On computer networks, OpenSSL is an open-source software library package that applications can use to communicate securely, avoid eavesdropping, and confirm the identity of the other end of the connection. This package is widely used on web servers on the Internet.
SSL (Secure Sockets Layer) and its successor Transport Layer Security (TLS) are security protocols that provide security and data integrity for network communications. TLS and SSL encrypt network connections between the transport layer and the application layer.
OpenSSL download and install
Win64 OpenSSL v1.1.1k Windows version download address:The hyperlink login is visible.
Once the installation is complete, set to the environment variable, omitted.
Verify that the installation was successful
Create a new folder, copy a copy of C:\OpenSSL-Win64\bin\cnf\openssl.cnf (according to your actual situation), and then you need to modify it, and generate a certificate according to this configuration, for example, I copied it to: C:\temp\ssl
Edit the copied openssl.cnf file, there are a few things that need to be modified, as follows:
The complete configuration is as follows:
The above openssl.cnf subjectAltName shows that the optional domain name and optional IP address are added, which will prevent the browser from reporting the error "Subject Alternative Name missing".
Use OpenSSL to generate certificates
cmd to the new folder we just created, and execute the command as follows:
The command to fill in all kinds of passwords, it needs to be recorded, and the province, city, etc., and most importantlyCommon NameFill in the IP or domain name of your website, and configure your IP or domain name in the alt_names above.
ca.crt can be double-clicked after it is generated, open it and view the details, if you can see the "User Optional Name", it means it is normal, as shown in the figure below:
IIS configuration certificates
Run the command to generate a pfx file for IIS as follows:
Copy ca.pfx to the IIS server as follows:
Attempting to access the site through a browser will result in the following warning:
View Certificates - Details - Copy to file, select a save location, and double-click to install to "Trusted root certificate authorityRestart the browser.
SLB configuration certificates
The ca.crt just generated by openssl can be understood as a public key certificate, ca.key is a private key certificate, but ca.key contains a password.
----BEGIN ENCRYPTED PRIVATE KEY----- This type of annotation is to include a password
The command to remove password is as follows:
After removal, upload the public and private keys to Alibaba Cloud.
(End)
|
Posted on 8/13/2021 9:45:33 AM
|
|
|
|
Landlord|
Posted on 10/9/2021 1:57:08 PM
|
Posted on 1/25/2022 11:53:21 AM
|
