{"id":3737,"date":"2023-04-12T17:31:39","date_gmt":"2023-04-12T09:31:39","guid":{"rendered":"https:\/\/app.applebyme.cn\/cloud\/https\/3737.html"},"modified":"2023-04-12T17:31:39","modified_gmt":"2023-04-12T09:31:39","slug":"%e5%8f%8c%e5%90%91ssl%e5%ae%a2%e6%88%b7%e7%ab%af%e8%af%81%e4%b9%a6%e7%94%b3%e8%af%b7%e6%98%af%e4%bb%80%e4%b9%88%e6%84%8f%e6%80%9d%ef%bc%9f","status":"publish","type":"post","link":"https:\/\/app.applebyme.cn\/cloud\/https\/3737.html","title":{"rendered":"\u53cc\u5411ssl\u5ba2\u6237\u7aef\u8bc1\u4e66\u7533\u8bf7\u662f\u4ec0\u4e48\u610f\u601d\uff1f"},"content":{"rendered":"

\u53cc\u5411 SSL (Secure Sockets Layer) \u662f\u4e00\u79cd\u7f51\u7edc\u5b89\u5168\u534f\u8bae\uff0c\u5b83\u53ef\u4ee5\u786e\u4fdd\u5ba2\u6237\u7aef\u4e0e\u670d\u52a1\u5668\u4e4b\u95f4\u7684\u53cc\u5411\u8ba4\u8bc1\u548c\u901a\u4fe1\u52a0\u5bc6\u3002\u5728\u53cc\u5411 SSL \u4e2d\uff0c\u5ba2\u6237\u7aef\u548c\u670d\u52a1\u5668\u90fd\u5fc5\u987b\u62e5\u6709\u8bc1\u4e66\u624d\u80fd\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u672c\u6587\u5c06\u8be6\u7ec6\u4ecb\u7ecd\u53cc\u5411 SSL \u5ba2\u6237\u7aef\u8bc1\u4e66\u7533\u8bf7\u7684\u539f\u7406\u548c\u8fc7\u7a0b\u3002<\/p>\n

\u4e00\u3001\u53cc\u5411 SSL \u7684\u539f\u7406<\/p>\n

\u5728\u4f20\u7edf\u7684\u5355\u5411 SSL \u4e2d\uff0c\u53ea\u6709\u670d\u52a1\u5668\u9700\u8981\u62e5\u6709\u8bc1\u4e66\uff0c\u5ba2\u6237\u7aef\u53ea\u9700\u9a8c\u8bc1\u670d\u52a1\u5668\u7684\u8bc1\u4e66\u5373\u53ef\u3002\u800c\u5728\u53cc\u5411 SSL \u4e2d\uff0c\u5ba2\u6237\u7aef\u4e5f\u9700\u8981\u62e5\u6709\u8bc1\u4e66\uff0c\u670d\u52a1\u5668\u5728\u63a5\u6536\u5230\u5ba2\u6237\u7aef\u7684\u8bf7\u6c42\u540e\uff0c\u4f1a\u8981\u6c42\u5ba2\u6237\u7aef\u63d0\u4f9b\u8bc1\u4e66\u4ee5\u9a8c\u8bc1\u5176\u8eab\u4efd\u3002\u53cc\u5411 SSL \u7684\u539f\u7406\u5982\u4e0b\u56fe\u6240\u793a\uff1a<\/p>\n

![image](https:\/\/user-images.githubusercontent.com\/55025624\/132100616-1c2e2d8a-9d1b-4b3a-9fdd-98b4c6d4aeb4.png)<\/p>\n

1. \u5ba2\u6237\u7aef\u5411\u670d\u52a1\u5668\u53d1\u9001\u8bf7\u6c42<\/p>\n

2. \u670d\u52a1\u5668\u8981\u6c42\u5ba2\u6237\u7aef\u63d0\u4f9b\u8bc1\u4e66<\/p>\n

