SSL双向认证之客户端(国外英语资料).docVIP

SSL双向认证之客户端(国外英语资料) The Openssl bidirectional authentication client code Openssl is a rich and self-contained open source security toolkit. It provides the main features are: the SSL protocol implementation (including SSLv2, SSLv3 and TLSv1), a large number of soft algorithm (symmetric/asymmetric/paper), operation of large number, asymmetric key generation algorithm, the ASN. 1 codec library, the certificate request (PKCS10) codec, a digital certificate codec, CRL decoding, OCSP protocol, digital certificate authentication, PKCS7 standard and personal digital certificate as PKCS12 format, and other functions. This article focuses on the communication between openssl for client-server authentication and how the client should be set up. Including how to use the openssl command to generate the client - server certificates and keys, and using openssl bring server side to implement a simple two-way authentication, SSL client side code also made the corresponding labeling and instructions, provide compilation Makefile. Hope to start to learn how to secure connection using openssl is good friend. Start by showing you how to generate a customer and a service side certificate (PEM) and a key. After downloading and installing the openssl development package in the Linux environment, an SSL test environment is set up through the openssl command. 1) establish your own CA In the misc directory of the openssl installation directory, run the script:. / CA. Sh-newca, when the prompt is present, enter directly. After running, you will generate a directory of the unwritten ca, which contains the ca certificate and its private key. 2) generate client and server certificate applications: Openssl req-newkey rsa: 1024-out req1 Openssl req-newkey rsa: 1024-out req2 Issue the client and server certificates Openssl ca - in req1. Pem - out sslclientcert.pem Openssl ca - in req2 4) run the SSL server: Openssl s_server-cert sslserver-key sslserverkey. Pem - CAfile demoCA/cacert. Pem - ssl3 Of