0
点赞
收藏
分享

微信扫一扫

CA证书

题目要求:

​• CA根证书路径/CA/cacert.pem;

• 签发数字证书,颁发者信息:

国家 = CN

单位 = Inc

组织机构 = ​​www.skills.com​​

公用名 = Skill Global Root CA

SSL使用颁发的证书, 颁发给:

C = CN

ST = China

L = ShangDong

O = skills

OU = Operations Departments

CN = *.sdskills.com

签发数字证书,颁发者:

C = CN;

O = Inc

OU = ​​www.skills.com​​

CN = skill Global Root CA

配置:

修改证书配置文件:

vi /etc/pki/tls/openssl.cnf

修改42行为:

CA证书_配置文件

修改85行到90行,将mastch和supplied更改为optional

CA证书_配置文件_02

86行回车空一行将99行复制到空87行中:

CA证书_数字证书_03

创建证书必要的文件:

mkdir /CA

cd /CA

mkdir private newcerts

touch index.txt

echo 01 > serial

CA证书_配置文件_04

生成密钥

openssl genrsa -out private/cakey.pem

CA证书_web服务_05

生成根证书:

openssl req -new -x509 -key private/cakey.pem -out cacert.pem

或:

openssl req -new -x509 -key private/cakey.pem -out cacert.pem \ -subj '/C=CN/O=Inc/OU=www.skills.com/CN=Skill Global Root CA'

CA证书_web服务_06

生成web服务的密钥

openssl genrsa -out httpd.key

CA证书_数字证书_07

生成web证书:

openssl req -new -key httpd.key -out httpd.csr

或:

openssl req -new -key httpd.key -out httpd.csr \ -subj '/C=CN/ST=China/L=ShangDong/O=skills/OU=Operations Departments/CN=*.sdskills.com'

CA证书_配置文件_08

web证书与根证书绑定:

openssl ca -keyfile private/cakey.pem -cert cacert.pem -in httpd.csr -out httpd.pem

CA证书_web服务_09

如要将证书传给另一台pc使用则:

新pc需创建:

mkdir /etc/httpd/ssl

只需在主机向pc发送如pc的ip为(1.9)则:

scp cacert.pem httpd.key httpd.pem root@192.168.1.9:/etc/httpd/ssl

输入密码即可传送:

CA证书_web服务_10

1.9的pc查看:

ll /etc/httpd/ssl

CA证书_配置文件_11

举报

相关推荐

0 条评论