3. \u5ba2\u6237\u7aef\u5411\u670d\u52a1\u5668\u53d1\u9001\u8bc1\u4e66<\/p>\n

4. \u670d\u52a1\u5668\u9a8c\u8bc1\u5ba2\u6237\u7aef\u8bc1\u4e66<\/p>\n

5. \u5982\u679c\u9a8c\u8bc1\u901a\u8fc7\uff0c\u670d\u52a1\u5668\u5411\u5ba2\u6237\u7aef\u53d1\u9001\u8bc1\u4e66<\/p>\n

6. \u5ba2\u6237\u7aef\u9a8c\u8bc1\u670d\u52a1\u5668\u8bc1\u4e66<\/p>\n

7. \u5982\u679c\u9a8c\u8bc1\u901a\u8fc7\uff0c\u5ba2\u6237\u7aef\u4e0e\u670d\u52a1\u5668\u5efa\u7acb SSL \u8fde\u63a5<\/p>\n

\u4e8c\u3001\u53cc\u5411 SSL \u5ba2\u6237\u7aef\u8bc1\u4e66\u7684\u7533\u8bf7\u8fc7\u7a0b<\/p>\n

\u5728\u53cc\u5411 SSL \u4e2d\uff0c\u5ba2\u6237\u7aef\u8bc1\u4e66\u7684\u7533\u8bf7\u8fc7\u7a0b\u4e0e\u670d\u52a1\u5668\u8bc1\u4e66\u7684\u7533\u8bf7\u8fc7\u7a0b\u7c7b\u4f3c\uff0c\u4e5f\u9700\u8981\u4ee5\u4e0b\u6b65\u9aa4\uff1a<\/p>\n

1. \u751f\u6210\u79c1\u94a5<\/p>\n

\u5ba2\u6237\u7aef\u8bc1\u4e66\u9700\u8981\u4e00\u4e2a\u79c1\u94a5\u6765\u52a0\u5bc6\u548c\u89e3\u5bc6\u6570\u636e\u3002\u53ef\u4ee5\u4f7f\u7528 OpenSSL \u7b49\u5de5\u5177\u751f\u6210\u79c1\u94a5\u3002\u4ee5\u4e0b\u662f\u4f7f\u7528 OpenSSL \u751f\u6210\u79c1\u94a5\u7684\u547d\u4ee4\uff1a<\/p>\n

“`<\/p>\n

openssl genpkey -algorithm RSA -out client.ke<\/p>\n

<\/figure>\n<\/p>\n

y -aes256<\/p>\n

“`<\/p>\n

\u6b64\u547d\u4ee4\u5c06\u751f\u6210\u4e00\u4e2a RSA \u7b97\u6cd5\u7684\u79c1\u94a5\uff0c\u5e76\u5c06\u5176\u4fdd\u5b58\u5230\u540d\u4e3a client.key \u7684\u6587\u4ef6\u4e2d\u3002-aes256 \u53c2\u6570\u5c06\u4f7f\u7528 AES256 \u5bf9\u79c1\u94a5\u8fdb\u884c\u52a0\u5bc6\u3002<\/p>\n

2. \u751f\u6210\u8bc1\u4e66\u7b7e\u540d\u8bf7\u6c42 (CSR)<\/p>\n

CSR \u5305\u542b\u5ba2\u6237\u7aef\u8bc1\u4e66\u7684\u516c\u94a5\u548c\u4e00\u4e9b\u5176\u4ed6\u4fe1\u606f\uff0c\u7528\u4e8e\u5411\u8bc1\u4e66\u9881\u53d1\u673a\u6784 (CA) \u7533\u8bf7\u8bc1\u4e66\u3002\u4ee5\u4e0b\u662f\u4f7f\u7528 OpenSSL \u751f\u6210 CSR \u7684\u547d\u4ee4\uff1a<\/p>\n

“`<\/p>\n

openssl req -new -key client.key -out client.csr<\/p>\n

“`<\/p>\n

\u6b64\u547d\u4ee4\u5c06\u4f7f\u7528\u751f\u6210\u7684\u79c1\u94a5 client.key \u751f\u6210\u4e00\u4e2a CSR\uff0c\u5e76\u5c06\u5176\u4fdd\u5b58\u5230\u540d\u4e3a client.csr \u7684\u6587\u4ef6\u4e2d\u3002\u5728\u751f\u6210 CSR \u65f6\uff0c\u9700\u8981\u63d0\u4f9b\u4e00\u4e9b\u4fe1\u606f\uff0c\u5982\u56fd\u5bb6\u3001\u57ce\u5e02\u3001\u7ec4\u7ec7\u7b49\u3002<\/p>\n

