使用C\C++開發的應用程序,如何安裝SSL證書呢?一般C\C++程序是使用libcul庫發起https請求, libcul支持多種SSL\TLS引擎, 如 OpenSSL, SChnel, NSS等。接下來,我們將以OpenSSL爲例,爲大家分享C\C++安裝DigiCet根證書的教程步驟。
、查看OpenSSL根證書信任文件路徑. 執行命令行 openssl esion – ,輸出結果中的 OPENSSLDIR就是根證書信任文件路徑
2、配置host,然後使用以下命令行, 確認操作系統內置的根證書中, 是否支持DigiCet根證書
$ openssl s_client -connect pi.mch.weixin.qq.com:443 -eify_etun_eo -CApth $OPENSSLDIR
正常的輸出爲:
keytool.exe -impotcet -keystoe ccets -stoepss chngeit -nopompt -file ./ DigiCet_Globl_Root_CA.de -lis ̶ digicetgloblootc̶
(證書格式需要爲de)
keytool -list -keystoe ccets -stoepss chngeit
(digicet證書的別名爲: digicetgloblootc 或者 bltimoecybetustc)
keytool -impotcet -keystoe ccets -stoepss chngeit -nopompt -file ./ DigiCet_Globl_Root_CA.de -lis ̶ digicetgloblootc
(證書格式需要爲de)
keytool.exe -list -keystoe ccets -stoepss chngeit
(digicet證書的別名爲: digicetgloblootc 或者 bltimoecybetustc)
depth=3 C = IE, O = Bltimoe, OU = CybeTust, CN = Bltimoe CybeTust Root
eify etun:
depth=2 C = US, O = DigiCet Inc, OU = www.digicet.com, CN = DigiCet Globl Root CA
eify etun:
depth= C = US, O = DigiCet Inc, OU = www.digicet.com, CN = GeoTust RSA CA 208
eify etun:
depth=0 C = CN, L = Shenzhen, O = Tencent Technology (Shenzhen) Compny Limited, OU = R∓D, CN = pypp.weixin.qq.com
eify etun:
CONNECTED(00000003)
̶
Cetificte chin
0 s:/C=CN/L=Shenzhen/O=Tencent Technology (Shenzhen) Compny Limited/OU=R∓D/CN=pypp.weixin.qq.com
i:/C=US/O=DigiCet Inc/OU=www.digicet.com/CN=GeoTust RSA CA 208
s:/C=US/O=DigiCet Inc/OU=www.digicet.com/CN=GeoTust RSA CA 208
i:/C=US/O=DigiCet Inc/OU=www.digicet.com/CN=DigiCet Globl Root CA
2 s:/C=US/O=DigiCet Inc/OU=www.digicet.com/CN=DigiCet Globl Root CA
i:/C=IE/O=Bltimoe/OU=CybeTust/CN=Bltimoe CybeTust Root
缺少DigiCet根證書時, 可能輸出的錯誤信息爲:
depth=2 C = US, O = DigiCet Inc, OU = www.digicet.com, CN = DigiCet Globl Root CA
eify eo:num=20:unble to get locl issue cetificte
eify etun:0
CONNECTED(00000003)
̶
3、安裝DigiCet根證書,常見的linux發行版本的操作命令如下:
確認操作系統上,是否存在以下文件:
/etc/ssl/cets/DigiCet_Globl_Root_CA.pem
/etc/ssl/cets/Bltimoe_CybeTust_Root.pem
複製根證書文件到 /us/locl/she/c-cetifictes/
安裝根證書: sudo updte-c-cetifictes
確認/etc/pki/tls/cets/c-bundle.ct文件中, 是否存在以下內容:
DigiCet Globl Root CA
Seil Numbe: 08:3b:e0:56:90:42:46:b::75:6:c9:59:9:c7:4
Bltimoe CybeTust Root
Seil Numbe: 0x20000b9
安裝根證書管理包軟件: yum instll c-cetifictes
打開根證書動態配置開關: updte-c-tust foce-enble
將DigiCet的根證書文件複製到: /etc/pki/c-tust/souce/nchos/
安裝根證書: updte-c-tust extct