СТАТЬЯ НЕ СОХРАНИЛАСЬ.
Данное описание создавалось на CentOS
6; в других ОС расположение файлов может
отличаться Первое, что нам понадобится
- создать сертификат "центра
сертификации", которым будут
подписываться все последующие сертификаты:
[root@centserv
misc]# /etc/pki/tls/misc/CA -newca CA certificate filename (or
enter to create)
Making CA certificate ... Generating a
2048 bit RSA private
key ........+++ .....................................................+++ writing
new private key to '/etc/pki/CA/private/./cakey.pem' Enter PEM
pass phrase: Verifying - Enter PEM pass phrase: ----- You
are about to be asked to enter information that will be
incorporated into your certificate request. What you are about
to enter is what is called a Distinguished Name or a DN. There are
quite a few fields but you can leave some blank For some fields
there will be a default value, If you enter '.', the field will be
left blank. ----- Country Name (2 letter code) [XX]:RU State
or Province Name (full name) []:Moscow Locality Name (eg, city)
[Default City]:Moscow Organization Name (eg, company) [Default
Company Ltd]:JSC Horns&Hoffs Organizational Unit Name (eg,
section) []:IT Common Name (eg, your name or your server's
hostname) []:centserv.test.lan Email Address
[]:root@test.lan
Please enter the following 'extra'
attributes to be sent with your certificate request A challenge
password []: An optional company name
[]: Using configuration from /etc/pki/tls/openssl.cnf Enter
pass phrase for /etc/pki/CA/private/./cakey.pem: Check that the
request matches the signature Signature ok Certificate
Details: Serial Number:
a9:d6:5f:4b:9e:0a:4c:13
Validity
Not Before: Aug 8 07:24:38 2013 GMT
Not After : Aug 7 07:24:38 2016 GMT
Subject:
countryName = RU
stateOrProvinceName
= Moscow
organizationName = JSC
Horns&Hoffs
organizationalUnitName = IT
commonName
= centserv.test.lan
emailAddress =
root@test.lan X509v3 extensions:
X509v3 Subject Key Identifier:
F0:B1:F7:29:B4:C1:2E:3B:FC:14:D3:19:E1:A1:C3:74:F1:76:5E:79
X509v3 Authority Key Identifier:
keyid:F0:B1:F7:29:B4:C1:2E:3B:FC:14:D3:19:E1:A1:C3:74:F1:76:5E:79
X509v3 Basic Constraints:
CA:TRUE Certificate
is to be certified until Aug 7 07:24:38 2016 GMT (1095
days)
Write out database with 1 new entries Data Base
Updated
[root@centserv misc]#
В результате будет
создан ключевой файл /etc/pki/CA/private/cakey.pem
|