Manage your own CA
2009-05-13 03:00:06来源:未知 阅读 ()
建立你的 CA $ /usr/lib/ssl/misc/CA.pl -newca
CA certificate filename (or enter to create)
Making CA certificate ...
Generating a 1024 bit RSA private key
.................................++++++
....................................++++++
writing new private key to './demoCA/private/cakey.pem'
Enter PEM pass phrase: (輸入一個密碼,以後簽署證書時都要使用這個密碼)
Verifying - Enter PEM pass phrase: (再次輸入上面輸入的密碼作確認)
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN (國家編碼)
State or Province Name (full name) [Some-State]:HKSAR (州或省份)
Locality Name (eg, city) []:Hong Kong
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Example Ltd.
Organizational Unit Name (eg, section) []:Certificate Authority
Common Name (eg, YOUR name) []: Example CA (CA 名字)
Email Address []:ca@example.com (聯絡電郵)
你會看到下列檔案:
./demoCA/certs
./demoCA/crl 電子證書撤銷列表 (Certificate Revocation List)
./demoCA/newcerts 備份所有經這個 CA 簽署過的電子證書
./demoCA/private CA 的私有區,存放了不可以外洩的資料,例如私鑰
./demoCA/private/cakey.pem CA 的私鑰
./demoCA/index.txt
./demoCA/cacert.pem CA 的證書
./demoCA/serial
[
编辑
]
用你的 CA 簽署電字證書
把要簽署的 CSR 放在 CA 目錄 (和 demoCA 在同一層) 並記名作 newreq.pem,然後打 /usr/lib/ssl/misc/CA.pl -signreq:
$ /usr/lib/ssl/misc/CA.pl -signreq
Using configuration from /usr/lib/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem: (鍵入 CA 的密碼)
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number:
b2:7f:68:4d:80:d1:7b:a9
Validity
Not Before: Nov 20 18:15:25 2004 GMT
Not After : Nov 20 18:15:25 2005 GMT
Subject:
countryName = CN
stateOrProvinceName = HKSAR
标签:
版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
特别注意:本站所有转载文章言论不代表本站观点,本站所提供的摄影照片,插画,设计作品,如需使用,请与原作者联系,版权归原作者所有
上一篇:查看系统状态[转载]
下一篇:安全工具
- 选择FreeBSD的中文编码 2009-05-13
- squid2.7 snmp问题 2009-05-13
- FreeBSD下WEBCAM 2009-05-13
- [FreeBSD] 因缺少/etc/termcap而导致的系统故障 2009-05-13
- FreeBSD中启用SSH 2009-05-13
IDC资讯: 主机资讯 注册资讯 托管资讯 vps资讯 网站建设
网站运营: 建站经验 策划盈利 搜索优化 网站推广 免费资源
网络编程: Asp.Net编程 Asp编程 Php编程 Xml编程 Access Mssql Mysql 其它
服务器技术: Web服务器 Ftp服务器 Mail服务器 Dns服务器 安全防护
软件技巧: 其它软件 Word Excel Powerpoint Ghost Vista QQ空间 QQ FlashGet 迅雷
网页制作: FrontPages Dreamweaver Javascript css photoshop fireworks Flash
