linux中主要通过openssl,gpg等工具来实现加密解密机制,这里我只介绍下openssl的使用方法!
对称加密:任意加密数据块和流的内容,加密和解密用同一个密码。
公钥加密:非对称加密,加密解密用不同密码分公钥和私钥,公钥是从私钥中提取,公钥可以給别人,私钥保密。
单项加密:数据完整性算法,抽取数据特征码并且在二次抽取后跟此前特征码做比较以确保数据没有被窜改。
单项加密也叫数据完整性校验只能加密不能解密,定长输出、雪崩效应。单项加密有这几种方式:MD5、SHA1、SHA256、SHA384、SHA512
认证协议:用来确定通信方的真实性。
发起者用单项算法计算数据的特征码,用自己的私钥计算特征码附加在数据后面,在用对称密钥对整个包(数据和加特征码)进行加密,并用接受者的公钥加密对称加密密码,附加在整个包中一并发给对方。接受者用自己的私钥解密获取对称加密密码,得到密码后解密整个包获得数据和特征码,在用相同的算法计算特征码,用对方的公钥解密数据验证对方身份,用对方计算结果(特征码)和解析结果(特征码)进行对比,来验证数据的完整性。
- 签发机构:CA
- 注册机构:RA
- 证书吊销列表:CRL
- 证书存取库
PKI:公开密钥基础设施(Public Key Infrastructure),是现在互联网安全基础规范
- 版本号
- 序列号
- 签名算法ID
- 发行者名称
- 有效期限
- 主体名称
- 主题公钥
- 发行者唯一标识
- 主体的唯一标识
- 扩展
- 发行者签名
- 1995: SSL 2.0 NetScape公司发布SSL 2.0版,很快发现有严重漏洞。
- 1996: SSL 3.0
- 1999: TLS 1.0
- 2006: TLS 1.1 RFC 4346
- 2008: TLS 1.2
- 2015: TLS 1.3
- 2006年和2008年,TLS进行了两次升级,分别为TLS 1.1版和TLS 1.2版。最新的变动是2011年TLS 1.2的修订版。
目前,应用最广泛的是TLS 1.2,接下来是SSL 3.0。但是,主流浏览器都已经实现了TLS 1.3的支持。 TLS 1.0通常被标示为SSL 3.1,TLS 1.1为SSL 3.2,TLS 1.2为SSL 3.3。
认证用户和服务器,确保数据发送到正确的客户机和服务器;
加密数据以防止数据中途被窃取;
维护数据的完整性,确保数据在传输过程中不被改变。
TLS的主要目标是使SSL更安全,并使协议的规范更精确和完善。TLS 在SSL v3.0 的基础上,提供了以下增强内容:
- OpenSSL:多用途的命令行工具
- libcrypto:公共加密库
- libssl:库文件,实现了ssl及tls
[root#localhost ~]#openssl [command] [option]
选项与参数:
enc:对称加密程序
-e:指定为加密,可以不写默认为加密。
-des3:指定算法算法
-salt:默认设置,可以不写。生成一段字符串放在密码最前面进行加密,提高解密难度。
-a:基于base64处理数据。加密结果进行base64编码处理
-in:读取那个文件进行加密
-out:输出到那里
-d:指定为解密
#openssl支持的加密算法
Standard commands <--标准命令
asn1parse ca ciphers cms
crl crl2pkcs7 dgst dh
dhparam dsa dsaparam ec
ecparam enc engine errstr
gendh gendsa genpkey genrsa
nseq ocsp passwd pkcs12
pkcs7 pkcs8 pkey pkeyparam
pkeyutl prime rand req
rsa rsautl s_client s_server
s_time sess_id smime speed
spkac ts verify version
x509
Message Digest commands (see the `dgst' command for more details) <--消息摘要命令算法
md2 md4 md5 rmd160
sha sha1
Cipher commands (see the `enc' command for more details)<--加密算法命令
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb
aes-256-cbc aes-256-ecb base64 bf
bf-cbc bf-cfb bf-ecb bf-ofb
camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb
camellia-256-cbc camellia-256-ecb cast cast-cbc
cast5-cbc cast5-cfb cast5-ecb cast5-ofb
des des-cbc des-cfb des-ecb
des-ede des-ede-cbc des-ede-cfb des-ede-ofb
des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb
des-ofb des3 desx idea
idea-cbc idea-cfb idea-ecb idea-ofb
rc2 rc2-40-cbc rc2-64-cbc rc2-cbc
rc2-cfb rc2-ecb rc2-ofb rc4
rc4-40 rc5 rc5-cbc rc5-cfb
rc5-ecb rc5-ofb seed seed-cbc
seed-cfb seed-ecb seed-ofb zlib
openssl:标准命令,消息摘要算法,加密命令
工具: openssl,enc,gpg 算法: 3des, aes, blowfish, twofish
[root@localhost ~]# openssl enc -h
unknown option '-h'
options are
-in <file> input file
-out <file> output file
-pass <arg> pass phrase source
-e encrypt
-d decrypt
-a/-base64 base64 encode/decode, depending on encryption flag
-k passphrase is the next argument
-kfile passphrase is the first line of the file argument
-md the next argument is the md to use to create a key
from a passphrase. See openssl dgst -h for list.
