标签:tor 命令使用 加密 txt letter cat private conf company
1.CA是什么
CA(Certificate Authority)证书颁发机构主要负责证书的颁发、管理以及归档和吊销。证书内包含了拥有证书者的姓名、地址、电子邮件帐号、公钥、证书有效期、发放证书的CA、CA的数字签名等信息。证书主要有三大功能:加密、签名、身份验证。
2.搭建CA服务器
2.1 生成秘钥
[root@localhost CA]# cd /etc/pki/CA/ #切换到CA目录 [root@localhost CA]# (umask 077; openssl genrsa -out private/cakey.pem 2048) #调用openssl子命令genrsa生成私钥 Generating RSA private key, 2048 bit long modulus ..+++ ...................................................................................................................................................................................................................+++ e is 65537 (0x10001)
注:上述命令使用()扩着,表示在当前shell的子shell执行,()内的设定只在子shell内生效,每个命令使用“;”分割 , umask指定掩码, -out选项指定了生成的私钥存放位置,不指定是输出到终端的。2048 指定秘钥的长度,默认是1024。
2.2自签证书
[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ‘.‘, the field will be left blank. ----- Country Name (2 letter code) [GB]:CN State or Province Name (full name) [Berkshire]:ZHENGZHOU Locality Name (eg, city) [Newbury]: [root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ‘.‘, the field will be left blank. ----- Country Name (2 letter code) [GB]:CN State or Province Name (full name) [Berkshire]:HENAN Locality Name (eg, city) [Newbury]:ZHENGZHOU Organization Name (eg, company) [My Company Ltd]:ZKYT Organizational Unit Name (eg, section) []:TECH Common Name (eg, your name or your server‘s hostname) []:ca.linuxpanda.com Email Address []:caadmin@linuxpanda.com
3.初始化工作环境
[root@localhost CA]# touch index.txt serial #创建index.txt,serial文件 [root@localhost CA]# echo 01 >serial #写入初始值
[root@localhost CA]# mkdir csr #创建csr目录
3.节点申请证书
3.1生成密钥对
[root@localhost CA]# cd /etc/httpd/ssl #进入httpd的配置子目录ssl -bash: cd: /etc/httpd/ssl: No such file or directory [root@localhost CA]# ls cacert.pem index.txt private serial [root@localhost CA]# cd /etc/httpd/ #查看目录情况 [root@localhost httpd]# ls conf conf.d logs modules run [root@localhost httpd]# mkdir ssl #创建ssl目录,用于存放秘钥 [root@localhost httpd]# (umask 077; openssl genrsa -out ssl/httpd.key 2048) #生成私钥 Generating RSA private key, 2048 bit long modulus .+++ ............................+++ e is 65537 (0x10001)
3.2生成证书请求
[root@localhost httpd]# openssl req -new -key ssl/httpd.key -out ssl/httpd.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ‘.‘, the field will be left blank. ----- Country Name (2 letter code) [GB]:CN State or Province Name (full name) [Berkshire]:HENAN Locality Name (eg, city) [Newbury]:ZHENGZHOU Organization Name (eg, company) [My Company Ltd]:ZKYT Organizational Unit Name (eg, section) []:TECH Common Name (eg, your name or your server‘s hostname) []:tech1.linuxpanda.com Email Address []: Please enter the following ‘extra‘ attributes to be sent with your certificate request A challenge password []: An optional company name []:
3.3证书请求文件发送到服务器
标签:tor 命令使用 加密 txt letter cat private conf company
原文地址:http://www.cnblogs.com/zhaojiedi1992/p/zhaojiedi_linux_011.html
