Creating a private CA on a Linux system

First, what is CA

CA (Certificate authority) is the abbreviation of digital Certificate Certification Center, refers to the issuing, management, abolition of digital certificate institutions. The role of a CA is to check the legitimacy of the identity of the certificate holder and issue a certificate (signed on the certificate) to prevent the certificate from being forged or tampered with, and to manage the certificate and key.

Second, why use CA

CA is the core of PKI (Public Key Infrastructure) system. It issues public key certificates, certificates, and management certificates for the customer's public keys, and provides a range of key lifecycle management services. It associates the customer's public key with the customer's name and other attributes to authenticate the electronic identities between the customers. Certificate Center is an authoritative, trustworthy and notarial third-party organization. It is the basis of the existence and development of e-commerce.

Simply put, the use of CAs can not only ensure the safe transmission of data, but also to ensure the reliability of the target.

Let's show you how to create a private CA on a Linux system

First we will generate the private key on the machine that will create the private CA and view it, and guarantee that the file has permission of 600

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/87/F8/wKioL1fl4r_Tgny3AACHxaO95VI213.png "style=" float: none; "title=" 1 generate the private key and view ensure that the permission is 600.png "alt=" Wkiol1fl4r_tgny3aachxao95vi213.png "/>

Generate self-signed certificates

Where/etc/pki/ca certs CRL newcerts files may not be generated automatically if you do not want to create them manually

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/87/FC/wKiom1fl4sCRHZeYAABrQTK-Rdo368.png "style=" float: none; "Title=" 2 generated from the visa book. png "alt=" Wkiom1fl4scrhzeyaabrqtk-rdo368.png "/>

Provide the required directories and files for the CA

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/87/FC/wKiom1fl4sDSHn9AAAAL9bT3S1w151.png "style=" float: none; "Title=" 3 provides the required files and directories for the CA. png "alt=" Wkiom1fl4sdshn9aaaal9bt3s1w151.png "/>

By doing this we create a private CA, and we'll show you how to issue a certificate

Generate a private key on the host that needs to be issued a certificate (here we take httpd as an example)

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/87/F8/wKioL1fl4sGyZoC_AABEdanKiy4957.png "style=" float: none; "title=" 4 generates the private key on the server on which the certificate is to be requested. png "alt=" Wkiol1fl4sgyzoc_aabedankiy4957.png "/>

Generate Request File

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/87/F8/wKioL1fl4sHAsr2hAABi40VFD7Q321.png "style=" float: none; "title=" 5 generate the request file. png "alt=" Wkiol1fl4shasr2haabi40vfd7q321.png "/>

Send the request file to the private CA host, here we use the SCP command for the convenience of testing, and the actual work will be implemented in a more secure way;

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/87/FC/wKiom1fl4sHzF2O0AAAUlk8NOtk434.png "style=" float: none; "Title=" 6 sends the request file to the private CA host. png "alt=" Wkiom1fl4shzf2o0aaaulk8notk434.png "/>

To view whether a private CA host receives a request file

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/87/F8/wKioL1fl4sLgBAfCAAARSAT3fhU977.png "style=" float: none; "title=" 7 private CA host to see if the request file was received. png "alt=" Wkiol1fl4slgbafcaaarsat3fhu977.png "/>

Issuing certificates

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/87/FC/wKiom1fl4sKCzS7UAACHt_2Yqic445.png "style=" float: none; "title=" 8 issue certificate. png "alt=" Wkiom1fl4skczs7uaacht_2yqic445.png "/>

View the Issued certificate

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M01/87/F8/wKioL1fl4sPx4a3sAAAcOivk3cg350.png "style=" float: none; "Title=" 9 view the issued certificate. png "alt=" Wkiol1fl4spx4a3saaacoivk3cg350.png "/>

Send the certificate to the requester

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/87/FC/wKiom1fl4sTAGGYRAAA0cjRpIXA560.png "style=" float: none; "title=" 10 send certificate. png "alt=" Wkiom1fl4staggyraaa0cjrpixa560.png "/>

Issue complete

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/87/F8/wKioL1fl4sTTZZurAAANAJNo5kI610.png "style=" float: none; "title=" 11 Confirm receipt of certificate. png "alt=" Wkiol1fl4sttzzuraaanajno5ki610.png "/>

This article is from the "11798474" blog, please be sure to keep this source http://11808474.blog.51cto.com/11798474/1856013

Creating a private CA on a Linux system