3. \u5411\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u7533\u8bf7\u8bc1\u4e66<\/p>\n

\u5c06\u751f\u6210\u7684 CSR \u63d0\u4ea4\u7ed9\u8bc1\u4e66\u9881\u53d1\u673a\u6784\uff0c\u7533\u8bf7\u5ba2\u6237\u7aef\u8bc1\u4e66\u3002\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u5c06\u5bf9 CSR \u8fdb\u884c\u9a8c\u8bc1\uff0c\u5e76\u7b7e\u53d1\u4e00\u4e2a\u5ba2\u6237\u7aef\u8bc1\u4e66\u3002\u8bc1\u4e66\u901a\u5e38\u5305\u542b\u8bc1\u4e66\u6301\u6709\u4eba\u7684\u516c\u94a5\u3001\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u7684\u7b7e\u540d\u3001\u8bc1\u4e66\u7684\u6709\u6548\u671f\u7b49\u4fe1\u606f\u3002<\/p>\n

4. \u5b89\u88c5\u8bc1\u4e66<\/p>\n

\u5c06\u9881\u53d1\u7684\u5ba2\u6237\u7aef\u8bc1\u4e66\u548c\u79c1\u94a5\u5b89\u88c5\u5230\u5ba2\u6237\u7aef\u3002\u8bc1\u4e66\u901a\u5e38\u662f\u4ee5 .pem \u6216 .crt \u683c\u5f0f\u4fdd\u5b58\u7684\u3002\u4ee5\u4e0b\u662f\u4f7f\u7528 OpenSSL \u5b89\u88c5\u8bc1\u4e66\u548c\u79c1\u94a5\u7684\u547d\u4ee4\uff1a<\/p>\n

“`<\/p>\n

openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12<\/p>\n

“`<\/p>\n

\u6b64\u547d\u4ee4\u5c06\u4f7f\u7528\u8bc1\u4e66 client.crt \u548c\u79c1\u94a5 client.key \u751f\u6210\u4e00\u4e2a PKCS#12 \u6587\u4ef6 client.p12\u3002PKCS#12 \u6587https\u914d\u7f6e\u57df\u540d<\/a>\u4ef6\u901a\u5e38\u5305\u542b\u8bc1\u4e66\u548c\u79c1\u94a5\uff0c\u5e76\u4f7f\u7528\u5bc6\u7801\u8fdb\u884c\u52a0\u5bc6\u3002\u53ef\u4ee5\u4f7f\u7528 OpenSSL \u6216\u5176\u4ed6\u5de5\u5177\u5c06 PKCS#12 \u6587\u4ef6\u8f6c\u6362\u4e3a\u5176\u4ed6\u683c\u5f0f\uff0c\u5982 .pfx \u6216 .jks\u3002<\/p>\n

5. \u914d\u7f6e\u5ba2\u6237\u7aef<\/p>\n

\u5728\u5ba2\u6237\u7aef\u4e2d\u914d\u7f6e\u8bc1\u4e66\u548c\u79c1\u94a5\uff0c\u4ee5\u4fbf\u5728 SSL \u63e1\u624b\u671f\u95f4\u5411\u670d\u52a1\u5668\u63d0\u4f9b\u8bc1\u4e66\u3002\u5177\u4f53\u914d\u7f6e\u65b9\u5f0f\u53d6\u51b3\u4e8e\u5ba2\u6237\u7aef\u7684\u7c7b\u578b\u548c\u64cd\u4f5c\u7cfb\u7edf\u3002\u5728 Java \u4e2d\uff0c\u53ef\u4ee5\u4f7f\u7528 KeyStore \u7c7b\u52a0\u8f7d\u8bc1\u4e66\u548c\u79c1\u94a5\uff0c\u5e76\u5c06\u5176\u4f20\u9012\u7ed9 SSLContext\u3002\u5728 Python \u4e2d\uff0c\u53ef\u4ee5\u4f7f\u7528 ssl \u6a21\u5757\u52a0\u8f7d\u8bc1\u4e66\u548c\u79c1\u94a5\uff0c\u5e76\u5c06\u5176\u4f20\u9012\u7ed9 SSLContext\u3002<\/p>\n

