此處會要求輸入壹些信息: Country Name: CN //兩個字母的國家代號 State or Province Name: guang dong //省份名稱 Locality Name: guang zhou //城市名稱 Organization Name: sunrising //公司名稱
Organizational Unit Name: home //部門名稱 Common Name: besunny //妳的姓名(要是生成服務器端的證書壹定要輸入域名或者ip地址) 切記壹定要和IIS服務器上填寫的信息保持壹致。 3.在妳的openssl主目錄下的bin目錄下創建如下目錄: demoCA
demoCA/newcerts 在demoCA目錄下創建壹個空的index.txt文件. 在demoCA目錄創建壹個serial文件,文件內容為01 . 4.把第二步的生成的cakey.pem拷貝到 demoCA/private目錄下; 把cacert.pem 拷貝到demoCA目錄下. 5.用CA證書cacert.pem為IIS請求certreq.txt簽發證書。(將iis服務器生成的certreq.txt存放在openssl/bin下面) openssl ca -in certreq.txt -out iis.cer 6.打開iis.cer,刪掉在"-- Begin Certificate --"的文本。 三.IIS服務器操作: 在該網站屬性中目錄安全的服務器證書 ,導入該證書。 四、測試是否SSL正常。 二、配置OpenSSL1、建立自己的CA證書在openssl的apps目錄下建立自己的CA證書,例如mageCAC:/openssl098b/apps>mkdir mageCA2、生成CA密鑰C:/openssl098b/apps>openssl genrsa -out mageCA/ca-key.pem 1024Genrsa[產生密鑰命令] –out[密鑰文件輸出路徑] 1024[密鑰位數]Loading 'screen' into random state - doneGenerating RSA private key, 1024 bit long modulus..............................++++++......++++++3、生成待簽名的證書C:/openssl098b/apps>openssl req -new -out mageCA/ca-req.csr -key mageCA/ca-key.pemreq[產生證書命令]-new[新生成]-out[證書文件輸出路徑]-key[私鑰文件路徑]報錯:Using configuration from /usr/local/ssl/openssl.cnfUnable to load config infounable to find 'distinguished_name' in configproblems making Certificate Request2188:error:0E06D06A:configurationfileroutines:NCONF_get_string:no conf or environment variable:./crypto/conf/conf_lib.c:344:2188:error:0E06D06A:configurationfileroutines:NCONF_get_string:no conf or environment variable:./crypto/conf/conf_lib.c:344:2188:error:0E06D06A:configurationfileroutines:NCONF_get_string:no conf or environment variable:./crypto/conf/conf_lib.c:344:2188:error:0E06D06A:configurationfileroutines:NCONF_get_string:no conf or environment variable:./crypto/conf/conf_lib.c:344:2188:error:0E06D06A:configurationfileroutines:NCONF_get_string:no conf or environment variable:./crypto/conf/conf_lib.c:344:2188:error:0E06D06A:configurationfileroutines:NCONF_get_string:no conf or environment variable:./crypto/conf/conf_lib.c:344:2188:error:0E06D06A:configurationfileroutines:NCONF_get_string:no conf or environment variable:./crypto/conf/conf_lib.c:344:2188:error:0E06D06A:configurationfileroutines:NCONF_get_string:no conf or environment variable:./crypto/conf/conf_lib.c:344:出現這樣的問題後,打開了apps下的req查看DIAGNOSTICS: =head1 DIAGNOSTICSThe following messages are frequently asked about:? Using configuration from /some/path/openssl.cnf? Unable to load config infoThis is followed some time later by...? unable to find 'distinguished_name' in config? problems making Certificate RequestThe first error message is the clue: it can't find the configurationfile! Certain operations (like examining a certificate request) don'tneed a configurationfile so its use isn't enforced. Generation ofcertificates or requests however does need a configurationfile. Thiscould be regarded as a bug.依然不能解決問題,在網上搜索,被告知是環境變量沒有設置,於是設置系統用戶變量OPENSSL_CONF為C:/openssl098b/apps/openssl_cnf。重開壹個命令行窗口,要求輸入壹系列的信息,如國家、省、市、公司、部門、姓名、電子郵件等,命令執行完成。在設置了環境變量以後,壹定要另開壹個命令行窗口!壹開始我就是沒有另開窗口,所以後來又耽誤了好多時間,不過,真是因為這個錯誤,我才搞清楚了openssl_cnf!至於openssl_cnf,笨笨的我還在apps下找了好半天,都沒有找到這個文件,後來被高手告知就是那個名為openssl的計算機圖標壹樣的文件,是可以用寫字板打開的!狂暈!還有人說是在ssl目錄下,但是我的不是!