来自 Arch Linux 中文维基


附注: 请完成翻译。大部分内容尚未翻译。(在 Talk:OpenSSL# 中讨论)

OpenSSL是 SSL 和 TLS 协议的开源实现,旨在尽可能灵活。OpenSSL 支持各种平台,包括 BSD、Linux、OpenVMS、Solaris 和 Windows。

警告: 2015 年 5 月发布的对 OpenSSL 协议使用情况的合作研究显示 SSL 连接存在重大风险 “Logjam”。可在 查看结果,在 查看建议的服务端配置。

安装[编辑 | 编辑源代码]

Arch Linux 默认安装 openssl(作为 coreutils 的依赖)。

有许多 OpenSSL 库绑定可供开发者使用:

配置[编辑 | 编辑源代码]

在 Arch Linux 中 OPENSSLDIR/etc/ssl

OpenSSL 配置文件通常位于 /etc/ssl/openssl.cnf,乍一看可能很复杂。注意在赋值中可以展开变量,这与 Shell 脚本的工作方式很相似。配置文件格式的详细解释,请见 config(5ssl)

req 部分[编辑 | 编辑源代码]


附注: 主题相同。(在 [[en:Talk:OpenSSL#Plan]] 中讨论)


The req section is responsible for the DN prompts. A general misconception is the Common Name (CN) prompt, which suggests that it should have the user's proper name as a value. End-user certificates need to have the machine hostname as CN, whereas CA should not have a valid TLD, so that there is no chance that, between the possible combinations of certified end-users' CN and the CA certificate's, there is a match that could be misinterpreted by some software as meaning that the end-user certificate is self-signed. 某些 CA 证书甚至没有 CN,例如 Equifax

$ openssl x509 -subject -noout < /etc/ssl/certs/Equifax_Secure_CA.pem
subject= /C=US/O=Equifax/OU=Equifax Secure Certificate Authority

用法[编辑 | 编辑源代码]

请先阅读 Transport Layer Security#Obtaining a certificate

生成 Curve25519 私钥[编辑 | 编辑源代码]

$ openssl genpkey -algorithm x25519 -out 文件名

生成 ECDSA 私钥[编辑 | 编辑源代码]

$ openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:P-256 -out 文件名

生成 RSA 私钥[编辑 | 编辑源代码]

使用(根据 openssl(1ssl),代替 genrsa 的)genpkey(1ssl)

$ openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:私钥大小 -out 文件名

如果需要加密密钥,使用 -aes-256-cbc 选项。

生成证书签名请求[编辑 | 编辑源代码]

使用 req(1ssl)

$ openssl req -new -sha256 -key 私钥 -out 文件名

显示证书签名请求[编辑 | 编辑源代码]


$ openssl req -noout -text -in 文件名

生成自签名证书[编辑 | 编辑源代码]


原因: This produces a certificate for the (root) Certificate Authority, which you are acting as. Most web browsers do not seem to accept CA certificates, deeming it necessary to request another certificate and sign it with the CA cert and CA key. The "Generate a certificate issued by own CA" procedure in this forum post is what seems to satisfy browsers. (在 Talk:OpenSSL 中讨论)
$ openssl req -key private_key -x509 -new -days days -out filename

Generate a self-signed certificate with private key in a single command[编辑 | 编辑源代码]

You can combine the above command in OpenSSL into a single command which might be convenient in some cases:

$ openssl req -x509 -newkey rsa:4096 -days days -keyout key_filename -out cert_filename

Generate Diffie–Hellman parameters[编辑 | 编辑源代码]

See Diffie–Hellman key exchange for more information.

Current best practice is to use one of the standard DH groups from RFC:7919, eg. ffdhe2048.

Alternatively you can generate a random group of your own:

$ openssl dhparam -out filename 2048
提示:To speed up generating, especially when not on high-end hardware, add the -dsaparam option [1].

显示证书信息[编辑 | 编辑源代码]

$ openssl x509 -text -in 证书文件名

显示证书指纹[编辑 | 编辑源代码]

$ openssl x509 -noout -in 证书文件名 -fingerprint -digest

-digest is optional and one of -md5, -sha1, -sha256, or -sha512. See "-digest" in x509(1ssl) § Input, Output, and General Purpose Options for when the digest is unspecified.

转换证书格式[编辑 | 编辑源代码]

Use openssl x509 to convert certificates from binary (DER) format to PEM format (the text format with BEGIN CERTIFICATE headers):

$ openssl x509 -inform DER < myCA.crt > myCA_pem.crt

Use third-party providers[编辑 | 编辑源代码]

OpenSSL 3 introduced providers as a new concept for OpenSSL plugability. It is possible to use algorithms not included in OpenSSL without having to recompile it. For example, to test the NIST Post-Quantum Cryptography algorithms, you can install the Open Quantum Safe provider oqsproviderAUR. As an example, you can generate a quantum-safe self-signed certificate with private key using one of the variants of the Dilithium signature algorithm:

$ openssl req -provider oqsprovider -x509 -newkey dilithium3 -days days -keyout key -out cert

Troubleshooting[编辑 | 编辑源代码]

"bad decrypt" while decrypting[编辑 | 编辑源代码]

OpenSSL 1.1.0 changed the default digest algorithm for the dgst and enc commands from MD5 to SHA256. [2]

Therefore if a file has been encrypted using OpenSSL 1.0.2 or older, trying to decrypt it with an up to date version may result in an error like:

error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:crypto/evp/evp_enc.c:540

Supplying the -md md5 option should solve the issue:

$ openssl enc -d -md md5 -in encrypted -out decrypted

Python 3.10 and "ca md too weak" errors[编辑 | 编辑源代码]

In Python 3.10 by default there is a hardcoded list of allowed OpenSSL ciphers. Some of the less secure, like MD5, have been disabled at the ssl module level, ignoring the system-wide configuration of OpenSSL. It results sometimes in strange errors on older certificates, sometimes even when establishing https connections, like:

requests.exceptions.SSLError: HTTPSConnectionPool(host='', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(398, '[SSL: CA_MD_TOO_WEAK] ca md too weak (_ssl.c:3862)')))

To make Python follow the system configuration, you may have to rebuild it, adding --with-ssl-default-suites=openssl parameter to ./configure. The issue has been also reported as FS#73549.

See also[编辑 | 编辑源代码]