Check a key: Check the SSL key and verify the consistency openssl rsa -in server.key -check Check a CSR: Verify the CSR and print CSR data filled in when generating the CSR openssl req -text -noout -verify -in server.csr Verify a certificate and key matches These two commands print ou...
failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch) 1. 2. 3. 出现如下错误只有两种可能: 一、私钥与认证过后与证书不匹配 因为nginx首先需要用私钥去解密服务器证书,解不了。 解决办法: ~]# openssl x509 -in /path/to/yourdomain.crt -noout -modulus |...
否则会提示“Sign the certificate?”、“1 out of 1 certificate requests certified, commit?” 若指定-subj选项,可以取代证书请求中的主体名称。 无论ca命令是否执行成功,均会出现以下提示: Using configuration from /etc/pki/tls/openssl.cnf Check that the request matches the signature Signature ok Certific...
如果你打算用HTTPS来增强你的Apache HTTP或Nginx服务器, 并且用一个Certificate Authority(CA)来签发SSL证书, 你需要使用这个. 生成一份CSR然后发送给CA要求其签发一份CA-signed SSL证书. 如果你的CA支持SHA-2, 在参数中添加-sha256来生成SHA-2签名的CSR. 下面的命令用于生成一份2048-bit的私钥(domain.key), ...
X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: Digital Signature, Non Repudiation, Key Encipherment X509v3 Subject Alternative Name: IP Address:XX.XX.109.96 Certificate is to be certified until Jul 27 02:42:35 2028 GMT (3650 days) Write out database with 1 new entries Data Base Updat...
Path to the Certificate Signing Request (CSR) used to generate this certificate. This is not required in assertonly mode. entrust_api_client_cert_key_path path added in 2.9 The path to the private key of the client certificate used to authenticate to the Entrust Certificate Services (ECS)...
Enter pass phrase for ca.key: Check that the request matches the signature Signature ok The stateOrProvinceName field needed to be the same in the CA certificate (GuangDong) and the request (GuangDong) [root@node00 security]# ll total 12 ...
creation of key parameters creation of X.509 certificates, CSRs and CRLs calculation of message digests encryption and decryption SSL/TLS/DTLS and client and server tests QUIC client tests handling of S/MIME signed or encrypted mail and more... ...
usage:rsa[options]-check 检测秘钥合法性-infile 输入的文件名-inform format 输入文件的格式(DER,NETor PEM(default))-modulus 打印 RSA 秘钥的modulus-outfile 输出的文件名-outform format 输出文件的格式(DER,NETor PEM(defaultPEM))-passin src 输入文件的密码-passout src 输出文件的密码-pubin 该指令说明...
在上述的配置中需要注意的是:SSLCertificateFile 指定的是用于https的证书,SSLCertificateKeyFile指定的是相应的私钥而SSLCACertificateFile通常是指定CA证书的路径,但是也可以是my.crt的签发者(不一定是CA),正如上面所述,openssl需要的证书并不一定需要CA来签发.配置完成,重启httpd服务就可以了。