码迷,mamicode.com
首页 > 其他好文 > 详细

car认证中心配置

时间:2016-01-25 11:37:59      阅读:310      评论:0      收藏:0      [点我收藏+]

标签:ca 认证中心

1.安装openssl软件

[root@xuegod61 ~]# yum -y install openssl

 2.配置文件

172 basicConstraints=CA:TRUE

 3.生成公钥证书私钥

[root@xuegod61 ~]# /etc/pki/tls/misc/CA -h

usage: /etc/pki/tls/misc/CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify

 [root@xuegod61~]# /etc/pki/tls/misc/CA -newca

Usingconfiguration from /etc/pki/tls/openssl.cnf

Enterpass phrase for /etc/pki/CA/private/./cakey.pem:

Checkthat the request matches the signature

Signatureok

CertificateDetails:

        Serial Number: 17413805404962385785(0xf1aa43c0e68f6f79)

        Validity

            Not Before: Jan 24 08:36:04 2016GMT

            Not After : Jan 23 08:36:04 2019GMT

        Subject:

            countryName               = CN

            stateOrProvinceName        = beijing

            organizationName           =xuegod

            organizationalUnitName      = IT

            commonName              = xuegod61.cn

            emailAddress               =1@163.com

        X509v3 extensions:

            X509v3 Subject Key Identifier:

               DA:BD:34:5B:08:8A:90:30:75:7B:59:E3:F6:61:98:94:B6:7C:18:83

            X509v3 Authority Key Identifier:

               keyid:DA:BD:34:5B:08:8A:90:30:75:7B:59:E3:F6:61:98:94:B6:7C:18:83

 

            X509v3 Basic Constraints:

                CA:TRUE

Certificateis to be certified until Jan 23 08:36:04 2019 GMT (1095 days)

 

