生成apache证书(https应用)

来源:网络 责任编辑:栏目编辑 发表时间:2013-07-01 22:40 点击:

# cd /usr/local/apache2/conf
# tar zxvf ssl.ca-0.1.tar.gz
# cd ssl.ca-0.1
生成根证书:
# ./new-root-ca.sh                         (生成根证书)
No Root CA key round. Generating one
Generating RSA private key, 1024 bit long modulus
...........................++++++
....++++++
e is 65537 (0x10001)
Enter pass phrase for ca.key:              (输入一个密码)
Verifying - Enter pass phrase for ca.key:  (再输入一次密码)
......
Self-sign the root CA...                   (签署根证书)
Enter pass phrase for ca.key:              (输入刚刚设置的密码)
........
........                                   (下面开始签署)
Country Name (2 letter code) [MY]:CN
State or Province Name (full name) [Perak]:HaiNan
Locality Name (eg, city) [Sitiawan]:HaiKou
Organization Name (eg, company) [My Directory Sdn Bhd]:Wiscom System Co.,Ltd
Organizational Unit Name (eg, section) [Certification Services Division]:ACSTAR
Common Name (eg, MD Root CA) []:WISCOM CA
Email Address []:acmail@wiscom.com.cn

这样就生成了ca.key和ca.crt两个文件,下面还要为我们的服务器生成一个证书:
生成server证书:
# ./new-server-cert.sh server              (这个证书的名字是server)
......
......
Country Name (2 letter code) [MY]:CN
State or Province Name (full name) [Perak]:HaiNan
Locality Name (eg, city) [Sitiawan]:HaiKou
Organization Name (eg, company) [My Directory Sdn Bhd]:Wiscom System Co.,Ltd
Organizational Unit Name (eg, section) [Secure Web Server]:ACSTAR
Common Name (eg, www.domain.com) []:acmail.wiscom.com.cn
Email Address []:acmail@wiscom.com.cn

这样就生成了server.csr和server.key这两个文件。
签署server证书:
# ./sign-server-cert.sh server
CA signing: server.csr -> server.crt:
Using configuration from ca.config
Enter pass phrase for ./ca.key:             (输入上面设置的根证书密码)
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'CN'
stateOrProvinceName   :PRINTABLE:'JiangSu'
localityName          :PRINTABLE:'NanJing'
organizationName      :PRINTABLE:'Wiscom System Co.,Ltd'
organizationalUnitName:PRINTABLE:'ACSTAR'
commonName            :PRINTABLE:'acmail.wiscom.com.cn'
emailAddress          :IA5STRING:'acmail@wiscom.com.cn'
Certificate is to be certified until Jul 16 12:55:34 2005 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
CA verifying: server.crt <-> CA cert
server.crt: OK
(如果这里出现错误,最好重新来过,删除ssl.ca-0.1这个目录,从解压缩处重新开始。)

下面要按照ssl.conf里面的设置,将证书放在适当的位置。
# chmod 400 server.key
# cd ..
# mkdir ssl.key
# mv ssl.ca-0.1/server.key ssl.key
# mkdir ssl.cr

    发表评论
    请自觉遵守互联网相关的政策法规,严禁发布色情、暴力、反动的言论。
    用户名: 验证码:点击我更换图片
    最新评论 更多>>

    推荐热点

    • /etc/fstab 详解
    • nginx主主集群
    •  LVS-NAT和LVS-DR模式的实现详解
    •  RHCE考试之磁盘配额
    • 学习笔记:ACL详解
    •  LVM逻辑卷管理器
    • suse linux双网卡双网关配置
    •  Nginx主主负载均衡架构
    • ubuntu学习Mysql

    快速直达

    操作系统导航

    LinuxWindows虚拟机
    网站首页 - 友情链接 - 网站地图 - TAG标签 - RSS订阅 - 内容搜索
    Copyright © 2008-2015 计算机技术学习交流网. 版权所有

    豫ICP备11007008号-1