在Linux系统上配置OpenSSL涉及多个步骤,包括安装、配置、链接库设置和环境变量配置。以下是一个详细的指南:
计算
安全
数据库
网络和加速
企业服务
tar -xzf openssl-x.x.x.tar.gz
cd openssl-x.x.x
./config --prefix=/usr/local/openssl shared zlib
yum install gcc-c++ pcre pcre-devel zlib zlib-devel
make
make install
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
ldconfig
mv /usr/bin/openssl /usr/bin/openssl.backup
vim /etc/profile.d/openssl.sh
# Set OPENSSL_PATH
export OPENSSL_PATH="/usr/local/openssl/bin"
export PATH=$PATH:$OPENSSL_PATH
source /etc/profile.d/openssl.sh
which openssl
openssl version -a
OpenSSL的主要配置文件是 openssl.cnf,位于 --openssldir 指定的目录下。这个文件用于证书签发和管理。一个简单的 openssl.cnf 示例如下:
#
# OpenSSL configuration file.
#
[default_section]
dir = ./demoCA
certs = $dir/certs
crl_dir = $dir/crl
database = $dir/index.txt
#
# CA section
#
[ca]
default_ca = CA_default
[CA_default]
dir = $dir
certs = $dir/certs
crl_dir = $dir/crl
database = $dir/index.txt
new_certs_dir = $dir/newcerts
certificate = $dir/cacert.pem
serial = $dir/serial
crlnumber = $dir/crlnumber
crl = $dir/crl.pem
private_key = $dir/private/cakey.pem
RANDFILE = $dir/.rand
x509_extensions = v3_ca
#
# Request section
#
[req]
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
req_extensions = v3_req
x509_extensions = v3_req
string_mask = utf8only
#
# X509 section
#
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[v3_ca]
subjectAltName = @alt_names
[alt_names]
DNS.1 = example.com
DNS.2 = www.example.com
openssl genrsa -out private_key.pem 2048
openssl req -new -key private_key.pem -out csr.pem
openssl x509 -req -days 365 -in csr.pem -signkey private_key.pem -out certificate.pem
openssl x509 -in certificate.pem -text -noout
openssl verify certificate.pem
请注意,具体的命令和步骤可能会根据你的Linux发行版和OpenSSL版本的不同而有所变化。
亿速云提供多种品牌、不同类型SSL证书签发服务,包含:域名型、企业型、企业型专业版、增强型以及增强型专业版,单域名SSL证书300元/年起。点击查看>>
