Синхронизируйте часы во всех системах

root@server.corpX.un:~# rcsdiff /etc/ssl/openssl.cnf

===================================================================
RCS file: /etc/ssl/openssl.cnf,v
retrieving revision 1.1
diff -r1.1 /etc/ssl/openssl.cnf
37c37
< dir           = ./demoCA              # Where everything is kept
---
> dir           = ./CAcorpX            # Where everything is kept
45c45
< certificate   = $dir/cacert.pem       # The CA certificate
---
> certificate   = $dir/ca.crt           # The CA certificate
50c50
< private_key   = $dir/private/cakey.pem# The private key
---
> private_key   = $dir/ca.key           # The private key
125c125
< countryName_default           = AU
---
> countryName_default           = RU
X0cX0
< stateOrProvinceName_default   = Some-State
---
> stateOrProvinceName_default   = Russia
X2aX3
> localityName_default            = Moscow
X5cX6
< 0.organizationName_default    = Internet Widgits Pty Ltd
---
> 0.organizationName_default    = cko

mkdir CAcorpX
mkdir CAcorpX/certs
mkdir CAcorpX/newcerts
touch CAcorpX/index.txt
echo "01" > CAcorpX/serial
echo "01" > CAcorpX/crlnumber

server# openssl genrsa -des3 -out CAcorpX/ca.key 1024
Generating DSA key, 1024 bits
Enter PEM pass phrase:Pa$$w0rd
Verifying - Enter PEM pass phrase:Pa$$w0rd

server# openssl req -new -x509 -days 3650 -key CAcorpX/ca.key -out CAcorpX/ca.crt
Enter pass phrase for ca.key:Pa$$w0rd
...
Country Name (2 letter code) [AU]:RU
State or Province Name (full name) [Some-State]:Russia
Locality Name (eg, city) []:Moscow
Organization Name (eg, company) [Internet Widgits Pty Ltd]:cko
Organizational Unit Name (eg, section) []:unix3
Common Name (eg, YOUR name) []:corpX.un
Email Address []:root@gate.corpX.un

server# openssl genrsa -out serverhttp.key 1024
server# chmod 400 serverhttp.key


server# openssl req -new -key serverhttp.key -out serverhttp.req
...
Country Name (2 letter code) [AU]:RU
State or Province Name (full name) [Some-State]:Russia
Locality Name (eg, city) []:Moscow
Organization Name (eg, company) [Internet Widgits Pty Ltd]:cko
Organizational Unit Name (eg, section) []:unix3
Common Name (eg, YOUR name) []:server.corpX.un
Email Address []:root@gate.corpX.un

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

gate# scp gateimap.req student@server:

server# openssl ca -days 365 -in serverhttp.req -out serverhttp.crt


gate# scp student@server:/root/gateimap.crt .

gate# rm gateimap.req

  470  cat CAcorp13/index.txt
  471  openssl ca -revoke CAcorp13/newcerts/02.pem
  472  cat CAcorp13/index.txt
  473  ls
  474  find CAcorp13/
  475  openssl ca -gencrl -out CAcorp13/ca.crl
  476  less /etc/ssl/openssl.cnf
  477  find CAcorp13/
  478  echo "01" > CAcorp13/crlnumber
  479  openssl ca -gencrl -out CAcorp13/ca.crl
  480  find CAcorp13/
  481  history