This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
пакет_openssl [2020/06/25 14:42] val [Настройка атрибутов организации в конфигурации ssl] |
пакет_openssl [2021/11/26 13:41] val [Интерактивное подключение по ssl] |
||
---|---|---|---|
Line 15: | Line 15: | ||
===== Интерактивное подключение по ssl ===== | ===== Интерактивное подключение по ssl ===== | ||
<code> | <code> | ||
- | $ openssl s_client -CApath /etc/ssl/certs/ -connect student.bmstu.ru:443 | + | $ openssl s_client -connect ru.wikipedia.org:443 |
$ openssl s_client -CApath /etc/ssl/certs/ -showcerts -connect student.bmstu.ru:443 | $ openssl s_client -CApath /etc/ssl/certs/ -showcerts -connect student.bmstu.ru:443 | ||
Line 83: | Line 83: | ||
==== Создание сертификата ==== | ==== Создание сертификата ==== | ||
<code> | <code> | ||
- | server# openssl req -new -x509 -days 3650 -key server.key -out server.crt | + | server# openssl req -new -x509 -addext "subjectAltName=DNS:server.corpX.un" -days 3650 -key server.key -out server.crt |
</code><code> | </code><code> | ||
... | ... | ||
Line 102: | Line 102: | ||
===== Импорт сертификата центра сертификации ===== | ===== Импорт сертификата центра сертификации ===== | ||
+ | * Материалы по Windows [[Материалы по Windows#Экспорт корневого сертификата]] | ||
==== Проверка ==== | ==== Проверка ==== | ||
<code> | <code> | ||
Line 125: | Line 126: | ||
server.crt: OK | server.crt: OK | ||
- | # wget -O - https://www.corp55.un | + | # wget -O - https://www.corpX.un |
</code> | </code> | ||
Line 208: | Line 209: | ||
... | ... | ||
Common Name (eg, YOUR name) []:corpX.un | Common Name (eg, YOUR name) []:corpX.un | ||
- | Email Address []:noc@corpX.un | ||
</code> | </code> | ||
Line 234: | Line 234: | ||
... | ... | ||
Common Name (eg, YOUR name) []:www.corpX.un | Common Name (eg, YOUR name) []:www.corpX.un | ||
- | Email Address []:noc@corpX.un | ||
... | ... | ||
</code> | </code> | ||
Line 281: | Line 280: | ||
==== Добавление атрибутов в сертификат ==== | ==== Добавление атрибутов в сертификат ==== | ||
- | * На примере subjectAltName. Оказался, нужным для Spark клиента | + | * На примере subjectAltName. Оказался, нужным для Spark клиента и, вероятно, нужен Chrome |
* [[https://www.endpoint.com/blog/2014/10/30/openssl-csr-with-alternative-names-one|OpenSSL CSR with Alternative Names one-line]] | * [[https://www.endpoint.com/blog/2014/10/30/openssl-csr-with-alternative-names-one|OpenSSL CSR with Alternative Names one-line]] | ||
Line 317: | Line 316: | ||
$ openssl req -new -key user1.key -out user1.req | $ openssl req -new -key user1.key -out user1.req | ||
... | ... | ||
- | Organizational Unit Name (eg, section) []:group1 | + | Organizational Unit Name (eg, section) [noc]:group1 |
Common Name (eg, YOUR name) []:user1 | Common Name (eg, YOUR name) []:user1 | ||
- | Email Address []:user1@corpX.un | + | Email Address [noc@corpX.un]:user1@corpX.un |
... | ... | ||
</code> | </code> |