\u4e09\u3001\u603b\u7ed3<\/p>\n

\u53cc\u5411 SSL \u5ba2\u6237\u7aef\u8bc1\u4e66\u7533\u8bf7\u9700\u8981\u751f\u6210\u79c1\u94a5\u3001\u751f\u6210\u8bc1\u4e66\u7b7e\u540d\u8bf7\u6c42\u3001\u5411\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u7533\u8bf7\u8bc1\u4e66\u3001\u5b89\u88c5\u8bc1\u4e66\u548c\u914d\u7f6e\u5ba2\u6237\u7aef\u7b49\u6b65\u9aa4\u3002\u5ba2\u6237\u7aef\u8bc1\u4e66\u7684\u7533\u8bf7\u8fc7\u7a0b\u4e0e\u670d\u52a1\u5668\u8bc1\u4e66\u7684\u7533\u8bf7\u8fc7\u7a0b\u7c7b\u4f3c\uff0c\u4f46\u5ba2\u6237\u7aef\u8bc1\u4e66\u9700\u8981\u5728 SSL \u63e1\u624b\u671f\u95f4\u5411\u670d\u52a1\u5668\u63d0\u4f9b\u8bc1\u4e66\uff0c\u4ee5\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u5728\u5b9e\u9645\u5e94\u7528\u4e2d\uff0c\u53cc\u5411 SSL \u53ef\u4ee5\u7528\u4e8e\u4fdd\u62a4\u654f\u611f\u6570\u636e\u7684\u4f20\u8f93\uff0c\u5982\u91d1\u878d\u4ea4\u6613\u3001\u4e2a\u4eba\u4fe1\u606f\u7b49\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"

\u53cc\u5411 SSL (Secure Sockets Layer) \u662f\u4e00\u79cd\u7f51\u7edc\u5b89\u5168\u534f\u8bae\uff0c\u5b83\u53ef\u4ee5\u786e\u4fdd\u5ba2\u6237\u7aef\u4e0e\u670d\u52a1\u5668\u4e4b\u95f4\u7684\u53cc\u5411\u8ba4\u8bc1\u548c\u901a\u4fe1\u52a0\u5bc6\u3002\u5728\u53cc\u5411 SSL \u4e2d\uff0c\u5ba2\u6237\u7aef\u548c\u670d\u52a1\u5668\u90fd\u5fc5\u987b\u62e5\u6709\u8bc1\u4e66\u624d\u80fd\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u672c<\/p>\n","protected":false},"author":19,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2145],"tags":[4538,4539,1059,1024,754],"class_list":["post-3737","post","type-post","status-publish","format-standard","hentry","category-https","tag-cerhttps","tag-burp-suitehttps","tag-1059","tag-1024","tag-754"],"_links":{"self":[{"href":"https:\/\/app.applebyme.cn\/cloud\/wp-json\/wp\/v2\/posts\/3737","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/app.applebyme.cn\/cloud\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/app.applebyme.cn\/cloud\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/app.applebyme.cn\/cloud\/wp-json\/wp\/v2\/users\/19"}],"replies":[{"embeddable":true,"href":"https:\/\/app.applebyme.cn\/cloud\/wp-json\/wp\/v2\/comments?post=3737"}],"version-history":[{"count":0,"href":"https:\/\/app.applebyme.cn\/cloud\/wp-json\/wp\/v2\/posts\/3737\/revisions"}],"wp:attachment":[{"href":"https:\/\/app.applebyme.cn\/cloud\/wp-json\/wp\/v2\/media?parent=3737"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/app.applebyme.cn\/cloud\/wp-json\/wp\/v2\/categories?post=3737"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/app.applebyme.cn\/cloud\/wp-json\/wp\/v2\/tags?post=3737"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}