OpenSSL是 SSL 和 TLS 協議的開源實現,旨在儘可能靈活。OpenSSL 支持各種平台,包括 BSD、Linux、OpenVMS、Solaris 和 Windows。
安裝
Arch Linux 默認安裝 openssl包(作為 coreutils包 的依賴)。
有許多 OpenSSL 庫綁定可供開發者使用:
- python-pyopenssl包
- perl-net-ssleay包
- lua-sec包、lua52-sec包 和 lua51-sec包
- haskell-hsopenssl包
- haskell-openssl-streams包
配置
在 Arch Linux 中 OPENSSLDIR
為 /etc/ssl
。
OpenSSL 配置文件通常位於 /etc/ssl/openssl.cnf
,乍一看可能很複雜。注意在賦值中可以展開變量,這與 Shell 腳本的工作方式很相似。配置文件格式的詳細解釋,請見 config(5ssl)。
req 部分
與生成密鑰、請求和自簽名證書有關的設置。
The req section is responsible for the DN prompts. A general misconception is the Common Name (CN) prompt, which suggests that it should have the user's proper name as a value. End-user certificates need to have the machine hostname as CN, whereas CA should not have a valid TLD, so that there is no chance that, between the possible combinations of certified end-users' CN and the CA certificate's, there is a match that could be misinterpreted by some software as meaning that the end-user certificate is self-signed. 某些 CA 證書甚至沒有 CN,例如 Equifax:
$ openssl x509 -subject -noout < /etc/ssl/certs/Equifax_Secure_CA.pem
subject= /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
用法
請先閱讀 Transport Layer Security#Obtaining a certificate。
生成 Curve25519 私鑰
$ openssl genpkey -algorithm x25519 -out 文件名
生成 ECDSA 私鑰
$ openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:P-256 -out 文件名
生成 RSA 私鑰
使用(根據 openssl(1ssl),代替 genrsa 的)genpkey(1ssl):
$ openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:私钥大小 -out 文件名
如果需要加密密鑰,使用 -aes-256-cbc
選項。
生成證書籤名請求
使用 req(1ssl):
$ openssl req -new -sha256 -key 私钥 -out 文件名
顯示證書籤名請求
證書籤名請求以編碼形式存儲。要以人類可讀的形式查看請求:
$ openssl req -noout -text -in 文件名
生成自簽名證書
$ openssl req -key private_key -x509 -new -days days -out filename
Generate a self-signed certificate with private key in a single command
You can combine the above command in OpenSSL into a single command which might be convenient in some cases:
$ openssl req -x509 -newkey rsa:4096 -days days -keyout key_filename -out cert_filename
Generate Diffie–Hellman parameters
See Diffie–Hellman key exchange for more information.
Current best practice is to use one of the standard DH groups from RFC:7919, eg. ffdhe2048.
Alternatively you can generate a random group of your own:
$ openssl dhparam -out filename 2048
-dsaparam
option [1].顯示證書信息
$ openssl x509 -text -in 证书文件名
顯示證書指紋
$ openssl x509 -noout -in 证书文件名 -fingerprint -digest
-digest
is optional and one of -md5
, -sha1
, -sha256
, or -sha512
. See "-digest" in x509(1ssl) § Input, Output, and General Purpose Options for when the digest is unspecified.
轉換證書格式
Use openssl x509
to convert certificates from binary (DER) format to PEM format (the text format with BEGIN CERTIFICATE
headers):
$ openssl x509 -inform DER < myCA.crt > myCA_pem.crt
Use third-party providers
OpenSSL 3 introduced providers as a new concept for OpenSSL plugability. It is possible to use algorithms not included in OpenSSL without having to recompile it. For example, to test the NIST Post-Quantum Cryptography algorithms, you can install the Open Quantum Safe provider oqsproviderAUR. As an example, you can generate a quantum-safe self-signed certificate with private key using one of the variants of the Dilithium signature algorithm:
$ openssl req -provider oqsprovider -x509 -newkey dilithium3 -days days -keyout key -out cert
Troubleshooting
"bad decrypt" while decrypting
OpenSSL 1.1.0 changed the default digest algorithm for the dgst and enc commands from MD5 to SHA256. [2]
Therefore if a file has been encrypted using OpenSSL 1.0.2 or older, trying to decrypt it with an up to date version may result in an error like:
error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:crypto/evp/evp_enc.c:540
Supplying the -md md5
option should solve the issue:
$ openssl enc -d -md md5 -in encrypted -out decrypted
Python 3.10 and "ca md too weak" errors
In Python 3.10 by default there is a hardcoded list of allowed OpenSSL ciphers. Some of the less secure, like MD5, have been disabled at the ssl
module level, ignoring the system-wide configuration of OpenSSL. It results sometimes in strange errors on older certificates, sometimes even when establishing https
connections, like:
requests.exceptions.SSLError: HTTPSConnectionPool(host='a.kind.of.example.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(398, '[SSL: CA_MD_TOO_WEAK] ca md too weak (_ssl.c:3862)')))
To make Python follow the system configuration, you may have to rebuild it, adding --with-ssl-default-suites=openssl
parameter to ./configure
. The issue has been also reported as FS#73549.
See also
- 維基百科的 OpenSSL 頁面,包含背景信息。
- OpenSSL 項目頁面。
- FreeBSD Handbook
- Step-by-step guide to create a signed SSL certificate
- OpenSSL Certificate Authority: A guide demonstrating how to act as your own certificate authority.
- Bulletproof SSL and TLS by Ivan Ristić, a more formal introduction to SSL/TLS