-S salt in hex is the next argument
-K/-iv key/iv in hex is the next argument
-[pP] print the iv/key (then exit if -P)
-bufsize <n> buffer size
-nopad disable standard block padding
-engine e use engine e, possibly a hardware device.
#对称加密fstab这个文件后删除
[root@localhost ~]# cp /etc/fstab ./ #复制这个文件到根目录
[root@localhost ~]# openssl enc -e -des3 -a -salt -in fstab -out fstab.encrypt
enter des-ede3-cbc encryption password: <--输入密码
Verifying - enter des-ede3-cbc encryption password: <--在输入一次
[root@localhost ~]# cat fstab.encrypt
U2FsdGVkX1+bJb7OZHB0yz5xFLEI/5jxkhMVnFnC3fx6N8XwyE7uxZ02SDFiD8od
fWWNrwlewtdpOJmlbZmeZS9yXUTVNJkz+SJIeDetyrQ/dpVyiLHeoHyHT1KognCZ
1ca/pPYa4nFL3PgQhqPgumb5FVWREJScgvZY4L4jqOsHvMdfhXgwKzqz7PDJ7ExP
I07Tq7rp4kIFLSqbWKFsQUhwrNARMg/JuJB17ZHvjjrcy4vXb7fExJDAt1kDZt8U
IbblVyFlbNss2h2OS+bXWvAMD8W4TL5DQI3lSxnAWVLsB1DLpxm/MTQ5xISVjq6T
5OhP5xF4hOam5px58+k0x10UIxCQlGrKlMcvvQSVZcgLT4noVhwaZYqfF1NG5NEQ
ux8FApG6SAOPbtSQjg2pZGLsB1Q4yL/NCpabVSmDuKfumBGGWhNeiq/3+8pR+J7+
XnPxOKJ6iU6L73AMTL6ftN661HZ9Iu6ANOcDe8APTq+VCavzPck+bUnB+/rfsB5J
8I+1H+0TZaMricSEIp4jL38/1tWsq3+LRx9cUVetmAmMkNUHetni9K1DBnmnoLs3
Wtd5zlxBu8UfnXT+fwJgiHvuffsHAaypyuvkkkPhL4RDcgb6WYecASxSFY19cBqV
S3oBL3P7NDg=
#对称解密上面加密的文件
[root@localhost ~]# rm -rf fstab
[root@localhost ~]# openssl enc -d -des3 -a -salt -in fstab.encrypt -out fstab
enter des-ede3-cbc decryption password:
[root@localhost ~]# cat fstab
....
/dev/mapper/centos-root / xfs defaults 0 0
UUID=3ea63f43-8797-48e8-b5ed-bbfa833652f0 /boot xfs defaults 0 0
/dev/mapper/centos-swap swap swap defaults 0 0
工具:md5sum, sha1sum, sha224sum, sha256sum,..., openssl dgst
[root@localhost ~]# openssl dgst -h
unknown option '-h'
options are
-c to output the digest with separating colons
-r to output the digest in coreutils format
-d to output debug info
-hex output as hex dump
-binary output in binary form
-hmac arg set the HMAC key to arg
-non-fips-allow allow use of non FIPS digest
-sign file sign digest using private key in file
-verify file verify a signature using public key in file
-prverify file verify a signature using private key in file
-keyform arg key file format (PEM or ENGINE)
-out filename output to filename rather than stdout
-signature file signature to verify
-sigopt nm:v signature parameter
-hmac key create hashed MAC with key
-mac algorithm create MAC (not neccessarily HMAC)
-macopt nm:v MAC algorithm parameters or key
-engine e use engine e, possibly a hardware device.
