The pki_in_shell from kings-way

pki_in_shell's Introduction

Simple shell script to create certs (RSA or ECC, including SM2)

Usage:
 ./build.sh rsa/ecc gen_ca              # generate CA keys and certs
 ./build.sh rsa/ecc gen_subca           # generate Sub CA keys and certs (implying: gen_ca)
 ./build.sh rsa/ecc server test.com     # generate Server certs with CommonName: test.com (signed with CA if no subCA)
 ./build.sh rsa/ecc client Client1      # generate client certs with CommonName: Client1 (signed with CA if no subCA)

 ./build.sh rsa/ecc test_server         # generate a test server cert and run openssl s_server on 127.0.0.1:8443
 ./build.sh rsa/ecc test_client         # generate a test client cert and run openssl s_client connecting 127.0.0.1:8443
 ./build.sh verify   	                # verify every cert in ./server/*.crt and ./client/*.crt
 ./build.sh clean                       # delete everything, including root-ca and sub-ca dirs
 ./build.sh help                        # show this help

pki_in_shell's People

Contributors

Stargazers

Watchers

pki_in_shell's Issues

请教您一个国密证书配置的问题

我编译apache httpd的时候设置了--with-ssl=/usr/local/gmssl
试用Gmssl生成的server.key和server.crt， httpd能够正常启动，但是使用密信浏览器访问这个服务器的时候，一直显示：

此网站无法提供安全连接
10.22.2.112 使用了不受支持的协议。
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
协议不受支持
客户端和服务器不支持一般 SSL 协议版本或加密套件。

我的ssl.conf配置:
Listen 443
<VirtualHost *:443>
ServerName localhost
DocumentRoot "/var/www/web_console"
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLCertificateFile /usr/local/httpd/conf/10.22.2.112.crt
SSLCertificateKeyFile /usr/local/httpd/conf/10.22.2.112.key
#sign 和 encrypt 配置中的.key 和 bundle.crt 为同一个
SSLProtocol all -SSLv2 -SSLv3
#SSLCipherSuite EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:SM2-WITH-SMS4-SM3:ECDH:AESGCM:HIGH:!RC4:!DH:!MD5:!aNULL:!eNULL
SSLCipherSuite ECDHE-SM2-WITH-SMS4-GCM-SM3:SM2-WITH-SMS4-SM3:ECDH:AESGCM:HIGH:!RC4:!DH:!MD5:!aNULL:!eNULL
#SSLCipherSuite ECDHE-SM4-SM3:SM2-WITH-SMS4-SM3:ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!3DES:!MD5:!ADH:!RC4:!DH:!DHE
SSLHonorCipherOrder on
<Directory "/var/www/web_console">
Options -Indexes -FollowSymLinks +ExecCGI
AllowOverride None
Order allow,deny
Allow from all
Require all granted

您有遇到过这个问题吗？
谢谢！

Recommend Projects

kings-way / pki_in_shell Goto Github PK

pki_in_shell's Introduction

Simple shell script to create certs (RSA or ECC, including SM2)

pki_in_shell's People

Contributors

Stargazers

Watchers

Forkers

pki_in_shell's Issues

请教您一个国密证书配置的问题

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent