{"id":521,"date":"2021-06-26T16:33:59","date_gmt":"2021-06-26T08:33:59","guid":{"rendered":"https:\/\/choson.lifenet.com.tw\/?p=521"},"modified":"2023-03-29T16:39:58","modified_gmt":"2023-03-29T08:39:58","slug":"%e6%95%b8%e5%ad%97%e8%ad%89%e6%9b%b8%ef%bc%88digital-certificate%ef%bc%89","status":"publish","type":"post","link":"https:\/\/choson.lifenet.com.tw\/?p=521","title":{"rendered":"\u6578\u5b57\u8b49\u66f8\uff08Digital Certificate\uff09"},"content":{"rendered":"\n<p><strong>\u8b49\u66f8\u7533\u8acb\u548c\u56de\u61c9<\/strong><strong><\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"450\" height=\"310\" src=\"https:\/\/choson.lifenet.com.tw\/wp-content\/uploads\/2021\/06\/ic158298.gif\" alt=\"\" class=\"wp-image-523\"\/><\/figure>\n\n\n\n<p><strong>\u8b49\u66f8\u7c64\u540d\u8acb\u6c42<\/strong><strong><\/strong><\/p>\n\n\n\n<p><em>\u5728\u516c\u9470\u57fa\u790e\u7d50\u69cb\uff08<\/em><em>PKI<\/em><em>\uff09\u7cfb\u7d71\u4e2d\uff0c\u8b49\u66f8\u7c64\u540d\u8acb\u6c42\uff08\u4e5f\u7a31\u70ba<\/em><em>CSR<\/em><em>\u6216\u8b49\u66f8\u8acb\u6c42\uff09\u662f\u5f9e\u7533\u8acb\u4eba\u767c\u9001\u5230\u8b49\u66f8\u9812\u767c\u6a5f\u69cb\u4ee5\u7533\u8acb\u6578\u5b57\u8eab\u4efd\u8b49\u66f8\u7684\u6d88\u606f\u3002\u5b83\u901a\u5e38\u5305\u542b\u61c9\u70ba\u5176\u9812\u767c\u8b49\u66f8\u7684\u516c\u9470\uff0c\u6a19\u8b58\u4fe1\u606f\uff08\u4f8b\u5982\u57df\u540d\uff09\u548c\u5b8c\u6574\u6027\u4fdd\u8b77\uff08\u4f8b\u5982\u6578\u5b57\u7c3d\u540d\uff09\u3002<\/em><em>CSR<\/em><em>\u6700\u5e38\u898b\u7684\u683c\u5f0f\u662f<\/em><em>PKCS<\/em><em>\uff03<\/em><em>10<\/em><em>\u898f\u7bc4\uff1b\u53e6\u4e00\u7a2e\u662f\u7531\u67d0\u4e9b<\/em><em>Web<\/em><em>\u700f\u89bd\u5668\u751f\u6210\u7684<\/em><em>\u201c<\/em><em>\u7c3d\u540d\u7684\u516c\u9470\u548c\u6311\u6230<\/em><em>\u201d SPKAC<\/em><em>\u683c\u5f0f\u3002<\/em><em><\/em><\/p>\n\n\n\n<p><em>\u8cc7\u6599\u4f86\u6e90\uff1a<\/em><em><a href=\"https:\/\/en.wikipedia.org\/wiki\/Certificate_signing_request\" target=\"_blank\" rel=\"noreferrer noopener\">\u7dad\u57fa\u767e\u79d1<\/a><\/em><\/p>\n\n\n\n<p><strong>\u4f7f\u7528<\/strong><strong>OpenSSL<\/strong><strong>\u751f\u6210<\/strong><strong>CSR<\/strong><strong><\/strong><\/p>\n\n\n\n<p><em>$ sudo apt install openssl [<\/em><em>\u5728<\/em><em>Debian \/ Ubuntu<\/em><em>\u4e0a<\/em><em>]<\/em><em><br>$ openssl req -new -newkey rsa<\/em><em>\uff1a<\/em><em>2048 -nodes -keyout server.key -out server.csr<\/em><em><\/em><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"768\" height=\"616\" src=\"https:\/\/choson.lifenet.com.tw\/wp-content\/uploads\/2021\/06\/Certificate-Request-File-Content.jpeg\" alt=\"\" class=\"wp-image-525\" srcset=\"https:\/\/choson.lifenet.com.tw\/wp-content\/uploads\/2021\/06\/Certificate-Request-File-Content.jpeg 768w, https:\/\/choson.lifenet.com.tw\/wp-content\/uploads\/2021\/06\/Certificate-Request-File-Content-300x241.jpeg 300w\" sizes=\"auto, (max-width: 768px) 100vw, 768px\" \/><\/figure>\n\n\n\n<p><a