Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Trace:
создание_иерархии_сертификатов

This is an old revision of the document!

Table of Contents

Создание иерархии сертификатов

Создание корневого сертификата организации

Создание зашифрованного приватнного ключа

gX# openssl dsaparam -rand -genkey -out rand.key 1024

gX# openssl gendsa -des3 -out ca.key rand.key
Generating DSA key, 1024 bits
Enter PEM pass phrase:Pa$$w0rd
Verifying - Enter PEM pass phrase:Pa$$w0rd

gX# rm rand.key

Создание сертификата

gX# openssl req -new -x509 -days 365 -key ca.key -out ca.crt
Enter pass phrase for ca.key:Pa$$w0rd
...
Country Name (2 letter code) [AU]:RU
State or Province Name (full name) [Some-State]:Russia
Locality Name (eg, city) []:Moscow
Organization Name (eg, company) [Internet Widgits Pty Ltd]:cko
Organizational Unit Name (eg, section) []:unix3
Common Name (eg, YOUR name) []:dX.class
Email Address []:root@gX.dX.class

Создание сертификата подписанного корневым сертификатом

Приватный ключ apache.key оставляем старый 

gX# rm apache.crt

Создание запроса на сертификат

gX# openssl req -new -days 365 -key apache.key -out apache.req
...
Country Name (2 letter code) [AU]:RU
State or Province Name (full name) [Some-State]:Russia
Locality Name (eg, city) []:Moscow
Organization Name (eg, company) [Internet Widgits Pty Ltd]:cko
Organizational Unit Name (eg, section) []:unix3
Common Name (eg, YOUR name) []:gX.dX.class
Email Address []:root@gX.dX.class

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Подпись запроса на сертификат центром сертификации

gX# openssl x509 -req -in apache.req -CA ca.crt -CAkey ca.key -CAcreateserial -out apache.crt
Signature ok
subject=/C=RU/ST=Russia/L=Moskw/O=cko/OU=freebsd/CN=dX.class/emailAddress=root@gX.dX.class
Getting CA Private Key
Enter pass phrase for ca.key:

gX# rm apache.req
создание_иерархии_сертификатов.1239965410.txt.gz · Last modified: 2013/05/22 13:50 (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Run on Debian Driven by DokuWiki