OpenSSL Setup Tutorial – wiki大全

作者: /

OpenSSL Setup Tutorial: A Comprehensive Guide to Installation and Basic Usage

OpenSSL is an indispensable open-source toolkit widely used for implementing the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. It provides a robust set of command-line tools and libraries for various cryptographic functions, including generating private keys, creating Certificate Signing Requests (CSRs), installing SSL/TLS certificates, and inspecting certificate information. This tutorial will guide you through the process of installing OpenSSL on different operating systems and introduce you to some fundamental usage commands.

1. Verifying Existing OpenSSL Installation

Before proceeding with a new installation, it’s prudent to check if OpenSSL is already present on your system. Open your terminal or command prompt and execute the following command:

bash
openssl version

If OpenSSL is installed, you will see its version details (e.g., OpenSSL 1.1.1f 31 Mar 2020). If you receive a “command not found” error, you’ll need to proceed with the installation steps outlined below.

2. Installation Instructions by Operating System

The installation process for OpenSSL varies significantly depending on your operating system.

A. Windows

OpenSSL does not provide official binary distributions for Windows. Therefore, it’s recommended to obtain a reliable third-party distribution.

  1. Download OpenSSL:

    • Navigate to a trusted source that provides pre-compiled OpenSSL binaries for Windows. A commonly referenced site is the Win32/Win64 OpenSSL Installation Project (e.g., slproweb.com/products/Win32OpenSSL.html).
    • Select the appropriate installer package for your system architecture (e.g., Win64OpenSSL-Light-x.x.x.exe for 64-bit systems) for the latest stable version.

  2. Install OpenSSL:

    • Run the downloaded executable (.exe or .msi) installer.
    • Follow the on-screen prompts. It’s often recommended to install OpenSSL in a dedicated directory outside of the standard Windows program files, such as C:\OpenSSL-Win64.
    • Ensure all components are selected for installation to ensure full functionality.

  3. Configure Environment Variables: This crucial step ensures that your system can locate and execute OpenSSL commands from any directory.

    • Search for “Environment Variables” in the Windows search bar and select “Edit the system environment variables.”
    • Click the “Environment Variables…” button.
    • Under the “System variables” section, locate and select the Path variable, then click “Edit.”
    • Click “New” and add the path to your OpenSSL bin directory (e.g., C:\OpenSSL-Win64\bin).
    • Still under “System variables,” click “New…” to create a new system variable:
      • Variable name: OPENSSL_CONF
      • Variable value: The full path to your openssl.cfg file (e.g., C:\OpenSSL-Win64\bin\openssl.cfg).
    • Click “OK” on all open windows to save the changes.

  4. Verify Installation:

    • Open a new Command Prompt or PowerShell window (existing windows will not have the updated environment variables).
    • Type openssl version. You should now see the installed OpenSSL version.

B. macOS

macOS typically includes LibreSSL, which is a different cryptographic library and not fully compatible with OpenSSL. It is recommended to install a separate OpenSSL version using a package manager like Homebrew.

  1. Install Homebrew (if not already installed):

    • Open Terminal (Applications > Utilities > Terminal).
    • Execute the following command:
      bash
      /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
    • Follow any on-screen instructions to complete the Homebrew installation.

  2. Install OpenSSL:

    • In Terminal, run the command to install OpenSSL. While brew install openssl installs the latest version, [email protected] is often used for compatibility with older applications:
      bash
      brew install [email protected]

  3. Configure PATH: Homebrew will typically output instructions on how to link OpenSSL and add it to your shell’s PATH. You’ll usually need to add a line similar to the following to your shell’s configuration file (e.g., ~/.zshrc for Zsh, ~/.bash_profile for Bash):
    bash
    echo 'export PATH="/usr/local/opt/[email protected]/bin:$PATH"' >> ~/.zshrc # or ~/.bash_profile
    source ~/.zshrc # or source ~/.bash_profile
    Remember to replace [email protected] with openssl if you installed the latest version.

  4. Verify Installation:

    • Open a new Terminal window, or run source ~/.zshrc (or source ~/.bash_profile) in your current one.
    • Type openssl version. You should now see the Homebrew-installed OpenSSL version.

C. Linux (Debian/Ubuntu-based)

Most Linux distributions, including Debian and Ubuntu, come with OpenSSL pre-installed. If you need to install it or ensure you have the latest version, you can use your distribution’s package manager.

  1. Update Package Lists:
    bash
    sudo apt update

  2. Install OpenSSL:
    bash
    sudo apt install openssl
    If you intend to compile other software that depends on OpenSSL, you may also need to install the development headers:
    bash
    sudo apt install libssl-dev

  3. Verify Installation:

    • In Terminal, type openssl version. You should see the installed OpenSSL version.

3. Basic OpenSSL Usage Examples

Once OpenSSL is successfully installed, you can leverage its capabilities for various cryptographic tasks. Here are a few common examples:

  • Generate a Private Key:
    This command generates a 2048-bit RSA private key and saves it to private.key.
    bash
    openssl genrsa -out private.key 2048

  • Create a Certificate Signing Request (CSR):
    A CSR is a request sent to a Certificate Authority (CA) to obtain an SSL/TLS certificate. You will be prompted to enter information about your organization and website.
    bash
    openssl req -new -key private.key -out csr.csr

  • Generate a Self-Signed Certificate (for testing purposes):
    For testing and development environments, you can create a self-signed certificate. This certificate is not trusted by public CAs but is useful for internal testing. This example creates a certificate valid for 365 days.
    bash
    openssl req -x509 -new -key private.key -out certificate.crt -days 365

  • View Certificate Information:
    To inspect the details of an existing certificate, use the following command:
    bash
    openssl x509 -in certificate.crt -text -noout

This comprehensive guide should help you get OpenSSL set up on your system and provide a starting point for utilizing its powerful cryptographic features.

滚动至顶部