安装openssl
# tar –zxvf openssl
# cd openssl
# ./config --prefix=/usr/local/openssl
# make
# make install
 
加密解密
传统加密(对称加密)
openssl enc –ciphername(加密算法) –k password(口令) –in file(被加密的算法) -out (输出文件)file
解密
openssl enc –ciphername –k password  -d –in file -out file
 
加密算法有:base64,des,des3,rc2,rc5,aes256
 
例如:
/bin/openssl enc –des3 –k boobooke –in pt.txt –out ct.bin                 //加密
 
/bin/openssl enc –des3 –d  –k boobooke –in ct.bin –out pt1.txt        //解密
 
 
非对称加密
 
Generate the private/public key
Openssl genrsa –out file 1024      
例如:
Openssl genrsa –out priv.key 1024              //rsa算法生成私钥(priv.key)         
 
Openssl rsa –in file –pubout
例如:                 
Openssl rsa –in priv.key –pubout>pub.key          //用私钥priv.key生成公钥,并重定向到pub.key这个文件里面
 
Encrypt the file with public key
Openssl rsautl –in file –out file –inkey file –pubin –encrypt
例如:
Openssl rsautl –in test.txt –out test.bin –inkey pub.key –pubin –encrypt           //利用公钥文件(pub.key)对text.txt文件进行加密,生成加密后的文件text.bin
 
Decrypt the file the private key
Openssl rsautl –in file –out file –inkey file –decrypt
例如:
Openssl rsautl –in text.bin –out text1.txt –inkey priv.key –decrypt            //利用私钥priv.key对公钥加密的text.bin进行加密的文件进行解密,生成解密后的文件是text1.txt
 
 
Use openssl sign/verify functions(数字签名)
 
Generate the private/public key
生成密钥对
Openssl genrsa –out file 1024      
Openssl rsa –in file –pubout
 
Sign the file with the private key
Openssl rsautl –in file –out file –inkey file –sign
例如:
Openssl rsatul –in test.txt –out test.sig –inkey priv.key –sign             //利用私钥对test.txt 进行加密也就是签名
Openssl rsautl –in file –out file –inkey file –pubin –verify
例如:
Openssl rsautl –in test.sig –out test2.txt –inkey pub.key –pubin –verify //利用公钥对私钥加密后的文件(test.sig)进行解密或是认证
 
Hash functionshash函数)……MD5 SHA1
作用:主要是验证文件的完整性,没有被别人篡改!
Generate the md5 hash result
Openssl dgst –md5 file
Md5sum file
例如:
Openssl dgst –md5 openssl.tar.gz         //生成MD5
Md5sum openssl.tar.gz
 
Generate the sha1 hash result
Openssl dgst –sha1file
Sha1sum file
例如:
Openssl –dgst –sha1 openssl.tar.gz              //生成sha1
 
Install apache
Configure the environment
tar –zxvf httpd-2.0.63.tar.gz
cd httpd-2.0.63
./configure –prefix=/usr/local/apache –enable-ssl –with-ssl=/usr/local/openssl
make
make install
 
Configure ssl in apache
openssl req -new -x509 -days 30 -keyout server.key -out server.crt -subj '/CN=Test Only Certifiecate'
或者
Openssl req –new –x509 –days 365 –sha1 –nodes –newkey rsa:1024 keyout server.key –out server.crt –subj ‘/O=Seccure/OU=Seccure Labs/CN=www.secdemo.com’
 
Cpy the .key and .crt file to the proper directory         //一般都是存放在apacheconf 目录下面,具体存放路径是在apache的配置文件中定义的
 
Vi httpd.conf
<IfModule mod_ssl.c>
    Include conf/ssl.conf                   //ssl 的配置文件被包含在conf/ssl.conf
</IfModule>
 
Vi conf/ssl.conf
 
SSLCertificateKeyFile /usr/local/apache/conf/ssl.crt/server.key          //server.key存放路径
SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt                //server.crt 存放路径
 
Apache2.2直接启动apache服务就可以启动SSL
Apache2.0启动sslapachectl startssl                                           //端口号为443端口
 
 
Vi conf/ssl.conf
<Directory />
 SSLRequireSSL                                                     //此目录只允许使用https协议访问
</Directory>
 
<Directory /usr/local/apache/htdocs/ssldemo>           
SSLRequireSSL    
</Directory>                                               //ssldemo这个目录必须使用https协议访
                               问,应为利用ssl安全访问存在着密钥的
                               加密解密以及传送,所以访问会很慢,所
                               以一般都是把一些需要中到https协议访
                               访问的程序放在一个目录中,而其他的站
                               点依然用http协议访问