Code Monkey home page Code Monkey logo

Comments (9)

monkeyWie avatar monkeyWie commented on June 29, 2024

@cainwise
生成java支持的公钥和私钥

openssl genrsa -des3 -out ca.key 2048
openssl rsa -in ca.key -pubout -outform DER -out ca_pub.der
openssl pkcs8 -topk8 -nocrypt -inform PEM -outform DER -in ca.key -out ca_private.pem

再通过CA私钥生成CA证书

openssl req -sha256 -new -x509 -days 365 -key ca.key -out ca.crt \
    -subj "/C=CN/ST=GD/L=SZ/O=lee/OU=study/CN=proxyeeRoot"

可以参考下我写的一篇博客OpenSSL创建带SAN扩展的证书并进行CA自签

from proxyee.

cainwise avatar cainwise commented on June 29, 2024

@monkeyWie 很感谢您的回复 但是执行下面语句:
openssl rsa -in ca_private.pem -pubout -outform DER -out ca_pub.der
错误异常:
unable to load Private Key
10457:error:0906D06C:PEM routines:PEM_read_bio:no start line:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-64.50.6/src/crypto/pem/pem_lib.c:648:Expecting: ANY PRIVATE KEY

我的系统是mac
openssl版本是:OpenSSL 0.9.8zh 14 Jan 2016

from proxyee.

monkeyWie avatar monkeyWie commented on June 29, 2024

@cainwise
不好意思,生成公钥这步弄错了,是直接用ca.key来生成DER编码的公钥,2L已更新。

from proxyee.

cainwise avatar cainwise commented on June 29, 2024

@monkeyWie
按照2L的格式来生成密钥

抛出的堆栈信息如下:
警告: An exceptionCaught() event was fired, and it reached at the tail of the pipeline. It usually means the last handler in the pipeline did not handle the exception.
java.io.IOException: 你的主机中的软件中止了一个已建立的连接。
at sun.nio.ch.SocketDispatcher.read0(Native Method)
at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:43)
at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:223)
at sun.nio.ch.IOUtil.read(IOUtil.java:192)
at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:380)
at io.netty.buffer.PooledUnsafeDirectByteBuf.setBytes(PooledUnsafeDirectByteBuf.java:288)
at io.netty.buffer.AbstractByteBuf.writeBytes(AbstractByteBuf.java:1106)
at io.netty.channel.socket.nio.NioSocketChannel.doReadBytes(NioSocketChannel.java:373)
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:123)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:645)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:580)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:497)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:459)
at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:858)
at io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:138)
at java.lang.Thread.run(Thread.java:748)

from proxyee.

cainwise avatar cainwise commented on June 29, 2024

@monkeyWie
采用你git上面的证书ok
但是手动生成的都会出现5L的问题

  1. 生成java支持的公钥和私钥
openssl genrsa -out ca.key 2048
openssl rsa -in ca.key -pubout -outform DER -out ca_pub.der
openssl pkcs8 -topk8 -nocrypt -inform PEM -outform DER -in ca.key -out ca_private.pem
  1. 再通过CA私钥生成CA证书
openssl req -sha256 -new -x509 -days 365 -key ca.key -out ca.crt \
    -subj "/C=CN/ST=GD/L=SZ/O=lee/OU=study/CN=proxyeeRoot"

from proxyee.

monkeyWie avatar monkeyWie commented on June 29, 2024

@cainwise
会不会是openssl版本的问题,我这是Linux下,版本OpenSSL 1.0.1e-fips,测试没问题。

from proxyee.

cainwise avatar cainwise commented on June 29, 2024

@monkeyWie

openssl req -sha256 -new -x509 -days 365 -key ca.key -out ca.crt \
    -subj "/C=CN/ST=GD/L=SZ/O=lee/OU=study/CN=proxyeeRoot"

CN=proxyeeRoot 中的proxyeeRoot写错了需要大写ProxyeeRoot

from proxyee.

monkeyWie avatar monkeyWie commented on June 29, 2024

@cainwise
额,那问题是已经解决了吗?现在代码已经可以读取CA证书里的-sub内容来动态生成ssl证书了。

from proxyee.

cainwise avatar cainwise commented on June 29, 2024

@monkeyWie
问题解决了

from proxyee.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.