User Tools
создание_иерархии_сертификатов
This is an old revision of the document!
Table of Contents
Создание иерархии сертификатов
Создание корневого сертификата организации
Создание зашифрованного приватнного ключа
gate# openssl genrsa -des3 -out ca.key 1024 Generating DSA key, 1024 bits Enter PEM pass phrase:Pa$$w0rd Verifying - Enter PEM pass phrase:Pa$$w0rd
Создание сертификата
gate# openssl req -new -x509 -days 3650 -key ca.key -out ca.crt Enter pass phrase for ca.key:Pa$$w0rd ... Country Name (2 letter code) [AU]:RU State or Province Name (full name) [Some-State]:Russia Locality Name (eg, city) []:Moscow Organization Name (eg, company) [Internet Widgits Pty Ltd]:cko Organizational Unit Name (eg, section) []:unix3 Common Name (eg, YOUR name) []:corpX.un Email Address []:root@gate.corpX.un
Создание сертификата подписанного корневым сертификатом
Приватный ключ apache.key оставляем старый
gate# rm apache.crt
Создание запроса на сертификат
gate# openssl req -new -key apache.key -out apache.req ... Country Name (2 letter code) [AU]:RU State or Province Name (full name) [Some-State]:Russia Locality Name (eg, city) []:Moscow Organization Name (eg, company) [Internet Widgits Pty Ltd]:cko Organizational Unit Name (eg, section) []:unix3 Common Name (eg, YOUR name) []:gate.corpX.un Email Address []:root@gate.corpX.un Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
Подпись запроса на сертификат центром сертификации
gate# openssl x509 -days 365 -req -in apache.req -CA ca.crt -CAkey ca.key -CAcreateserial -out apache.crt Signature ok subject=/C=RU/ST=Russia/L=Moskw/O=cko/OU=freebsd/CN=corpX.un/emailAddress=root@gate.corpX.un Getting CA Private Key Enter pass phrase for ca.key: gate# rm apache.req
создание_иерархии_сертификатов.1256009585.txt.gz · Last modified: 2013/05/22 13:50 (external edit)
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