-md4 to use the md4 message digest algorithm
-md5 to use the md5 message digest algorithm
-ripemd160 to use the ripemd160 message digest algorithm
-sha to use the sha message digest algorithm
-sha1 to use the sha1 message digest algorithm
-sha224 to use the sha224 message digest algorithm
-sha256 to use the sha256 message digest algorithm
-sha384 to use the sha384 message digest algorithm
-sha512 to use the sha512 message digest algorithm
-whirlpool to use the whirlpool message digest algorithm
#对fstab进行消息摘要算法
[root@localhost ~]# md5sum fstab
7cd05b5431568f0f0c4e65c8eb77bbcc fstab
[root@localhost ~]# openssl dgst -md5 fstab
MD5(fstab)= 7cd05b5431568f0f0c4e65c8eb77bbcc
MAC: Message Authentication Code,单向加密的一种延伸应用,用于实现在网络通信中保证所传输的数据的完整性; 机制: CBC -MAC HMAC:使用md5或sha1算法
# openssl passwd
# -1:md5加密
# -salt:指定附加信息
[root@localhost ~]# openssl passwd -1 -salt 123456 #salt值不同,同一个密码加密的值也不同
Password: <--输入要加密的密码
$1$123456$IwjpZ29kXBCHidr6gpBmd0
[root@localhost ~]# openssl passwd -1 -salt 1234567
Password:
$1$1234567$zX0UGQQbRU4G71DDWAAwF1
[root@localhost ~]# openssl passwd -1 -salt 12345678
Password:
$1$12345678$7Z0Jrucc2MScorHw3hH9y.
#使用随机数值进行base64加密
[root@localhost ~]# openssl rand -base64 4
9Kab9w==
[root@localhost ~]# openssl rand -base64 4
Z2gqyQ==
[root@localhost ~]# openssl rand -base64 4
mBVcrQ==
[root@localhost ~]# openssl rand -base64 4
3jdY3w==
[root@localhost ~]# openssl rand -base64 4
pj/LVA==
#使用随机数值进行hex加密
[root@localhost ~]# openssl rand -hex 4 <--4表示4个字节,8位
378330af
[root@localhost ~]# openssl rand -hex 4
def74032
[root@localhost ~]# openssl rand -hex 4
68a2617b
[root@localhost ~]# openssl rand -hex 4
f13ba60b
# openssl genrsa -out /PATH/TO/PRIVATEKEY.FILE NUM_BITS
# (umask 077;openssl genrsa -out key.pri 2048) #括号里面支持会重新打开一个子bash
#生成秘钥并提取出公钥
[root@localhost ~]# (umask 077;openssl genrsa -out key.pri 2048)
Generating RSA private key, 2048 bit long modulus
.....................................................................................................................................................................+++
................+++
e is 65537 (0x10001)
[root@localhost ~]# ll key.pri
-rw-------. 1 root root 1679 11月 17 16:47 key.pri
#查看私钥
[root@localhost ~]# cat rsakey.private
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAw9MHjNV4qJbSad4SxC+zgYrY8ytBk83u4TCczoTGcouoe8m0
7AFDXgZu4j5VR1mQkwGXlupV8Wti2U2OKa+CZ+J7W6bH/D8NKG8v9/kiLC73m4Mj
vLqZ77Wbn5ee8ntzDLjYFrQt0fkhGOWDF+0bjZSGysLWF39Pq70y0mngJNzqBcJP
k+y0O+m6oyrSBCRGCEeh5PG5q9CyKAO6BRfXtCll5/e7PB1wZbwgneUAnucUMltZ
