Category: Project (项目)

Posted on

[步骤] SSL 证书公钥从 cer 格式到 pfx 格式的转换

正文:

步骤一:将 SSL 证书公钥从 cer 格式转换到 pem 格式

# openssl x509 -in <public certificate>.cer -inform der -outform pem -out <public certificate>.pem

步骤二:将 SSL 证书公钥和私钥从 pem 格式转换成 pfx

# openssl pkcs12 -export -in <public certificate>.pem -inkey <private certificate>.key -out <certificate>.pfx

参考文献:

https://access.redhat.com/solutions/7005234

Posted on

[内容] Linux SSL 证书 KEY 私钥密码的添加和取消 (OpenSSL 版)

内容一:给 SSL 证书 KEY 私钥添加密码

交互式给 SSL 证书 KEY 私钥添加密码

# openssl rsa -des -in eternalcenter.com.key -out one.eternalcenter.com.key

(补充:这里以给 SSL 证书 KEY 私钥 eternalcenter.com.key 添加密码为例)

内容二:取消 SSL 证书 KEY 私钥添加密码

2.1 交互式取消 SSL 证书 KEY 私钥添加密码

# openssl rsa -in one.eternalcenter.com.key -out two.eternalcenter.com.key

(补充:这里以给 SSL 证书 KEY 私钥 one.eternalcenter.com.key 添加密码并生成为 SSL 证书 KEY 私钥 two.eternalcenter.com.key 为例)

2.2 非交互式取消 SSL 证书 KEY 私钥添加密码

# openssl rsa -in one.eternalcenter.com.key -passin pass:eternalcenter -out two.eternalcenter.com.key

(补充:这里以给 SSL 证书 KEY 私钥 one.eternalcenter.com.key 添加密码并生成为 SSL 证书 KEY 私钥 two.eternalcenter.com.key,取消密钥的密码为 eternalcenter 为例)

Posted on

[命令] Linux 目标网站 SSL 证书的显示 (OpenSSL 版)

内容一:查看完整信息

# openssl s_client -connect eternalcenter.com:443
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = eternalcenter.com
verify return:1
---
Certificate chain
 0 s:CN = eternalcenter.com
   i:C = US, O = Let's Encrypt, CN = R3
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAxDxly99eBiarmHggFEmDJoMMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMTEyMTkxMzA4MzJaFw0yMjAzMTkxMzA4MzFaMBwxGjAYBgNVBAMT
EWV0ZXJuYWxjZW50ZXIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtCcCuOqBrWP4eo//VBEXh668EjwrE1eXz2CS4GIN4ddn0rS8LHGFOrB92R8E
OnaYeTKpZjzNM3NA/AG/Gq5mTRZGTpyTasHEb/phwXdhrtJWdbMtQjGFSg8rXSB8
cap5NGP/NxAy8FV0MbXftg5t9VgBoCMGUzioSHZTEjefq+/OZwlP7RzxZN3bwj1D
61gWSw6q1X3bsi8ttwbkkiJfvjXo2KIeGOAnY10X+FPJmVa7jonhOuljrX4CYgnd
SCxmsfgwGMUzRu27VB1rEbKqvSr6tb9KfwFiqsZd5tTi7RW6WMqA0VbDV7BbDqLP
OzcturwRtXfzHjJxssy9zhnrQQIDAQABo4ICTjCCAkowDgYDVR0PAQH/BAQDAgWg
MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0G
A1UdDgQWBBQMGBCfBuZxTAS8VcBI/13ugqc2RDAfBgNVHSMEGDAWgBQULrMXt1hW
y65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6
Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iu
b3JnLzAcBgNVHREEFTATghFldGVybmFsY2VudGVyLmNvbTBMBgNVHSAERTBDMAgG
BmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3Bz
LmxldHNlbmNyeXB0Lm9yZzCCAQYGCisGAQQB1nkCBAIEgfcEgfQA8gB3AN+lXqto
gk8fbK3uuF9OPlrqzaISpGpejjsSwCBEXCpzAAABfdMFzUsAAAQDAEgwRgIhAMFF
1orPZPnpCyhzwX2xZAZjJnOmDGmBjAl0tHnX4nEWAiEAqZTUwjrdwZAL+kDAgpzG
Me2RnGMseDBY8Oy2sefUgsAAdwBGpVXrdfqRIDC1oolp9PN9ESxBdL79SbiFq/L8
cP5tRwAAAX3TBc1zAAAEAwBIMEYCIQDLhR0nbVHEIL1uw9hRuv/ZbFjf91W/M4Jp
od7NTMQZbAIhAKEAAfmdu0nVHklyS2At1VValwQ6vNbqd0NQ85giG606MA0GCSqG
SIb3DQEBCwUAA4IBAQB/s+rZEaNrlUyBVnbxv5X9NTBd8buBOkR1qVswlS1R2i8B
pRjeJmgbiMzM2z5Mvx0yTIiCyXXUc3YaqoyxvddaQam9nlLGr0nKX9T5DkE7y0Fh
Qg0/ievRQF86XnDqQBxDR32jj5A1nKEiJrNCqugCWTAABndW3tvzK5DOsF2BfjJC
mcjwiKaSCjFVpf+KzLWS3UEW+DRTKOLBucXpenS7QEcQu4K6ShNSL7+K6UOZEbFu
uCRjOawCJFF7EH5vzRBy696Fu4EmzCV+c4rV8K8EcuCCQQeOTWJ/93Jv6U6kGrmE
P6wlcHFy1tZhTAmXf/qcpE3sGeH58OlNNiVmNJdH
-----END CERTIFICATE-----
subject=CN = eternalcenter.com

