### è¯ä¹¦ è¯ä¹¦æ¯ä¸ä¸ªå å«å ¬é¥ã订é 人ç¸å ³ä¿¡æ¯ä»¥åè¯ä¹¦é¢åè æ°åç¾åçæ°åæä»¶,ä¹å°±æ¯ä¸ä¸ªè®© æä»¬å¯ä»¥äº¤æ¢ãåå¨å使ç¨å ¬é¥ç壳ãå æ¤,è¯ä¹¦æä¸ºäºæ´ä¸ªPKIä½ç³»çåºç¡ç»æå ç´ ã ### è¯ä¹¦è§è 1. X.509 ### è¯ä¹¦æ ¼å¼ 1. .cer 2. .pem 3. .p7b 4. .p12 ### æ°åç¾åå ¬å¼ [èµæ](http://www.ruanyifeng.com/blog/2011/08/what_is_a_digital_signature.html) Signature = RSA(sha256(Data), IssuerPrivateKey) 使ç¨IssuerPublicKeyè§£å¯Signatureï¼è·çsha256(Data),ç¶ååç¨sha(å®é çdata)ï¼å¦æä¸¤ä¸ªå¼ç¸åå³è¡¨æSignatureæ¯ç¨IssuerPrivateKeyç¾åçã ### pks12转æ¢ä¸ºpem è¯ä¹¦åç§é¥åæ¾å°åä¸ä¸ªpemä¸ `openssl pkcs12 -in path.p12 -out newfile.pem` è¯ä¹¦åpemå嫿¾å°åç¬çpemæä»¶ä¸ `openssl pkcs12 -in path.p12 -out newfile.crt.pem -clcerts -nokeys` `openssl pkcs12 -in path.p12 -out newfile.key.pem -nocerts -nodes` ### curlæµè¯ curl -k --cert client.pem --key key.pem https://www.xxxx.com curl -k --cert all.pem https://www.xxxx.com