{"id":1256,"date":"2016-09-20T17:18:02","date_gmt":"2016-09-20T09:18:02","guid":{"rendered":"http:\/\/cn.hostease.com\/xueyuan\/?p=1256"},"modified":"2016-09-20T17:18:02","modified_gmt":"2016-09-20T09:18:02","slug":"%e5%b8%b8%e8%a7%81%e8%af%81%e4%b9%a6%e6%a0%bc%e5%bc%8f%e5%8f%8a%e7%9b%b8%e4%ba%92%e8%bd%ac%e6%8d%a2","status":"publish","type":"post","link":"https:\/\/cn.hostease.com\/xueyuan\/uncategorized\/%e5%b8%b8%e8%a7%81%e8%af%81%e4%b9%a6%e6%a0%bc%e5%bc%8f%e5%8f%8a%e7%9b%b8%e4%ba%92%e8%bd%ac%e6%8d%a2\/","title":{"rendered":"\u5e38\u89c1\u8bc1\u4e66\u683c\u5f0f\u53ca\u76f8\u4e92\u8f6c\u6362"},"content":{"rendered":"
\n
\n
PKCS \u5168\u79f0\u662f Public-Key Cryptography Standards \uff0c\u662f\u7531 RSA \u5b9e\u9a8c\u5ba4\u4e0e\u5176\u5b83\u5b89\u5168\u7cfb\u7edf\u5f00\u53d1\u5546\u4e3a\u4fc3\u8fdb\u516c\u94a5\u5bc6\u7801\u7684\u53d1\u5c55\u800c\u5236\u8ba2\u7684\u4e00\u7cfb\u5217\u6807\u51c6\uff0cPKCS \u76ee\u524d\u5171\u53d1\u5e03\u8fc7 15 \u4e2a\u6807\u51c6\u3002 \u5e38\u7528\u7684\u6709\uff1a
\nPKCS#7 Cryptographic Message Syntax Standard
\nPKCS#10 Certification Request Standard
\nPKCS#12 Personal Information Exchange Syntax Standard<\/div>\n
X.509\u662f\u5e38\u89c1\u901a\u7528\u7684\u8bc1\u4e66\u683c\u5f0f\u3002\u6240\u6709\u7684\u8bc1\u4e66\u90fd\u7b26\u5408\u4e3aPublic Key Infrastructure (PKI) \u5236\u5b9a\u7684 ITU-T X509 \u56fd\u9645\u6807\u51c6\u3002<\/div>\n
PKCS#7 \u5e38\u7528\u7684\u540e\u7f00\u662f\uff1a .P7B .P7C .SPC
\nPKCS#12 \u5e38\u7528\u7684\u540e\u7f00\u6709\uff1a .P12 .PFX
\nX.509 DER \u7f16\u7801(ASCII)\u7684\u540e\u7f00\u662f\uff1a .DER .CER .CRT
\nX.509 PAM \u7f16\u7801(Base64)\u7684\u540e\u7f00\u662f\uff1a .PEM .CER .CRT
\n.cer\/.crt\u662f\u7528\u4e8e\u5b58\u653e\u8bc1\u4e66\uff0c\u5b83\u662f2\u8fdb\u5236\u5f62\u5f0f\u5b58\u653e\u7684\uff0c\u4e0d\u542b\u79c1\u94a5\u3002
\n.pem\u8ddfcrt\/cer\u7684\u533a\u522b\u662f\u5b83\u4ee5Ascii\u6765\u8868\u793a\u3002
\npfx\/p12\u7528\u4e8e\u5b58\u653e\u4e2a\u4eba\u8bc1\u4e66\/\u79c1\u94a5\uff0c\u4ed6\u901a\u5e38\u5305\u542b\u4fdd\u62a4\u5bc6\u7801\uff0c2\u8fdb\u5236\u65b9\u5f0f
\np10\u662f\u8bc1\u4e66\u8bf7\u6c42
\np7r\u662fCA\u5bf9\u8bc1\u4e66\u8bf7\u6c42\u7684\u56de\u590d\uff0c\u53ea\u7528\u4e8e\u5bfc\u5165
\np7b\u4ee5\u6811\u72b6\u5c55\u793a\u8bc1\u4e66\u94fe(certificate chain)\uff0c\u540c\u65f6\u4e5f\u652f\u6301\u5355\u4e2a\u8bc1\u4e66\uff0c\u4e0d\u542b\u79c1\u94a5\u3002