issuer=C = US, O = Let's Encrypt, CN = R3

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4695 bytes and written 412 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: D63BC88824810A4D43ACE901AD4FF2D82073BC6F0D8B2DE71F6310CA1C87707F
    Session-ID-ctx: 
    Master-Key: A6836430C394B96DDD5552867D49802F94AAC8BF5E882100F0D27185CF5CFD6A946B94D87652E44A6684FC9781D16D90
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - bb be 55 e0 4b 6d c3 08-cd bc 45 6e 79 67 fc eb   ..U.Km....Enyg..
    0010 - 30 d5 4c 8a 5a c8 f7 13-42 4b 1d 02 ce 94 c0 b8   0.L.Z...BK......
    0020 - d7 cf f6 f0 ee 9d 49 5b-0a c8 a4 1a 8b dd 8a e0   ......I[........
    0030 - 66 83 52 9b 31 4d da 9e-d5 05 1a 70 ca e9 86 5e   f.R.1M.....p...^
    0040 - f5 09 a1 1c 92 6b 64 90-b7 e1 0e ec 30 e2 26 68   .....kd.....0.&h
    0050 - 49 13 10 9e 3e a5 e0 13-a2 f1 7a 7c c5 ad 99 6c   I...>.....z|...l
    0060 - e9 f6 1d 46 5f cc f6 f9-c5 f6 05 49 53 78 7e ea   ...F_......ISx~.
    0070 - 8c 17 eb 8d 96 c3 3f 92-fe e0 f0 f6 86 59 05 c8   ......?......Y..
    0080 - d2 8c 27 6b 9d 65 38 20-84 d4 23 54 35 70 19 4d   ..'k.e8 ..#T5p.M
    0090 - db 35 6d f4 44 50 d7 6e-a5 87 2b 32 e5 f8 42 88   .5m.DP.n..+2..B.
    00a0 - 28 e2 ab 35 e1 2c 06 71-e5 b2 82 cb 3a 75 cc 72   (..5.,.q....:u.r
    00b0 - ed ae e1 12 ff 82 6c 3a-3a 38 7a 8c 3c 9c f1 10   ......l::8z.<...
    00c0 - 78 b8 37 87 c3 a2 00 76-01 72 8c ef 3b 20 48 28   x.7....v.r..; H(

    Start Time: 1644931899
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: yes
---
closed

(补充:这里以显示 eternalcenter.com 的 443 端口的 SSL 证书为例)

内容二:查看主要信息

# echo | openssl s_client -connect scc.suse.com:443 | head -n 16
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = eternalcenter.com
verify return:1
---
Certificate chain
 0 s:CN = eternalcenter.com
   i:C = US, O = Let's Encrypt, CN = R3
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
---

(补充:这里以显示 eternalcenter.com 的 443 端口的 SSL 证书为例)

Posted on

WordPress 值得使用的主题和插件

主题

Twenty Seventeen

Twenty Seventeen 是一个开源的 WordPress 主题,非常适合目录较多的网站,首页能够巧妙地将图片和文字结合在一起。

插件

All In One WP Security

All In One WP Security 是一个开源的 WordPress 安全插件,比较全面地对 WordPress 进行安全加强,安装了这个插件以后,基本上就不需要再安装其他安全插件。

Easy WP SMTP

Easy WP SMTP 是一个开源的 WordPress 邮件插件,可以实现 WordPress 通过 SMTP 发送邮件。

Simply Static

Simply Static 是一个开源的 WordPress 动态网站转静态网站插件,可以将动态网站转换成静态网站。

WP-Optimize Cache

WP-Optimize Cache 是一个开源的 WordPress 网站性能优化插件,可以删除无用数据等等。

Health Check & Troubleshooting

Health Check & Troubleshooting 是一个开源的 WordPress 网站健康度检测插件,可以检测网站的各项健康指标。

Username Changer

Username Changer 是一个开源的修改 WordPress 用户名的插件,可以修改用户名

Edit Author Slug

Edit Author Slug 是一个开源的修改 WordPress 用户名下文章链接的插件,可以修改用户发布文章的链接,默认情况下用户发布文章的链接是:https://<domain name>/author/<username>/