Writeout database with 1 new entries

DataBase Updated

 4.查看证书和私钥

[root@xuegod61~]# vim /etc/pki/CA/cacert.pem

查看私钥

[root@xuegod61~]# vim /etc/pki/CA/private/cakey.pem

-----BEGIN ENCRYPTED PRIVATE KEY-----

MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI7zwuLuC9VTYCAggA

MBQGCCqGSIb3DQMHBAgyhrOhDVaJAwSCBMhPUFUQDD3i/o+Zl+EKtX83Pe2lHHBl

8pQD6fh+DyzMINJ1hMycy/nRzBqt/+1bLnkIsmK2LN5YC4lLJbxzAODUrauOVGPs

/nbAO+70fg5xvosvJ1tfYI2h5inF3SbXvApf7bcazcw3Uf8w0KhWFiOFLyJuhefv

XTYvbdrKyrw3BCHJY9U8caEBkZvhndML7qFjeUary2SUoVNC49ACcfiuybNFGVdf

CoHwP1R7/2ieM3DHAYFdx0h0rsgr60tcko/WOihSrlJiBLlSsChBl6PwVZTZGbpF

wB54rLX3P3ZpRtUMZXEA+1pCxBukznWYziULx31bZpk+u4vUMvdund4+O6nEwKnG

nD2bqGoLltpqvQ/VdzAy94vKXOfYRYvA30ZVXEM+IAuf61taBaeX78pNEL6ylDaZ

nFSRK67pVJTaN414y/sKNwUgxRu9Mb68hjOL1MCdTbKA8/mYGRBRnq69bmVaUmzf

SH4ymXbUOz9AG/7JicRAs01AsM68fcQaNGEKcXA0NBKOQRWPMKJx5fTjgZbLpkhj

rR1U3rr8B9SroZrVt8qj0sjpfbYjd+ElNAZMeInHGFJ0R3cg7tRVviSWIbosAKk+

38zF4e2haKv1NSrh2UHT2sBmwFW74pHJ3EwUYpxS+mHDamCYKn2CTj9pO+lK6HFP

OJ62IApcWZmolR/OtqlniD3cGBY8FRNVL16KMTHdHIDTNYElL3wwDfVsb9B1YV8n

Rlni0v7VYv2ZPMu1La7sBYUEc7fkPOqleeHhUEU232h1UT/BnEUCOYKwr0f+uFur

/B2MspqbagU0fx5TSM2D+BPUf2M88qYmgynQim5hu4zOhHAmxjsdNMFMNTppUyHQ

Xr9Equ/L+3PlW1KhAxvy4npY8swAsDgQVX10GiEV6VAUZDgWg5uAWVk38QspifaG

1hGoRKAuDV/o+dpeMPJbemZ6iPDzpOlqXsjw1kU8BcbGHFY5pxoQ2YrAYsobiPMw

KQQuF0xcFZhjKnPUI2GyG+Am2FnTnwnd0wCKF5NR7qq5tsd9LlHFckX3OIBDWFqb

C12pzgyWa3JymqToeGdP3oVKW1TczrhNOQZEgahXAhEkr2t5qbtuiY9xTNOiSYeL

MfFNF6s6cf3WSFSWwUWidIrF3kBrhV2/2vzapObFxGfBsYhyadFrJjNO2ZYKQRwu

zqM5iuNltCKikMMz9EfScWlaIuZGzzgp/NptsD0dpZV5YWvmfFn+1EHck8JDWmXQ

FWeH3RYgn9mWM8PwjAjKHFHboGMdR3IILQ8u0PpW7SaOcAj29C/JRxwWajr11t6O

umi2cdtMRZDpD9qsrLE5xplMw6yPlbV+WrgM+MOs4DFrPnmjrEjUUD+F4ulsCeey

RE2TXyHwQOczqD8D6masMgw4DL9siLPDTtWjFxJmqJuJmISILF0CkDIIWBi9lRI8

Lu4XE0A6cl3wBVDjFefHUN8as6OzQ4QsFMqFnX4xVv4bSDWO9HEx4Dk8Hof/AOIH

JwYleEBvUjDO8FuGKfULZcwlTZdFfsfkTvZaORnBTh1QFLFg2RhZmhU4BEfuY+v7

oFIwQE55L+9zweERjjMPy1bfm7aC5+9+nGpxDsa8ua43b+eAfCSf/WsXCg4pmlp/

wPw=

-----END ENCRYPTED PRIVATE KEY-----

 5.客户端安装httpd

[root@xuegod63 ~]# yum install httpd -y

6.客户端生成证书请求文件,获得证书

[root@xuegod63 ~]# yum install openssl -y

生成私钥

[root@xuegod63 ~]# openssl genrsa -des3-out /etc/httpd/conf.d/server.key

利用私钥生成证书请求文件

[root@xuegod63~]# openssl req -new -key /etc/httpd/conf.d/server.key -out /server.csr

[root@xuegod63~]# scp /server.csr root@192.168.5.63:/tmp

7.生成证书

[root@xuegod61 ~]# openssl ca -keyfile/etc/pki/CA/private/cakey.pem -cert

/etc/pki/CA/cacert.pem-in /tmp/server.csr -out /server.crt

8.复制证书到客户端

[root@xuegod61CA]# scp /server.crt 192.168.1.64:/

9.客户端安装ssl

[root@xuegod63~]# yum install mod_ssl -y

10.客户端配置ssl

[root@xuegod63~]#vim /etc/httpd/conf.d/ssl.conf

改代码:SSLCertificateFile /etc/httpd/conf.d/server.crt

        SSLCertificateKeyFile/etc/httpd/conf.d/server.key

11.重启服务

[root@xuegod63~]#service httpd restart

12.客户端访问

 

浏览器查看证书

 

 


本文出自 “eNet-chen” 博客,谢绝转载!

car认证中心配置

标签:ca 认证中心

原文地址:http://enet01.blog.51cto.com/7301323/1738077

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!