\n\u2014\u2014\u2014\u2014\u2014-
\n\u5c0f\u7f8e\u6ce8\uff1a
\nder,cer\u6587\u4ef6\u4e00\u822c\u662f\u4e8c\u8fdb\u5236\u683c\u5f0f\u7684\uff0c\u53ea\u653e\u8bc1\u4e66\uff0c\u4e0d\u542b\u79c1\u94a5
\ncrt\u6587\u4ef6\u53ef\u80fd\u662f\u4e8c\u8fdb\u5236\u7684\uff0c\u4e5f\u53ef\u80fd\u662f\u6587\u672c\u683c\u5f0f\u7684\uff0c\u5e94\u8be5\u4ee5\u6587\u672c\u683c\u5f0f\u5c45\u591a\uff0c\u529f\u80fd\u540cder\/cer
\npem\u6587\u4ef6\u4e00\u822c\u662f\u6587\u672c\u683c\u5f0f\u7684\uff0c\u53ef\u4ee5\u653e\u8bc1\u4e66\u6216\u8005\u79c1\u94a5\uff0c\u6216\u8005\u4e24\u8005\u90fd\u6709
\npem\u5982\u679c\u53ea\u542b\u79c1\u94a5\u7684\u8bdd\uff0c\u4e00\u822c\u7528.key\u6269\u5c55\u540d\uff0c\u800c\u4e14\u53ef\u4ee5\u6709\u5bc6\u7801\u4fdd\u62a4
\npfx,p12\u6587\u4ef6\u662f\u4e8c\u8fdb\u5236\u683c\u5f0f\uff0c\u540c\u65f6\u542b\u79c1\u94a5\u548c\u8bc1\u4e66\uff0c\u901a\u5e38\u6709\u4fdd\u62a4\u5bc6\u7801
\n\u600e\u4e48\u5224\u65ad\u662f\u6587\u672c\u683c\u5f0f\u8fd8\u662f\u4e8c\u8fdb\u5236\uff1f\u7528\u8bb0\u4e8b\u672c\u6253\u5f00\uff0c\u5982\u679c\u662f\u89c4\u5219\u7684\u6570\u5b57\u5b57\u6bcd\uff0c\u5982
\n\u2014\u2013BEGIN CERTIFICATE\u2014\u2013
\nMIIE9jCCA96gAwIBAgIQVXD9d9wgivhJM\/\/a3VIcDjANBgkqhkiG9w0BAQUFADBy
\n\u2014\u2013END CERTIFICATE\u2014\u2013
\n\u5c31\u662f\u6587\u672c\u7684\uff0c\u4e0a\u9762\u7684BEGIN CERTIFICATE\uff0c\u8bf4\u660e\u8fd9\u662f\u4e00\u4e2a\u8bc1\u4e66
\n\u5982\u679c\u662f\u2014\u2013BEGIN RSA PRIVATE KEY\u2014\u2013\uff0c\u8bf4\u660e\u8fd9\u662f\u4e00\u4e2a\u79c1\u94a5
\n\u6587\u672c\u683c\u5f0f\u7684\u79c1\u94a5\uff0c\u4e5f\u53ef\u80fd\u6709\u5bc6\u7801\u4fdd\u62a4
\n\u6587\u672c\u683c\u5f0f\u600e\u4e48\u53d8\u6210\u4e8c\u8fdb\u5236\uff1f \u4ece\u7a0b\u5e8f\u89d2\u5ea6\u6765\u8bf4\uff0c\u53bb\u6389\u524d\u540e\u7684\u2014-\u884c\uff0c\u5269\u4e0b\u7684\u53bb\u6389\u56de\u8f66\uff0c\u7528base64\u89e3\u7801\uff0c\u5c31\u5f97\u5230\u4e8c\u8fdb\u5236\u4e86
\n\u4e0d\u8fc7\u4e00\u822c\u90fd\u7528\u547d\u4ee4\u884copenssl\u5b8c\u6210\u8fd9\u4e2a\u5de5\u4f5c
\n\u2014\u2014\u2014\u2014\u2014
\n\u4e00 \u7528openssl\u521b\u5efaCA\u8bc1\u4e66\u7684RSA\u5bc6\u94a5(PEM\u683c\u5f0f)\uff1a
\nopenssl genrsa -des3 -out ca.key 1024<\/div>\n
\u4e8c\u7528openssl\u521b\u5efaCA\u8bc1\u4e66(PEM\u683c\u5f0f,\u5047\u5982\u6709\u6548\u671f\u4e3a\u4e00\u5e74)\uff1a
\nopenssl req -new -x509 -days 365 -key ca.key -out ca.crt -config openssl.cnf
