Home > Others

Detailed Openssl implementation process for private CA and how to configure and install certificates

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

A self-signed certificate usually requires a client and a server. For convenience, my self-signed certificate is completed on the same host, then install verification on the physical host.

1. Implementation of private CA preparation process 1. Installation of ssl module

650) this. width = 650; "border =" 0 "alt =" "src =" http://img1.51cto.com/attachment/201304/222636329.png "/>

2. view the mod_ssl list

650) this. width = 650; "border =" 0 "alt =" "src =" http://img1.51cto.com/attachment/201304/222654930.png "/>

2. detailed process of creating a self-signed certificate 1. Generate a key for the Self-signed certificate first

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/1912513949-2.png "/>

2. Modify the following content in vim/etc/pki/tls/openssl. cnf:

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/1912513049-3.png "/>

3. Generate a self-signed certificate here

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/1912516428-4.png "/>

4. Run vim/etc/pki/tls/openssl. cnf to modify the central directory of CA.

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/19125142V-5.png "/>

5. Check again to find that the certificate is successfully generated.

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/1912512B6-6.png "/>

6. Create several directories and files to prepare for the following process:

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/1912516100-7.png "/>

7. Create a directory and save the generated pair of keys to httpd. key650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/1912515964-8.png "/> 8. Generate a certificate issue request

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/191251FD-9.png "/>

9. Now you can sign the certificate.

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/1912513M0-10.png "/>

10. Check whether the certificate is successfully signed.

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/1912512453-11.png "/>

11. At this time, you will find that the certificate has been successfully issued. be excited.

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/1912511P9-12.png "/>

Now there is a certificate on the server. How can I configure this certificate for the configuration server? Iii. how to configure certificates 1. Backup Directory

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/19125135T-13.png "/>

2. Modify vim ssl. conf as follows:

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/191251L15-14.png "/>

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/1912513X1-15.png "/>

3. Check for syntax errors and restart the system.

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/191251CD-16.png "/>

4. Check whether port 443 is listened on.

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/1912512158-17.png "/>

5. vim/etc/hosts parsing File

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/1912515596-18.png "/>

6. Access www.hello.com

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/19125151W-19.png "/>

7. Access https://www.hello.net

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/1912516022-20.png "/>

8. What should I do if I have no access permission? We need to send the client certificate to the server with a copy of cdcd/etc/pki/CA to switch to this directory first.

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/19125144Q-21.png "/>

9. After cacert. pem is transferred to the physical host, rename it.

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/1912511593-22.png "/>

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/1912513c3-23.png "/>

4. Import the certificate into the browser and verify it. 1. Start to install the certificate.

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/191251B28-24.png "/>

2. Click "Next"

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/1912516161-25.png "/>

3. Select the certificate storage location

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/1912514333-26.png "/>

4. Certificate import completed

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/1912512116-27.png "/>

5. Select "yes" and click

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/1912515062-28.png "/>

6. Certificate import successful

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/1912516017-29.png "/>

7. Manage certificates

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/1912515637-30.png "/>

8. view the imported Certificate

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/191251C13-31.png "/>

9. encrypted access to the webpage

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/19125151I-32.png "/>

In this way, our access to the entire site is encrypted. Is it easy to configure an ssl site? The above is the configuration and installation process of private CA, hoping to provide you with some small learning help.

This article is from the "show_only" blog, please be sure to keep this source http://10240214.blog.51cto.com/6634068/1175705

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
install and configure postgresql install and configure phpmyadmin how to configure openssl openssl create ca and sign certificate how to generate public and private key openssl generate csr and private key openssl generate private key and csr

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More