标签:for vat 自签名 evo revoke 数据库 ever ase 配置
OPENSSL配置文件路径/etc/pki/tls/openssl.cnf[ CA_default ]
dir = /etc/pki/CA # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
crlnumber = $dir/crlnumber # the current crl number
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem建立CA
cd /etc/pki/CA
(umask 077;openssl genrsa -out private/cakey.pem 2048 ) #生成CA私钥
openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3650 #生成CA自签名证书
> index.txt #建立CA数据库(默认此文件不存在)
echo 09 > serial #默认此文件不存在,编号数字为16进制(umask 066;openssl genrsa -out /test/app.key 1024)
openssl req -new -key /test/app.key -out /test/app.csr #生成证书申请openssl ca -in /test/app.csr -out /etc/pki/CA/certs/app.crt -days 100openssl ca -revoke newcerts/0B.pem
openssl ca -status 0B
echo 09 > crlnumber
openssl ca -gencrl -out /etc/pki/CA/crl.pem标签:for vat 自签名 evo revoke 数据库 ever ase 配置
原文地址:http://blog.51cto.com/14133915/2347129
