日期:2014-05-17  浏览次数:20959 次

记录一个openssl在windows下面测试

工具:http://code.google.com/p/openssl-for-windows/

?

genrsa -out ca/ca2-key.pem 1024

req -new -out ca/ca-req.csr -key ca/ca2-key.pem?

x509 -req -in ca/ca-req.csr -out ca/ca2-cert.pem -signkey ca/ca2-key.pem -days 3650


pkcs12 -export -clcerts -in ca/ca2-cert.pem -inkey ca/ca2-key.pem -out ca/ca2.p12


genrsa -out server/server2-key.pem 1024?


req -new -out server/server2-req.csr -key server/server2-key.pem

?

x509 -req -in server/server2-req.csr -out server/server2-cert.pem -signkey server/server2-key.pem -CA ca/ca2-cert.pem -CAkey ca/ca2-key.pem -CAcreateserial -days 3650?

?

pkcs12 -export -clcerts -in server/server2-cert.pem -inkey server/server2-key.pem -out server/server2.p12?


genrsa -out client/client2-key.pem 1024


req -new -out client/client2-req.csr -key client/client2-key.pem

?

x509 -req -in client/client2-req.csr -out client/client2-cert.pem -signkey client/client2-key.pem -CA ca/ca2-cert.pem -CAkey ca/ca2-key.pem -CAcreateserial -days 3650?

?

pkcs12 -export -clcerts -in client/client2-cert.pem -inkey client/client2-key.pem -out client/client2.p12

?


keytool -keystore C:\openssl\bin\jks\truststore2.jks -keypass changeit -storepass changeit -alias ca -import -trustcacerts -file C:\openssl\bin\ca\ca2-cert.pem?


<!-- tomcat 6.0.20 -->
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
?????????????? maxThreads="150" scheme="https" secure="true"
?????????????? clientAuth="true" sslProtocol="TLS"
?????????????? keystoreFile="C:/openssl/bin/server/server2.p12" keystorePass="changeit" keystoreType="PKCS12"?
?????????????? truststoreFile="C:/openssl/bin/jks/truststore2.jks" truststorePass="changeit" truststoreType="JKS"/>

?

?

?

?