This note is about the problems that I met while implementing secure applications.

Certificate Authority

Generate private key and certificate request

Generate a private key private.key and a certificate request cert_req.pem. It is very important to keep the private key secret to avoid impersonation.

$ openssl req -new -nodes -out cert_req.pem -keyout private.key

Check

Check that your certificate signing request is correct

$ openssl req -in cert_req.pem -verify -text -noout

Create a .p12 file

$ openssl pkcs12 -certfile studca_chain.pem -inkey stud_private.key -in stud_cert.pem -name <your_username> -out <filename>.p12 -export

竟然无法拒绝你的打赏