First, what is CA
CA (Certificate authority) is the abbreviation of digital Certificate Certification Center, refers to the issuing, management, abolition of digital certificate institutions. The role of a CA is to check the legitimacy of the identity of the certificate holder and issue a certificate (signed on the certificate) to prevent the certificate from being forged or tampered with, and to manage the certificate and key.
Second, why use CA
CA is the core of PKI (Public Key Infrastructure) system. It issues public key certificates, certificates, and management certificates for the customer's public keys, and provides a range of key lifecycle management services. It associates the customer's public key with the customer's name and other attributes to authenticate the electronic identities between the customers. Certificate Center is an authoritative, trustworthy and notarial third-party organization. It is the basis of the existence and development of e-commerce.
Simply put, the use of CAs can not only ensure the safe transmission of data, but also to ensure the reliability of the target.
Let's show you how to create a private CA on a Linux system
First we will generate the private key on the machine that will create the private CA and view it, and guarantee that the file has permission of 600
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/87/F8/wKioL1fl4r_Tgny3AACHxaO95VI213.png "style=" float: none; "title=" 1 generate the private key and view ensure that the permission is 600.png "alt=" Wkiol1fl4r_tgny3aachxao95vi213.png "/>
Generate self-signed certificates
Where/etc/pki/ca certs CRL newcerts files may not be generated automatically if you do not want to create them manually
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/87/FC/wKiom1fl4sCRHZeYAABrQTK-Rdo368.png "style=" float: none; "Title=" 2 generated from the visa book. png "alt=" Wkiom1fl4scrhzeyaabrqtk-rdo368.png "/>
Provide the required directories and files for the CA
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/87/FC/wKiom1fl4sDSHn9AAAAL9bT3S1w151.png "style=" float: none; "Title=" 3 provides the required files and directories for the CA. png "alt=" Wkiom1fl4sdshn9aaaal9bt3s1w151.png "/>
By doing this we create a private CA, and we'll show you how to issue a certificate
Generate a private key on the host that needs to be issued a certificate (here we take httpd as an example)
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/87/F8/wKioL1fl4sGyZoC_AABEdanKiy4957.png "style=" float: none; "title=" 4 generates the private key on the server on which the certificate is to be requested. png "alt=" Wkiol1fl4sgyzoc_aabedankiy4957.png "/>
Generate Request File
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/87/F8/wKioL1fl4sHAsr2hAABi40VFD7Q321.png "style=" float: none; "title=" 5 generate the request file. png "alt=" Wkiol1fl4shasr2haabi40vfd7q321.png "/>
Send the request file to the private CA host, here we use the SCP command for the convenience of testing, and the actual work will be implemented in a more secure way;
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/87/FC/wKiom1fl4sHzF2O0AAAUlk8NOtk434.png "style=" float: none; "Title=" 6 sends the request file to the private CA host. png "alt=" Wkiom1fl4shzf2o0aaaulk8notk434.png "/>
To view whether a private CA host receives a request file
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/87/F8/wKioL1fl4sLgBAfCAAARSAT3fhU977.png "style=" float: none; "title=" 7 private CA host to see if the request file was received. png "alt=" Wkiol1fl4slgbafcaaarsat3fhu977.png "/>
Issuing certificates
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/87/FC/wKiom1fl4sKCzS7UAACHt_2Yqic445.png "style=" float: none; "title=" 8 issue certificate. png "alt=" Wkiom1fl4skczs7uaacht_2yqic445.png "/>
View the Issued certificate
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M01/87/F8/wKioL1fl4sPx4a3sAAAcOivk3cg350.png "style=" float: none; "Title=" 9 view the issued certificate. png "alt=" Wkiol1fl4spx4a3saaacoivk3cg350.png "/>
Send the certificate to the requester
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/87/FC/wKiom1fl4sTAGGYRAAA0cjRpIXA560.png "style=" float: none; "title=" 10 send certificate. png "alt=" Wkiom1fl4staggyraaa0cjrpixa560.png "/>
Issue complete
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/87/F8/wKioL1fl4sTTZZurAAANAJNo5kI610.png "style=" float: none; "title=" 11 Confirm receipt of certificate. png "alt=" Wkiol1fl4sttzzuraaanajno5ki610.png "/>
This article is from the "11798474" blog, please be sure to keep this source http://11808474.blog.51cto.com/11798474/1856013
Creating a private CA on a Linux system