https服务器的配置(三)创建私有CA和证书
首先在其他主机上创建一个私有的CA假如我我现在就另外开一台虚拟机
登录进去
一、生存一对密钥(私钥和公钥,公钥可以在私钥中提取因此创建私钥就可以了)
#cd/etc/pki/CA
#(umask 077; opensslgenrsa –out private/cakey.pem 2048)
二、生成CA的证书
# openssl req -new -x509-key private/cakey.pem -out cacert.pem
You are about to be asked to enterinformation that will be incorporated
into your certificate request.
What you are about to enter is what iscalled a Distinguished Name or a DN.
There are quite a few fields but you canleave some blank
For some fields there will be a defaultvalue,
If you enter '.', the field will be leftblank.
-----
Country Name (2 letter code) :CN
State or Province Name (full name) []:Henan
Locality Name (eg, city) :Zhengzhou
Organization Name (eg, company) :HuangBY
Organizational Unit Name (eg, section)[]:Tech
Common Name (eg, your name or your server'shostname) []:www.huangbaoying.com
Email Address []:479714212@qq.com
Please enter the following 'extra'attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
# mkdir certs newcerts crl
# touch index.txt
# touch serial
# echo 01 > serial
OK准备给人家签证吧
三、好了,现在在httpd服务器的主机上
# cd /etc/httpd/
# mkdir ssl
#cd ssl
创建私钥
# (umask 077; opensslgenrsa –out httpd.key 1024)
创建证书
# openssl req –new -key httpd.key-out httpd.csr
把证书发给CA
现在我们切换到CA如果你在同一台主机上就不再切换了
四、签证
#openssl ca –in httpd.csr –outhttpd.crt –days 3650
好了签证完毕把httpd.crt发给httpd的服务器主机
五、登录到httpd的服务器主机
将收到的httpd.crt放到/etc/httpd/ssl/下面去备用
页:
[1]