vim/etc/pki/tls/openssl.conf Opening a configuration file
Switch to/etc/pki/ca:cd/etc/pki/ca
Create the missing files touch index.txt
echo > Serial
CA self-Visa certificate (umask 077;openssl genrsa-out PRIVATE/CAKEY.PEM 2048) 2048 for specifying the key length
OpenSSL req-new-x509-key private/cakey.pem-days 7300-out Private/cacert.pem
-new used to generate a new certificate signing request
-x509 for a CA to generate self-signed certificates
-key used to indicate the private key file
-days Certificate Validity days
-out Certificate Save Path
Generate a certificate request with the certificate's host
Generate the private key (Umask 077; OpenSSL genrsa-out Path/to/somewhere/name.key 2048)
Generate request for OpenSSL Req-new-key path/to/somewhere/name.key-days 356-out NAME.CSR
Send the request to the target host SCP NAME.CSR [email protected]:/tmp
Target host visa OpenSSL ca-in/tmp/name.csr-out/etc/pki/ca/certs/name.crt-days 356
OpenSSL creating a private CA