试验环境介绍
(Host for CA 192.168.23.10, httpd: 192.168.23.11)
1: Create a new Web server with a host name of www Yum Install- y httpd 2: Generate private keymkdir/etc/httpd/SSL CD/etc/httpd/SSL (Umask077;openssl genrsa-out/etc/httpd/ssl/httpd.key 2048) 3: Generate Certificate Signing requestOpenSSL req -new -key/etc/httpd/ssl/httpd. Key -out httpd. CSR -days 365 The certificate request content is as follows:Country Name (2 letter code) [XX]: CN state or province name (full name) []: Beijing Locality Name (eg, city) [Default City]: Beijing Organization Name (eg, company) [Default company LTD]: uplooking organizational Unit Name (eg, section) []: Ops Common name (eg, your name or your server ' s hostname) []: www.uplooking.com email Address []: [email protected]uplooking. com 4: Send the certificate request through SCP to the CA host SCP httpd. CSR [email protected]192.168.10:/root/ 5: Sign the certificate on the CA host ( operate on the CA host), save the signed certificate in the/etc/pki/ca/certs/directory First OpenSSL ca -in/root/httpd. CSR -out/etc/pki/ca/certs/httpd. CRT -days 365 6: Send the certificate to the Web server SCP/etc/pki/ca/certs/httpd. CRT [email protected]192. 168.11 :/etc/httpd/ssl/ 7: View the information in the certificateOpenSSL x509 -in/etc/httpd/ssl/httpd. CRT -noout -serial -subject
How to register a CA certificate on a single Web server