0Hl5RO8qKhXR7iGMHFl6EYv8kruMZxGPYf3eCsFCRIs8CMH1+gsXGpG6XFOFdCSc
nTIbA3aX5rm0giNtu1wKGVsrbBPQKdosc26fjQIDAQABAoIBACD0YZ/kyOJuR0jD
s5rKgEX7rNj3XZjXHi1NdgYXOCJMuHTklArnh4PKR1zRqp5QR1FGAlHGa+It9Tum
npcLT0HWTnY1EhC0N62nUIZFqeePm+HS5u+6428AvAjWhkw+VDU+4jan6dIdP+Gl
tjMPlwRzi1+R/F+F8E1xkJzybmMlcugS2Acs6F7cqmgAHhW+UxQV0pTd+R2cG7Ll
9+5LzuHokiXtg3pKGzAFAiXafBbexm7NAL2CP7smIIN2X/vbI5s4KA5NVCIlqKy3
OJfN9SywgBqlfJKE2gxh5N70S/C9dJoHl2E34SriT+g0IYKZNERvBqaEnk3dqQz/
mHUoAOECgYEA5M/N4h0I/k3nA1sOiMddbu/ldb8nxQWnYfmEUaNwDf9hB0QkByqC
jP2yaCunXO6TvK2cyqxrZ5N+kBLtZ6Tuner+Sa7EuVhf+FmkUsUc0wzHriBSqEjq
He/vqBDI9Adwx4sxHgBt40/9KI3sQ7j3BrslhTLaKjGUqlconSis/jkCgYEA2xfJ
HM3LgvZpj12Xm2Lha+sHy2LMlDb/A77zZlUsdf0fXX2ywb6z/fsOJmcJw1FezSQm
rGwCzlLy8UhSjpVaZwwDrNXgHK+OvZ2YkMb41dKZoIKECGMgXeUb/CUH3bpbevTm
jmaPwCTZ//FZCpd7844ZJ5PRdckb8Y7+ZwyJ6/UCgYEAjLYap9YxRKrFyXOC8ayh
Eesn0ox2uZwrfn4C2G3JKGKH2f8WpO2IkYom4BcQen8hjaO6y4zTFERJTfLF2ro8
IBN2w/tdcZoeks0V1+zuOAAhAD1Sd7k3eKeoW1PPMPsuaRh5YTjkWylCx2DYDiG+
kH4gqdRHBDGvej3VdSihkkkCgYEA14agirtP1jc9RJFXUL6G7ri4ZDV+9tbbKv4v
Rp3HLRKiRkAfF0TYn6LXGqQGEKP9VGSZvshKQlmLMBxrSmRWGETTYLTM0KtLCfD8
Yn+5ze5svl9mLzIEZxm42+Q5xr9KurwsCi2OgABAi+0KIMdAYimJSUu6o9oAqTJ3
xTuqefkCgYEAkitLJaRs0n+oQJ8EKcG+H2kpfoGvqCqL+sTaNDmEuzarDxcT2sKn
AL6lC8yx32kjid4d0CoqQoptBX6+f7EF2X+hBj//0hXTQhN1oUVVqwrQETYYEoUs
nWiGHfuijPgMOE1+zI9qdj6SpCxjlEXO9X76VQSlMMX/xbcXzqvs+z4=
-----END RSA PRIVATE KEY-----
#提取公钥
[root@localhost ~]# openssl rsa -in rsakey.private -pubout
writing RSA key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9MHjNV4qJbSad4SxC+z
gYrY8ytBk83u4TCczoTGcouoe8m07AFDXgZu4j5VR1mQkwGXlupV8Wti2U2OKa+C
Z+J7W6bH/D8NKG8v9/kiLC73m4MjvLqZ77Wbn5ee8ntzDLjYFrQt0fkhGOWDF+0b
jZSGysLWF39Pq70y0mngJNzqBcJPk+y0O+m6oyrSBCRGCEeh5PG5q9CyKAO6BRfX
tCll5/e7PB1wZbwgneUAnucUMltZ0Hl5RO8qKhXR7iGMHFl6EYv8kruMZxGPYf3e
CsFCRIs8CMH1+gsXGpG6XFOFdCScnTIbA3aX5rm0giNtu1wKGVsrbBPQKdosc26f
jQIDAQAB
-----END PUBLIC KEY-----
#生成秘钥
[root@localhost ~]# openssl genrsa -out rsakey.key
Generating RSA private key, 2048 bit long modulus
...................................................................................................................+++
...............+++
e is 65537 (0x10001)
[root@localhost ~]# cat rsakey.private
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAybTSpCw6L6dCRpeCbVEjKLqMaB/dLkkF0Xt/Yj5jY/ll/r8W
qLcVLRBiX+5ccj0okQT9/HOaH8j7in00WLf7GnRPctgDfGTOJaQdpVFHt1FCpBC5
ywGAirf6oUNLnjcenN9vJb4fOiBiLBP5gVOeuxPESyL3lW5PHESguyaq+whUB/vh
JPd+ZIhd4ifOxxVk2UfNDjvYr/RalXwfvJi5CV54aN4qQfmwiSmdDUMrMnEqWhYF
......
