创建CA证书和SERVER服务器证书

生成CA证书

certtool --generate-privkey --outfile ca-key.pem
cat <<_EOF_> ca.tmpl
cn = "ONEXIN CA"
organization = "ONEXIN Corp"
serial = 1
expiration_days = 999
ca
signing_key
cert_signing_key
crl_signing_key
_EOF_
certtool --generate-self-signed --load-privkey ca-key.pem --template ca.tmpl --outfile ca-cert.pem

生成本地服务器证书

certtool --generate-privkey --outfile server-key.pem
cat <<_EOF_> server.tmpl
cn = "onexin.com"
organization = "ONEXIN"
serial = 2
expiration_days = 999
signing_key
encryption_key
tls_www_server
_EOF_
certtool --generate-certificate --load-privkey server-key.pem --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem --template server.tmpl --outfile server-cert.pem

生成客户端证书

certtool --generate-privkey --outfile user-key.pem
cat <<_EOF_>user.tmpl
cn = "ONEXIN"
unit = "admins"
serial = 1824
expiration_days = 999
signing_key
tls_www_client
_EOF_
certtool --generate-certificate --load-privkey user-key.pem --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem --template user.tmpl --outfile user-cert.pem

生成可在windows中可导入的p12格式的证书

openssl pkcs12 -export -inkey user-key.pem -in user-cert.pem -name "onexinclient" \
-certfile ca-cert.pem -caname "ONEXIN CA" -out client.cert.p12

会提示设置证书密码,也可以不设置直接回车即可。

如果是在root#提示符下操作的,生成的文件在/root文件夹下,生成之后把服务器证书server-cert.pem 放到/etc/ssl/certs,私钥server-key.pem 放到/etc/ssl/private。

cp ca-cert.pem /etc/ssl/certs
cp ca-key.pem /etc/ssl/private
cp server-cert.pem /etc/ssl/certs
cp server-key.pem /etc/ssl/private

参考创建 ca 证书和服务器证书
http://www.infradead.org/ocserv/manual.html#heading5

随机文章:

1、Commerce Bug是Magento developer,designer二次开发必备的工具
https://www.onexin.net/commerce-bug-is-a-magento-developer-designer-tools-necessary-for-secondary-development/

2、Ajax AutoComplete for jQuery
https://www.onexin.net/ajax-autocomplete-for-jquery/

3、VI系统视觉基本要素设计
https://www.onexin.net/vi-system-the-basic-elements-of-visual-design-of/

4、最新开启URL静态的Rewrite规则 For DZ7.2/UCH2.0/SS7.5
https://www.onexin.net/open_url_rewrite_for_dz7x_uch2x_ss7x/

5、用两句代码实现l图片在网页中的阿尔法效果
https://www.onexin.net/l-with-the-two-pictures-on-the-page-code-to-achieve-the-alpha-effect/

转载请注明出处:https://www.onexin.net/ca-server-cert/

Leave a Reply