href=\"https:\/\/i1.wp.com\/wentzwu.com\/wp-content\/uploads\/2020\/07\/Certificate-Request-File-Content.jpg?ssl=1\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n\n\n\n<p><strong>\u4e0a\u50b3\u8b49\u66f8\u7c64\u540d\u8acb\u6c42<\/strong><strong><\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"768\" height=\"313\" src=\"https:\/\/choson.lifenet.com.tw\/wp-content\/uploads\/2021\/06\/ca7.png\" alt=\"\" class=\"wp-image-526\" srcset=\"https:\/\/choson.lifenet.com.tw\/wp-content\/uploads\/2021\/06\/ca7.png 768w, https:\/\/choson.lifenet.com.tw\/wp-content\/uploads\/2021\/06\/ca7-300x122.png 300w\" sizes=\"auto, (max-width: 768px) 100vw, 768px\" \/><\/figure>\n\n\n\n<p><a href=\"https:\/\/blogs.oracle.com\/blogbypuneeth\/steps-to-create-a-csr-certificate-signing-request-using-keytool-and-get-it-signed-from-an-external-ca-certificate-authority-thawte\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n\n\n\n<p><strong>X.509<\/strong><strong>\u8b49\u66f8<\/strong><strong><\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"768\" height=\"432\" src=\"https:\/\/choson.lifenet.com.tw\/wp-content\/uploads\/2021\/06\/X.509-Certificate-Formats-3.jpg\" alt=\"\" class=\"wp-image-527\" srcset=\"https:\/\/choson.lifenet.com.tw\/wp-content\/uploads\/2021\/06\/X.509-Certificate-Formats-3.jpg 768w, https:\/\/choson.lifenet.com.tw\/wp-content\/uploads\/2021\/06\/X.509-Certificate-Formats-3-300x169.jpg 300w\" sizes=\"auto, (max-width: 768px) 100vw, 768px\" \/><\/figure>\n\n\n\n<p><a href=\"https:\/\/i2.wp.com\/wentzwu.com\/wp-content\/uploads\/2020\/07\/X.509-Certificate-Formats.jpg?ssl=1\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n\n\n\n<p><strong>\u5b89\u88dd\u8b49\u66f8<\/strong><strong><\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"600\" height=\"451\" src=\"https:\/\/choson.lifenet.com.tw\/wp-content\/uploads\/2021\/06\/iis3-1.png\" alt=\"\" class=\"wp-image-528\" srcset=\"https:\/\/choson.lifenet.com.tw\/wp-content\/uploads\/2021\/06\/iis3-1.png 600w, https:\/\/choson.lifenet.com.tw\/wp-content\/uploads\/2021\/06\/iis3-1-300x226.png 300w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/figure>\n\n\n\n<p><a href=\"https:\/\/www.ssls.com\/knowledgebase\/how-to-install-an-ssl-certificate-on-iis-10\/\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n\n\n\n<p><strong>TLS \/ SSL<\/strong><strong><\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"584\" height=\"342\" src=\"https:\/\/choson.lifenet.com.tw\/wp-content\/uploads\/2021\/06\/b_g_secu_0031_T-1.gif\" alt=\"\" class=\"wp-image-529\"\/><\/figure>\n\n\n\n<p><a href=\"http:\/\/inside.trilliumcharterschool.org\/uploads\/iRADV_6075_EMan\/contents\/1T0000165166.html\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"617\" height=\"611\" src=\"https:\/\/choson.lifenet.com.tw\/wp-content\/uploads\/2021\/06\/The-TLS-layers-and-sub-protocols-1.png\" alt=\"\" class=\"wp-image-530\" srcset=\"https:\/\/choson.lifenet.com.tw\/wp-content\/uploads\/2021\/06\/The-TLS-layers-and-sub-protocols-1.png 617w, https:\/\/choson.lifenet.com.tw\/wp-content\/uploads\/2021\/06\/The-TLS-layers-and-sub-protocols-1-300x297.png 300w, https:\/\/choson.lifenet.com.tw\/wp-content\/uploads\/2021\/06\/The-TLS-layers-and-sub-protocols-1-150x150.png 150w\" sizes=\"auto, (max-width: 617px) 100vw, 617px\" \/><\/figure>\n\n\n\n<p><a