\nopenssl\u662f\u53ef\u4ee5\u751f\u6210DER\u683c\u5f0f\u7684CA\u8bc1\u4e66\u7684\uff0c\u6700\u597d\u7528IE\u5c06PEM\u683c\u5f0f\u7684CA\u8bc1\u4e66\u8f6c\u6362\u6210DER\u683c\u5f0f\u7684CA\u8bc1\u4e66\u3002<\/div>\n
\u4e09 x509\u5230pfx
\npkcs12 -export \u2013in keys\/client1.crt -inkey keys\/client1.key -out keys\/client1.pfx<\/div>\n
\u56db PEM\u683c\u5f0f\u7684ca.key\u8f6c\u6362\u4e3aMicrosoft\u53ef\u4ee5\u8bc6\u522b\u7684pvk\u683c\u5f0f\u3002
\npvk -in ca.key -out ca.pvk -nocrypt -topvk
\n\u4e94 PKCS#12 \u5230 PEM \u7684\u8f6c\u6362
\nopenssl pkcs12 -nocerts -nodes -in cert.p12 -out private.pem
\n\u9a8c\u8bc1 openssl pkcs12 -clcerts -nokeys -in cert.p12 -out cert.pem
\n\u516d \u4ece PFX \u683c\u5f0f\u6587\u4ef6\u4e2d\u63d0\u53d6\u79c1\u94a5\u683c\u5f0f\u6587\u4ef6 (.key)
\nopenssl pkcs12 -in mycert.pfx -nocerts -nodes -out mycert.key
\n\u4e03 \u8f6c\u6362 pem \u5230\u5230 spc
\nopenssl crl2pkcs7 -nocrl -certfile venus.pem -outform DER -out venus.spc
\n\u7528 -outform -inform \u6307\u5b9a DER \u8fd8\u662f PAM \u683c\u5f0f\u3002\u4f8b\u5982\uff1a
\nopenssl x509 -in Cert.pem -inform PEM -out cert.der -outform DER
\n\u516b PEM \u5230 PKCS#12 \u7684\u8f6c\u6362\uff0c
\nopenssl pkcs12 -export -in Cert.pem -out Cert.p12 -inkey key.pem<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

PKCS \u5168\u79f0\u662f Public-Key Cryptography Standards \uff0c\u662f\u7531 RSA \u5b9e\u9a8c\u5ba4\u4e0e … \u9605\u8bfb\u66f4\u591a<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[423],"class_list":["post-1256","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-423"],"aioseo_notices":[],"jetpack_featured_media_url":"","jetpack-related-posts":[],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/posts\/1256","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/comments?post=1256"}],"version-history":[{"count":1,"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/posts\/1256\/revisions"}],"predecessor-version":[{"id":1257,"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/posts\/1256\/revisions\/1257"}],"wp:attachment":[{"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/media?parent=1256"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/categories?post=1256"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/tags?post=1256"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}