first create a private on the other host Ca
If I were to open a different virtual machine now,
Log in
One, surviving a pair of keys (the private key and the public key, the public key can be extracted in the private key so that the private key is created)
[[Email protected] ~] #cd/ETC/PKI/CA
[[Email protected] ca]# (umask 077; opensslgenrsa–out PRIVATE/CAKEY.PEM 2048)
second, the generation CA 's Certificate
[email protected] ca]# OpenSSL req-new-x509-key private/cakey.pem-out Cacert.pem
Asked to Enterinformation, that'll be incorporated
into your certificate request.
What's about-to-enter is what iscalled a distinguished Name or a DN.
There is quite a few fields and you canleave some blank
For some fields there would be a defaultvalue,
If you enter '. ', the field would be leftblank.
-----
Country Name (2 letter code) [XX]:CN
State or province name (full name) []:henan
Locality Name (eg, city) [Defaultcity]:zhengzhou
Organization Name (eg, company) [Defaultcompany Ltd]:huangby
Organizational Unit Name (eg, section) []:tech
Common name (eg, your name or your server ' sHostName) []:www.huangbaoying.com
Email Address []:[email protected]
Please enter the following ' extra ' attributes
To is sent with your certificate request
A Challenge Password []:
An optional company name []:
[[email protected] ca]# mkdir certs newcerts CRL
[email protected] ca]# Touch index.txt
[email protected] ca]# Touch serial
[Email protected] ca]# echo > serial
OK, get yourself a visa.
Three, OK, now on the host of the HTTPD server
[Email protected] ~]# cd/etc/httpd/
[[email protected] httpd]# mkdir SSL
[[email protected] httpd] #cd SSL
Create a private key
[[Email protected] ssl]# (umask 077; opensslgenrsa–out httpd.key 1024)
Create a certificate
[email protected] ca]# OpenSSL req–new-key httpd.key-out HTTPD.CSR
send the certificate to Ca
now we switch to CA If you're on the same console, you're not switching.
Iv. visas
[[Email protected] ~] #openssl ca–in httpd.csr–outhttpd.crt–days 3650
All right, the visa is complete. send HTTPD.CRT to httpd Server host
v. Log on to the httpd server host
put the received HTTPD.CRT under the/etc/httpd/ssl/ to spare .
This article is from the "rush to the Internet" blog, be sure to keep this source http://huangbaoying.blog.51cto.com/9267029/1604725
HTTPS server Configuration (iii) create a private CA and certificate