1、自建CA
# cd /etc/pki/CA/ # (umask 077; openssl genrsa -out private/cakey.pem 2048) # openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3656 Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:Yunnan Locality Name (eg, city) [Default City]:Kunming Organization Name (eg, company) [Default Company Ltd]:San Organizational Unit Name (eg, section) []:Students Common Name (eg, your name or your server's hostname) []:ca.san.com Email Address []:caadmin@san.com # ls -lh 总用量 20K -rw-r--r--. 1 root root 1.4K 3月 29 16:18 cacert.pem # touch serial index.txt serial # echo 01 > serial # ls cacert.pem certs crl index.txt newcerts private serial
2、证书签署
# (umask 077; openssl genrsa -out /root/mykey2.pri 2048) #生成一个私钥 # openssl req -new -key /root/mykey2.pri -out /root/myreq.csr #生成证书 Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:Yunnan Locality Name (eg, city) [Default City]:Kunming Organization Name (eg, company) [Default Company Ltd]:San Organizational Unit Name (eg, section) []:Students Common Name (eg, your name or your server's hostname) []:www.san.com Email Address []:admin@san.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: # openssl ca -in myreq.csr -out mycert.crt -days 365签署证书 # ls mycert.crt #证书签署完成
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。