This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
пакет_openssl [2022/01/11 08:11] val [Просмотр содержимого файла сертификата] |
пакет_openssl [2023/09/15 11:44] val [Создание параметра DH] |
||
---|---|---|---|
Line 18: | Line 18: | ||
$ openssl s_client -CApath /etc/ssl/certs/ -showcerts -connect student.bmstu.ru:443 | $ openssl s_client -CApath /etc/ssl/certs/ -showcerts -connect student.bmstu.ru:443 | ||
+ | |||
+ | $ openssl s_client -showcerts -connect webinar6.bmstu.ru:443 2>/dev/null | openssl x509 -noout -dates | ||
+ | |||
+ | $ faketime -f "+500d" ... | ||
$ openssl s_client -CApath /etc/ssl/certs/ -starttls smtp -crlf -connect mailhub.bmstu.ru:25 | $ openssl s_client -CApath /etc/ssl/certs/ -starttls smtp -crlf -connect mailhub.bmstu.ru:25 | ||
Line 69: | Line 73: | ||
===== Создание параметра DH ===== | ===== Создание параметра DH ===== | ||
<code> | <code> | ||
- | # openssl dhparam -out /etc/openvpn/dh2048.pem 2048 | + | # time openssl dhparam -out /etc/openvpn/dh2048.pem 2048 |
+ | real 0m24.676s | ||
</code> | </code> | ||
Line 83: | Line 88: | ||
==== Создание сертификата ==== | ==== Создание сертификата ==== | ||
<code> | <code> | ||
- | server# openssl req -new -x509 -addext "subjectAltName=DNS:server.corpX.un" -days 3650 -key server.key -out server.crt | + | server# openssl req -new -x509 -days 3650 -key server.key -out server.crt -addext "subjectAltName=DNS:server.corpX.un" |
</code><code> | </code><code> | ||
... | ... | ||
Line 91: | Line 96: | ||
Organization Name (eg, company) [Internet Widgits Pty Ltd]:cko | Organization Name (eg, company) [Internet Widgits Pty Ltd]:cko | ||
Organizational Unit Name (eg, section) []:noc | Organizational Unit Name (eg, section) []:noc | ||
- | Common Name (eg, YOUR name) []:server.corpX.un | + | Common Name (eg, YOUR name) []:server.corpX.un !!!! для некоторых сервисов (ovpn) не должно быть пустым |
Email Address []:noc@corpX.un | Email Address []:noc@corpX.un | ||
</code> | </code> | ||
Line 100: | Line 105: | ||
server# openssl x509 -text -noout -in - | server# openssl x509 -text -noout -in - | ||
+ | |||
+ | server# openssl x509 -text -noout | ||
</code> | </code> | ||
Line 232: | Line 239: | ||
lan# scp /etc/ssl/openssl.cnf www:/etc/ssl/ | lan# scp /etc/ssl/openssl.cnf www:/etc/ssl/ | ||
- | www# openssl req -new -key www.key -out www.req | + | www# openssl req -new -key www.key -out www.req #-sha256 |
</code><code> | </code><code> | ||
... | ... |