User Tools
создание_иерархии_сертификатов
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
создание_иерархии_сертификатов [2009/04/17 07:11] val |
— (current) | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Создание иерархии сертификатов ====== | ||
| - | |||
| - | ===== Создание корневого сертификата организации ===== | ||
| - | |||
| - | ==== Создание зашифрованного приватнного ключа ==== | ||
| - | <code> | ||
| - | gX# openssl dsaparam -rand -genkey -out rand.key 1024 | ||
| - | |||
| - | gX# openssl gendsa -des3 -out ca.key rand.key | ||
| - | Generating DSA key, 1024 bits | ||
| - | Enter PEM pass phrase:A!S@d3f4 | ||
| - | Verifying - Enter PEM pass phrase:A!S@d3f4 | ||
| - | |||
| - | gX# rm rand.key | ||
| - | </code> | ||
| - | |||
| - | ==== Создание сертификата ==== | ||
| - | <code> | ||
| - | gX# openssl req -new -days 365 -key ca.key -out ca.crt | ||
| - | Enter pass phrase for ca.key:Pa$$w0rd | ||
| - | ... | ||
| - | Country Name (2 letter code) [AU]:RU | ||
| - | State or Province Name (full name) [Some-State]:Russia | ||
| - | Locality Name (eg, city) []:Moscow | ||
| - | Organization Name (eg, company) [Internet Widgits Pty Ltd]:cko | ||
| - | Organizational Unit Name (eg, section) []:unix3 | ||
| - | Common Name (eg, YOUR name) []:dX.class | ||
| - | Email Address []:root@gX.dX.class | ||
| - | |||
| - | </code> | ||
| - | |||
| - | ===== Создание сертификата подписанного корневым сертификатом ===== | ||
| - | |||
| - | Приватный ключ apache.key оставляем старый | ||
| - | <code> | ||
| - | gX# rm apache.crt | ||
| - | </code> | ||
| - | |||
| - | ==== Создание запроса на сертификат ==== | ||
| - | <code> | ||
| - | gX# openssl req -new -x509 -days 365 -key apache.key -out apache.req | ||
| - | ... | ||
| - | Country Name (2 letter code) [AU]:RU | ||
| - | State or Province Name (full name) [Some-State]:Russia | ||
| - | Locality Name (eg, city) []:Moscow | ||
| - | Organization Name (eg, company) [Internet Widgits Pty Ltd]:cko | ||
| - | Organizational Unit Name (eg, section) []:unix3 | ||
| - | Common Name (eg, YOUR name) []:gX.dX.class | ||
| - | Email Address []:root@gX.dX.class | ||
| - | |||
| - | Please enter the following 'extra' attributes | ||
| - | to be sent with your certificate request | ||
| - | A challenge password []: | ||
| - | An optional company name []: | ||
| - | </code> | ||
| - | |||
| - | ==== Подпись запроса на сертификат центром сертификации ==== | ||
| - | <code> | ||
| - | gX# openssl x509 -req -in apache.req -CA ca.crt -CAkey ca.key -CAcreateserial -out apache.crt | ||
| - | Signature ok | ||
| - | subject=/C=RU/ST=Russia/L=Moskw/O=cko/OU=freebsd/CN=dX.class/emailAddress=root@gX.dX.class | ||
| - | Getting CA Private Key | ||
| - | Enter pass phrase for ca.key: | ||
| - | |||
| - | gX# rm apache.req | ||
| - | </code> | ||
| - | |||
| - | |||
создание_иерархии_сертификатов.1239937860.txt.gz · Last modified: 2013/05/22 13:50 (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