href=\"https:\/\/www.researchgate.net\/figure\/The-TLS-layers-and-sub-protocols_fig4_321347130\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n\n\n\n<p><strong>\u53c3\u8003<\/strong><strong><\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/tools.ietf.org\/html\/rfc2986\" target=\"_blank\" rel=\"noreferrer noopener\">PKCS\uff0310\uff1a\u8a8d\u8b49\u8acb\u6c42\u8a9e\u6cd5\u898f\u7bc4\u7248\u672c1.7<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/tools.ietf.org\/html\/rfc2511\" target=\"_blank\" rel=\"noreferrer noopener\">Internet X.509\u8b49\u66f8\u8acb\u6c42\u6d88\u606f\u683c\u5f0f<\/a><\/li>\n\n\n\n<li><a href=\"http:\/\/www.oasis-pki.org\/resources\/techstandards\/\" target=\"_blank\" rel=\"noreferrer noopener\">PKI\u6280\u8853\u6a19\u6e96<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.tutorialsteacher.com\/https\/ssl-certificate-format\" target=\"_blank\" rel=\"noreferrer noopener\">SSL\u8b49\u66f8\u683c\u5f0f<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/security.stackexchange.com\/questions\/73156\/whats-the-difference-between-x-509-and-pkcs7-certificate\" target=\"_blank\" rel=\"noreferrer noopener\">X.509\u548cPKCS\uff037\u8b49\u66f8\u6709\u4ec0\u9ebc\u5340\u5225\uff1f<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/comodosslstore.com\/resources\/a-ssl-certificate-file-extension-explanation-pem-pkcs7-der-and-pkcs12\/\" target=\"_blank\" rel=\"noreferrer noopener\">SSL\u8b49\u66f8\u6587\u4ef6\u64f4\u5c55\u540d\u8aaa\u660e\uff1aPEM\uff0cPKCS7\uff0cDER\u548cPKCS\uff0312<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/knowledge.digicert.com\/generalinformation\/INFO4448\" target=\"_blank\" rel=\"noreferrer noopener\">.P7B\uff08PKCS\uff037\uff09.PFX \/ .P12\uff08PKCS\uff0312\uff09.PEM\uff0c.DER\uff0c.CRT\uff0c.CER\u8b49\u66f8\u6709\u4ec0\u9ebc\u5340\u5225\uff1f<\/a><\/li>\n\n\n\n<li><a href=\"http:\/\/inside.trilliumcharterschool.org\/uploads\/iRADV_6075_EMan\/contents\/1T0000165166.html\" target=\"_blank\" rel=\"noreferrer noopener\">\u7db2\u7d61\u5b89\u5168<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/en.wikipedia.org\/wiki\/Chain_of_trust\" target=\"_blank\" rel=\"noreferrer noopener\">\u4fe1\u4efb\u93c8<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.researchgate.net\/figure\/The-TLS-layers-and-sub-protocols_fig4_321347130\" target=\"_blank\" rel=\"noreferrer noopener\">HTTPS\u6d41\u91cf\u7684\u670d\u52d9\u7d1a\u5225\u76e3\u8996<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.globalsign.com\/en\/blog\/what-is-a-certificate-signing-request-csr\" target=\"_blank\" rel=\"noreferrer noopener\">SSL\u57fa\u790e\u77e5\u8b58\uff1a\u4ec0\u9ebc\u662f\u8b49\u66f8\u7c64\u540d\u8acb\u6c42\uff08CSR\uff09\uff1f<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/ssltools.digicert.com\/checker\/views\/csrGenerate.jsp\" target=\"_blank\" rel=\"noreferrer noopener\">\u7522\u751f\u4f01\u696d\u793e\u6703\u8cac\u4efb<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/certlogik.com\/decoder\/\" target=\"_blank\" rel=\"noreferrer noopener\">CSR\u89e3\u78bc\u5668\u548c\u8b49\u66f8\u89e3\u78bc\u5668<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/knowledge.digicert.com\/solution\/SO11972\" target=\"_blank\" rel=\"noreferrer