-----END RSA PRIVATE KEY-----
#req: 生成证书签署请求
# -news: 新请求
# -key /path/to/keyfile: 指定私钥文件
# -out /path/to/somefile:输出文件到那里
# -x509: 生成自签署证书
# -days n: 有效天数
#生成证书
# req
[root@localhost ~]# openssl req -new -x509 -key rsakey.private -out rsa.crt -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:CN <--国家
State or Province Name (full name) []:JX <--省
Locality Name (eg, city) [Default City]:NC <-- 市
Organization Name (eg, company) [Default Company Ltd]:ItEdu <--职业
Organizational Unit Name (eg, section) []:tech <--岗位
Common Name (eg, your name or your server's hostname) []:cn.i7dom.cn <--主机名
Email Address []:cdadmin@ad.com <--邮箱
#查看证书信息
[root@localhost ~]# openssl x509 -text -in rsa.crt
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
fd:97:9f:1a:5d:9c:c3:fc
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=CN, ST=JX, L=NC, O=ItEdu, OU=tech, CN=cn.i7dom.cn/emailAddress=cdadmin@ad.com
Validity
Not Before: Nov 17 14:21:06 2019 GMT
Not After : Nov 16 14:21:06 2020 GMT
Subject: C=CN, ST=JX, L=NC, O=ItEdu, OU=tech, CN=cn.i7dom.cn/emailAddress=cdadmin@ad.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c9:b4:d2:a4:2c:3a:2f:a7:42:46:97:82:6d:51:
23:28:ba:8c:68:1f:dd:2e:49:05:d1:7b:7f:62:3e:
63:63:f9:65:fe:bf:16:a8:b7:15:2d:10:62:5f:ee:
5c:72:3d:28:91:04:fd:fc:73:9a:1f:c8:fb:8a:7d:
34:58:b7:fb:1a:74:4f:72:d8:03:7c:64:ce:25:a4:
1d:a5:51:47:b7:51:42:a4:10:b9:cb:01:80:8a:b7:
fa:a1:43:4b:9e:37:1e:9c:df:6f:25:be:1f:3a:20:
62:2c:13:f9:81:53:9e:bb:13:c4:4b:22:f7:95:6e:
4f:1c:44:a0:bb:26:aa:fb:08:54:07:fb:e1:24:f7:
7e:64:88:5d:e2:27:ce:c7:15:64:d9:47:cd:0e:3b:
d8:af:f4:5a:95:7c:1f:bc:98:b9:09:5e:78:68:de:
2a:41:f9:b0:89:29:9d:0d:43:2b:32:71:2a:5a:16:
05:62:74:71:77:d8:11:6e:ab:79:f3:4d:e9:28:7a:
3c:51:b9:16:c1:91:49:54:2f:81:be:2c:9f:73:7e:
48:ea:82:24:4e:7e:e2:fd:8f:5a:97:2f:e2:d9:05:
db:13:de:19:e5:cf:9f:ea:de:b5:64:3b:c1:7e:b2:
9e:3d:16:7b:66:2d:40:38:3e:21:30:09:3d:cd:fe:
68:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:7D:F9:1E:69:09:22:DC:F8:10:DD:12:40:45:51:43:25:58:BC:0B
X509v3 Authority Key Identifier:
keyid:09:7D:F9:1E:69:09:22:DC:F8:10:DD:12:40:45:51:43:25:58:BC:0B
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
12:2c:17:4a:01:52:ca:8c:ef:ab:5b:89:09:55:92:54:72:02:
75:4f:06:cd:6b:e7:51:85:ab:2f:cc:3a:de:ee:e4:2d:06:9a:
09:e6:b7:eb:7b:f0:53:5c:7c:e4:06:25:44:94:ae:fd:e9:ac:
