快速业务通道

linux-ca自签发-021

作者 佚名技术 来源 Linux系统 浏览 发布时间 2012-03-27

账号认证

Linux openca 只能为本单位发布证书

Linux下做rootca 自签发证书 实现client访问时有身份验证.

[root@localhost ~]# yum list all |grep openssl

This system is not registered with RHN.

RHN support will be disabled.

openssl.i686 0.9.8e-7.el5 installed

openssl-devel.i386 0.9.8e-7.el5 installed

openssl.i386 0.9.8e-7.el5 rehl-server

openssl-perl.i386 0.9.8e-7.el5 rehl-server

openssl097a.i386 0.9.7a-9.el5_2.1 rehl-server

xmlsec1-openssl.i386 1.2.9-8.1 rehl-server

xmlsec1-openssl-devel.i386 1.2.9-8.1 rehl-server

[root@localhost ~]# yum install openssl*

1.编辑openssl.cnf产生存放私钥的文件

[root@apache-server pki]# pwd

/etc/pki

[root@apache-server pki]# vim tls/openssl.cnf

--存放机构自己的私钥

dir = /etc/pki/CA # Where everything is kept

[root@apache-server pki]# cd /etc/pki/CA

[root@apache-server CA]# ll

total 8

drwx------ 2 root root 4096 Dec 17 2008 private

2.产生机构的私钥

[root@apache-server CA]# openssl genrsa 1024 >private/cakey.pem

Generating RSA private key, 1024 bit long modulus

.................

.......

e is 65537 (0x10001)

--改变权限

[root@apache-server CA]# chmod 600 private/*

[root@apache-server CA]# ll private/

total 4

-rw------- 1 root root 887 Aug 23 23:05 cakey.pem

[root@apache-server CA]#

3.自签发的证书ROOTCA

[root@apache-server CA]# openssl req -x509 -new -key private/cakey.pem -out cacert.pem -days 365

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter ''.'', the field will be left blank.

-----

Country Name (2 letter code) [GB]:CN

State or Province Name (full name) [Berkshire]:HENAN

Locality Name (eg, city) [Newbury]:ZHENGZHOU

Organization Name (eg, company) [My Company Ltd]:ZZU

Organizational Unit Name (eg, section) []:TEC

Common Name (eg, your name or your server''s hostname) []:ROOTCA.ZZU.COM

Email Address []:

[root@apache-server CA]#


Client申请证书

"Times New Roman";mso-hansi-font-family:"Times New Roman"">产生私钥

[root@apache-server httpd]# mkdir certs

[root@apache-server httpd]# cd certs

[root@apache-server certs]# ll

total 0

[root@apache-server certs]# pwd

/etc/httpd/certs

[root@apache-server certs]# openssl genrsa 1024 >httpd.key

Generating RSA private key, 1024 bit long modulus

...............

.......

e is 65537 (0x10001)

[root@apache-server certs]# chmod 600 httpd.key

[root@apache-server certs]# ll

total 4

-rw-----

凌众科技专业提供服务器租用、服务器托管、企业邮局、虚拟主机等服务,公司网站:http://www.lingzhong.cn 为了给广大客户了解更多的技术信息,本技术文章收集来源于网络,凌众科技尊重文章作者的版权,如果有涉及你的版权有必要删除你的文章,请和我们联系。以上信息与文章正文是不可分割的一部分,如果您要转载本文章,请保留以上信息,谢谢!

分享到: 更多

Copyright ©1999-2011 厦门凌众科技有限公司 厦门优通互联科技开发有限公司 All rights reserved

地址(ADD):厦门软件园二期望海路63号701E(东南融通旁) 邮编(ZIP):361008

电话:0592-5908028 传真:0592-5908039 咨询信箱:web@lingzhong.cn 咨询OICQ:173723134

《中华人民共和国增值电信业务经营许可证》闽B2-20100024  ICP备案:闽ICP备05037997号