Message from openssl-1.0.2_11:
一、Generate a Certificate Request for CA Submission
# 確認版本
# openssl version
OpenSSL 1.0.1p-freebsd 9 Jul 2015
# cp /usr/local/openssl/openssl.cnf.sample /usr/local/openssl/openssl.cnf
# cd /usr/local/openssl
# mkdir CA
# cp misc/CA.pl CA
# cd CD
# ./CA.pl -newreq
按照問題回答:
Generating a 1024 bit RSA private key
...................................++++++
...++++++
writing new private key to 'newkey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
.
.
Country Name (2 letter code) [AU]:TW
State or Province Name (full name) [Some-State]:Taiwan
Locality Name (eg, city) []:Taoyuan
Organization Name (eg, company) [Internet Widgits Pty Ltd]:TestSBD
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:ns1.testbsd.com
Email Address []:admin@testbsd.com
.
.
二、Create a Self-Signed SSL Certificate
# cd /usr/local/openssl
# mkdir SSL
# cp misc/CA.pl SSL
# cd /usr/local/openssl/SSL
# ./CA.pl -newca
.
.
Making CA certificate ...
Generating a 1024 bit RSA private key
...............++++++
........++++++
.
.
Country Name (2 letter code) [AU]:TW
State or Province Name (full name) [Some-State]:Taiwan
Locality Name (eg, city) []:Taoyuan
Organization Name (eg, company) [Internet Widgits Pty Ltd]:TestBSD
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:ns1.testbsd.com
Email Address []:admin@testbsd.com
.
.
Certificate Details:
Serial Number: 12485983489805965089 (0xad471fd49546d721)
Validity
Not Before: Mar 14 11:34:09 2016 GMT
Not After : Mar 14 11:34:09 2019 GMT
Subject:
countryName = TW
stateOrProvinceName = Taiwan
organizationName = TestBSD
organizationalUnitName = IT
commonName = ns1.testbsd.com
emailAddress = admin@testbsd.com
X509v3 extensions:
X509v3 Subject Key Identifier:
E1:07:10:E3:51:2E:3F:27:07:68:89:19:69:55:5B:C1:2B:47:EE:38
X509v3 Authority Key Identifier:
keyid:E1:07:10:E3:51:2E:3F:27:07:68:89:19:69:55:5B:C1:2B:47:EE:38
X509v3 Basic Constraints:
CA:TRUE
Certificate is to be certified until Mar 14 11:34:09 2019 GMT (1095 days)
.
.
# ./CA.pl -newreq
.
.
過程同上
.
.
# ./CA.pl -signreq
.
.
過程同上
.
.
Certificate is to be certified until Mar 14 11:39:08 2017 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
# cp newcert.pem ns1.testbsd.com-cert.pem
# cp newkey.pem ns1.testbsd.com-encrypted-key.pem
# cp demoCA/cacert.pem ./testbsd.com-CAcert.pem
# cp demoCA/private/cakey.pem ./testbsd.com-encrypted-CAkey.pem
# openssl rsa -in ns1.testbsd.com-encrypted-key.pem -out ns1.testbsd.com-unencrypted-key.pem
# chmod 400 ns1.testbsd.com-unencrypted-key.pem
# openssl x509 -in testbsd.com-CAcert.pem -inform PEM -out testbsd.com-CAcert.cer -outform DER
# uuencode testbsd.com-CAcert.cer testbsd.com-CAcert.cer | mail -s "Subject" admin@testbsd.com
# ls
CA.pl ns1.testbsd.com-encrypted-key.pem
demoCA ns1.testbsd.com-unencrypted-key.pem
newcert.pem testbsd.com-CAcert.cer
newkey.pem testbsd.com-CAcert.pem
newreq.pem testbsd.com-encrypted-CAkey.pem
ns1.testbsd.com-cert.pem
沒有留言:
張貼留言