fe:d1:d3:34:7d:39:82:04:b5:f8:7d:bc:1b:35:0a:8a:20:b9:
f5:d9:f9:2f:dc:56:f8:c1:05:e3:07:f5:5c:d1:c3:fc:c1:84:
04:a5:ba:13:d7:8c:1f:d1:05:8e:d3:7e:31:2f:5c:fb:9e:98:
33:5f:1b:48:f9:cc:a3:d6:c4:f4:fd:4e:3f:8f:c6:1a:a8:eb:
30:ad:5e:da:9d:9f:47:25:7b:2e:43:9e:ac:69:a2:fd:9f:8a:
fd:b5:aa:ba:03:ba:b7:fb:a7:0e:c8:cf:21:81:c9:8e:79:73:
02:0f:70:f6:1c:4e:61:70:e3:2a:0e:53:09:0c:a5:00:33:81:
35:02:d2:30:06:e3:9b:14:e3:86:87:16:89:c3:04:78:35:30:
28:98:cf:9f:f5:3e:b9:49:ae:80:8f:49:d0:a4:f5:35:e1:d4:
22:31:1a:9b:15:45:c1:57:7d:9e:6b:6d:d9:2e:da:1a:a8:7a:
7e:0d:61:4c:59:9c:c8:00:57:90:d7:66:ce:9c:e8:76:17:4c:
b1:fd:2a:4a
-----BEGIN CERTIFICATE-----
MIIDyTCCArGgAwIBAgIJAP2XnxpdnMP8MA0GCSqGSIb3DQEBCwUAMHsxCzAJBgNV
BAYTAkNOMQswCQYDVQQIDAJKWDELMAkGA1UEBwwCTkMxDjAMBgNVBAoMBUl0RWR1
MQ0wCwYDVQQLDAR0ZWNoMRQwEgYDVQQDDAtjbi5pN2RvbS5jbjEdMBsGCSqGSIb3
DQEJARYOY2RhZG1pbkBhZC5jb20wHhcNMTkxMTE3MTQyMTA2WhcNMjAxMTE2MTQy
MTA2WjB7MQswCQYDVQQGEwJDTjELMAkGA1UECAwCSlgxCzAJBgNVBAcMAk5DMQ4w
DAYDVQQKDAVJdEVkdTENMAsGA1UECwwEdGVjaDEUMBIGA1UEAwwLY24uaTdkb20u
Y24xHTAbBgkqhkiG9w0BCQEWDmNkYWRtaW5AYWQuY29tMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAybTSpCw6L6dCRpeCbVEjKLqMaB/dLkkF0Xt/Yj5j
Y/ll/r8WqLcVLRBiX+5ccj0okQT9/HOaH8j7in00WLf7GnRPctgDfGTOJaQdpVFH
t1FCpBC5ywGAirf6oUNLnjcenN9vJb4fOiBiLBP5gVOeuxPESyL3lW5PHESguyaq
+whUB/vhJPd+ZIhd4ifOxxVk2UfNDjvYr/RalXwfvJi5CV54aN4qQfmwiSmdDUMr
MnEqWhYFYnRxd9gRbqt5803pKHo8UbkWwZFJVC+Bviyfc35I6oIkTn7i/Y9aly/i
2QXbE94Z5c+f6t61ZDvBfrKePRZ7Zi1AOD4hMAk9zf5oWQIDAQABo1AwTjAdBgNV
HQ4EFgQUCX35HmkJItz4EN0SQEVRQyVYvAswHwYDVR0jBBgwFoAUCX35HmkJItz4
EN0SQEVRQyVYvAswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAEiwX
SgFSyozvq1uJCVWSVHICdU8GzWvnUYWrL8w63u7kLQaaCea363vwU1x85AYlRJSu
/ems/tHTNH05ggS1+H28GzUKiiC59dn5L9xW+MEF4wf1XNHD/MGEBKW6E9eMH9EF
jtN+MS9c+56YM18bSPnMo9bE9P1OP4/GGqjrMK1e2p2fRyV7LkOerGmi/Z+K/bWq
ugO6t/unDsjPIYHJjnlzAg9w9hxOYXDjKg5TCQylADOBNQLSMAbjmxTjhocWicME
eDUwKJjPn/U+uUmugI9J0KT1NeHUIjEamxVFwVd9nmtt2S7aGqh6fg1hTFmcyABX
kNdmzpzodhdMsf0qSg==
-----END CERTIFICATE-----
#吊销证书
[root@localhost ~]# openssl x509 -in rsa.crt -noout -serial -subject
serial=FD979F1A5D9CC3FC
subject= /C=CN/ST=JX/L=NC/O=ItEdu/OU=tech/CN=cn.i7dom.cn/emailAddress=cdadmin@ad.com
版权属于:龙之介大人
本文链接:https://cloud.tencent.com/developer/article/1619551
本站所有原创文章采用知识共享署名-非商业性使用-相同方式共享 4.0 国际许可协议进行许可。 您可以自由的转载和修改,但请务必注明文章来源和作者署名并说明文章非原创且不可用于商业目的。