificate generation steps, many people do not understand, today, in order to let you know more about the SSL certificate generation steps, so give you a summary of the following content, let's look down. I'm sure you'll get something.

The following editor will tell you how to generate SSL certificates:

Step 1: generate the private key

We usually use openSSL as a tool to generate a RSA private key

Description: generate rsa private key, des3 algorithm, 2048-bit strength, server.key is the key file name.

Note: generally, to generate a private key, at least one 4-digit password is required.

Step 2: after CSR generates the private key, you can create the csr file at this time.

There are two options at this point. Ideally, you can send the certificate to the certificate authority (what is the SSL certificate authority), and after CA verifies the identity of the requester, it issues a signed certificate (very expensive).

Note: you need to enter country, region, city, organization, organizational unit, Common Name and Email in turn. Among them, Common Name can write its own name or domain name. If you want to support https,Common Name, it should be consistent with the domain name, otherwise it will cause a browser warning.

Step 3: delete the password in the private key

In the process of creating the private key in step 1, a password must be specified. However, this password usually has a side effect, which is that every time Apache starts the Web server, it is required to re-enter the password, so this is very inconvenient. To delete the password in the private key, do the following:

Cp server.key server.key.org

OpenSSL rsa-in server.key.org-out server.key

Step 4: generate a self-signed certificate

If you don't want to pay for CA's signature, or just test the implementation of SSL. Now you are ready to start SSL certificate generation.

It is important to note that when using a self-signed temporary certificate, the browser prompts that the authority of the certificate is unknown.

Description: crt contains information about the holder of the certificate, the holder's public key, and the signature of the signer. If a user has installed this certificate, it means that everyone has trusted the certificate, so they will also have a public key, such as server authentication, client authentication, or sign other certificates.

Step 5: install the private key and certificate

Just copy the private key and certificate file to the Apache configuration directory, and on the Mac 10.10 system, copy to the / etc/apache2/ directory. Then the SSL certificate generation step is over.

SSL certificate securely encrypts the website, which can effectively prevent hijacking, prevent your website from being maliciously implanted with advertisements, prevent tampering and monitoring from leaking users' passwords, and optimize the SEO ranking of search engines with SSL certificates.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.