noopener\">\u5982\u4f55\u4f7f\u7528OpenSSL\u89e3\u78bc\u8b49\u66f8\u7c64\u540d\u8acb\u6c42\uff08CSR\uff09\u6587\u4ef6<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.thesslstore.com\/knowledgebase\/ssl-generate\/csr-generation-guide-for-nginx-openssl\/\" target=\"_blank\" rel=\"noreferrer noopener\">\u5982\u4f55\u70baNginx\u751f\u6210CSR\uff08OpenSSL\uff09<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.tecmint.com\/generate-csr-certificate-signing-request-in-linux\/\" target=\"_blank\" rel=\"noreferrer noopener\">\u5982\u4f55\u5728Linux\u4e2d\u751f\u6210CSR\uff08\u8b49\u66f8\u7c64\u540d\u8acb\u6c42\uff09<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/sachi73blog.wordpress.com\/2013\/11\/21\/x509-certificate-asymmetric-encryption-and-digital-signatures\/\" target=\"_blank\" rel=\"noreferrer noopener\">x509\u8b49\u66f8\u2013\u975e\u5c0d\u7a31\u52a0\u5bc6\u548c\u6578\u5b57\u7c3d\u540d<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/sites.google.com\/site\/x509certificateusage\/\" target=\"_blank\" rel=\"noreferrer noopener\">\u5982\u4f55\u4f7f\u7528X.509\u8b49\u66f8\u548cSSL\u9032\u884c\u5b89\u5168\u901a\u4fe1<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.ssl.com\/faqs\/what-is-an-x-509-certificate\/\" target=\"_blank\" rel=\"noreferrer noopener\">\u4ec0\u9ebc\u662fX.509\u8b49\u66f8\uff1f<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.ssls.com\/knowledgebase\/how-to-install-an-ssl-certificate-on-iis-10\/\" target=\"_blank\" rel=\"noreferrer noopener\">\u5982\u4f55\u5728IIS10\u4e0a\u5b89\u88ddSSL\u8b49\u66f8<\/a><\/li>\n<\/ul>\n\n\n\n<p>\u8cc7\u6599\u4f86\u6e90\uff1a <a href=\"https:\/\/wentzwu.com\/2020\/07\/18\/digital-certificate\/\" data-type=\"URL\" data-id=\"https:\/\/wentzwu.com\/2020\/07\/18\/digital-certificate\/\">Wentz Wu\u7db2\u7ad9<\/a><\/p>\n\n\n\n<p>PS:\u6b64\u6587\u7ae0\u7d93\u904e\u4f5c\u8005\u540c\u610f\u520a\u767b \u4e26\u4e14\u6388\u6b0a\u53ef\u4ee5\u7ffb\u8b6f\u6210\u4e2d\u6587<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u8b49\u66f8\u7533\u8acb\u548c\u56de\u61c9 \u8b49\u66f8\u7c64\u540d\u8acb\u6c42 \u5728\u516c\u9470\u57fa\u790e\u7d50\u69cb\uff08PKI\uff09\u7cfb\u7d71\u4e2d\uff0c\u8b49\u66f8\u7c64\u540d\u8acb\u6c42\uff08\u4e5f\u7a31\u70baCSR\u6216\u8b49\u66f8\u8acb\u6c42\uff09\u662f\u5f9e\u7533\u8acb\u4eba [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":true,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-521","post","type-post","status-publish","format-standard","hentry","category-cisspcertified-information-systems-security-professional"],"_links":{"self":[{"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/521","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=521"}],"version-history":[{"count":3,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/521\/revisions"}],"predecessor-version":[{"id":2860,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/521\/revisions\/2860"}],"wp:attachment":[{"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=521"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=521"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=521"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}