Comments (9)
@cainwise
生成java支持的公钥和私钥
openssl genrsa -des3 -out ca.key 2048
openssl rsa -in ca.key -pubout -outform DER -out ca_pub.der
openssl pkcs8 -topk8 -nocrypt -inform PEM -outform DER -in ca.key -out ca_private.pem
再通过CA私钥生成CA证书
openssl req -sha256 -new -x509 -days 365 -key ca.key -out ca.crt \
-subj "/C=CN/ST=GD/L=SZ/O=lee/OU=study/CN=proxyeeRoot"
可以参考下我写的一篇博客OpenSSL创建带SAN扩展的证书并进行CA自签
from proxyee.
@monkeyWie 很感谢您的回复 但是执行下面语句:
openssl rsa -in ca_private.pem -pubout -outform DER -out ca_pub.der
错误异常:
unable to load Private Key
10457:error:0906D06C:PEM routines:PEM_read_bio:no start line:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-64.50.6/src/crypto/pem/pem_lib.c:648:Expecting: ANY PRIVATE KEY
我的系统是mac
openssl版本是:OpenSSL 0.9.8zh 14 Jan 2016
from proxyee.
@cainwise
不好意思,生成公钥这步弄错了,是直接用ca.key来生成DER编码的公钥,2L已更新。
from proxyee.
@monkeyWie
按照2L的格式来生成密钥
抛出的堆栈信息如下:
警告: An exceptionCaught() event was fired, and it reached at the tail of the pipeline. It usually means the last handler in the pipeline did not handle the exception.
java.io.IOException: 你的主机中的软件中止了一个已建立的连接。
at sun.nio.ch.SocketDispatcher.read0(Native Method)
at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:43)
at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:223)
at sun.nio.ch.IOUtil.read(IOUtil.java:192)
at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:380)
at io.netty.buffer.PooledUnsafeDirectByteBuf.setBytes(PooledUnsafeDirectByteBuf.java:288)
at io.netty.buffer.AbstractByteBuf.writeBytes(AbstractByteBuf.java:1106)
at io.netty.channel.socket.nio.NioSocketChannel.doReadBytes(NioSocketChannel.java:373)
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:123)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:645)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:580)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:497)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:459)
at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:858)
at io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:138)
at java.lang.Thread.run(Thread.java:748)
from proxyee.
@monkeyWie
采用你git上面的证书ok
但是手动生成的都会出现5L的问题
- 生成java支持的公钥和私钥
openssl genrsa -out ca.key 2048
openssl rsa -in ca.key -pubout -outform DER -out ca_pub.der
openssl pkcs8 -topk8 -nocrypt -inform PEM -outform DER -in ca.key -out ca_private.pem
- 再通过CA私钥生成CA证书
openssl req -sha256 -new -x509 -days 365 -key ca.key -out ca.crt \
-subj "/C=CN/ST=GD/L=SZ/O=lee/OU=study/CN=proxyeeRoot"
from proxyee.
@cainwise
会不会是openssl版本的问题,我这是Linux下,版本OpenSSL 1.0.1e-fips,测试没问题。
from proxyee.
openssl req -sha256 -new -x509 -days 365 -key ca.key -out ca.crt \
-subj "/C=CN/ST=GD/L=SZ/O=lee/OU=study/CN=proxyeeRoot"
CN=proxyeeRoot 中的proxyeeRoot写错了需要大写ProxyeeRoot
from proxyee.
@cainwise
额,那问题是已经解决了吗?现在代码已经可以读取CA证书里的-sub内容来动态生成ssl证书了。
from proxyee.
@monkeyWie
问题解决了
from proxyee.
Related Issues (20)
- 在阿里云申请了一个免费能信任的证书,替换了ca.crt和der,请问这个时候中间人做代理的时候,理论上会被信任吗 HOT 3
- 连接建立一段时间后,会稳定出现HTTP2超时异常 HOT 3
- Can I specify multiple outgoing ip addresses when I have multiple ethernet cards? HOT 1
- 证书错误,io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Read error: HOT 11
- How to send all the request generating from my application to the proxy HOT 1
- 请问开启了中间人代理后,代理流式(会持续返回)接口,如何实现也流式(response输出)返回,而不是等到最后响应结束后才一次过返回一堆结果(如json) HOT 8
- 大佬,支付宝APP抓不了包,报未知证书错误,但是其他APP可以,这是为啥呀 || Big Brother, the Alipay APP cannot capture the package, and reports an unknown certificate error, but other APPs can, why is this? HOT 1
- 多个拦截器 若某个拦截器的match方法若匹配一次 后续不匹配还会执行此拦截器的handleResponse方法 || Multiple interceptors If the match method of an interceptor matches once, the handleResponse method of this interceptor will be executed if there is no subsequent match
- java.lang.NullPointerException HOT 2
- proxyee设置支持ssl,运行时会出现 Received fatal alert: bad_certificate HOT 1
- 127.0.0.1:9999: invalid IPv6 address
- 支持一下socks5 || Support socks5 HOT 2
- ByteBuf.release() was not called before it's garbage-collected HOT 1
- Hi team, request help for accessing proxyee. HOT 5
- 是否有支持tcp的计划 || Is there any plan to support tcp?
- Client requested protocol TLSv1 is not enabled or supported in server context
- 在服务端主动关闭连接的时候,会出现问题 || Problems may occur when the server actively closes the connection.
- proxyee代理bugfree testLink这种就会出现很高频率的失败 HOT 1
- 1.7.6版本下,无法拦截HTTPS的响应,只能拦截HTTP的相应 || In version 1.7.6, HTTPS responses cannot be intercepted, only HTTP responses can be intercepted.
- 一直出现很多的ClosedChannelException报错日志,但是能正常运行,这个该如何解决 HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from proxyee.