User Tools
создание_иерархии_сертификатов
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
создание_иерархии_сертификатов [2010/10/06 08:22] val |
— (current) | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Создание иерархии сертификатов ====== | ||
| - | |||
| - | ===== Создание корневого сертификата организации ===== | ||
| - | |||
| - | Синхронизируйте часы во всех системах | ||
| - | |||
| - | ==== Создание зашифрованного приватнного ключа ==== | ||
| - | <code> | ||
| - | server# openssl genrsa -des3 -out ca.key 1024 | ||
| - | Generating DSA key, 1024 bits | ||
| - | Enter PEM pass phrase:Pa$$w0rd | ||
| - | Verifying - Enter PEM pass phrase:Pa$$w0rd | ||
| - | </code> | ||
| - | |||
| - | ==== Создание сертификата ==== | ||
| - | <code> | ||
| - | server# openssl req -new -x509 -days 3650 -key ca.key -out ca.crt | ||
| - | Enter pass phrase for ca.key:Pa$$w0rd | ||
| - | ... | ||
| - | Country Name (2 letter code) [AU]:RU | ||
| - | State or Province Name (full name) [Some-State]:Russia | ||
| - | Locality Name (eg, city) []:Moscow | ||
| - | Organization Name (eg, company) [Internet Widgits Pty Ltd]:cko | ||
| - | Organizational Unit Name (eg, section) []:unix3 | ||
| - | Common Name (eg, YOUR name) []:corpX.un | ||
| - | Email Address []:root@gate.corpX.un | ||
| - | </code> | ||
| - | |||
| - | ===== Создание сертификата подписанного корневым сертификатом ===== | ||
| - | |||
| - | Приватный ключ apache.key оставляем старый | ||
| - | <code> | ||
| - | gate# rm apache.crt | ||
| - | </code> | ||
| - | |||
| - | ==== Создание запроса на сертификат ==== | ||
| - | <code> | ||
| - | gate# openssl req -new -key apache.key -out apache.req | ||
| - | ... | ||
| - | Country Name (2 letter code) [AU]:RU | ||
| - | State or Province Name (full name) [Some-State]:Russia | ||
| - | Locality Name (eg, city) []:Moscow | ||
| - | Organization Name (eg, company) [Internet Widgits Pty Ltd]:cko | ||
| - | Organizational Unit Name (eg, section) []:unix3 | ||
| - | Common Name (eg, YOUR name) []:gate.corpX.un | ||
| - | Email Address []:root@gate.corpX.un | ||
| - | |||
| - | Please enter the following 'extra' attributes | ||
| - | to be sent with your certificate request | ||
| - | A challenge password []: | ||
| - | An optional company name []: | ||
| - | |||
| - | gate# scp apache.req student@server: | ||
| - | </code> | ||
| - | |||
| - | ==== Подпись запроса на сертификат центром сертификации ==== | ||
| - | <code> | ||
| - | server# openssl x509 -days 365 -req -in /usr/student/apache.req -CA ca.crt -CAkey ca.key -CAcreateserial -out apache.crt | ||
| - | Signature ok | ||
| - | subject=/C=RU/ST=Russia/L=Moskw/O=cko/OU=freebsd/CN=corpX.un/emailAddress=root@gate.corpX.un | ||
| - | Getting CA Private Key | ||
| - | Enter pass phrase for ca.key: | ||
| - | |||
| - | |||
| - | server# openssl ca -days 365 -in apache2.req -cert ca.crt -keyfile ca.key -out apache2.crt | ||
| - | |||
| - | |||
| - | gate# scp student@server:/root/apache.crt . | ||
| - | |||
| - | gate# rm apache.req | ||
| - | </code> | ||
создание_иерархии_сертификатов.1286338946.txt.gz · Last modified: 2013/05/22 13:50 (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
