OpenSSL creating a private CA
----------------------------------------------------
1. Generate a private key for the CA
(Umask 077; OpenSSL GENRSA-OUT/ETC/PKI/CA/PRIVATE/CAKEY.PEM 2048) Generate private key
2. Generate self-signed certificate
OpenSSL req-new-x509-key/etc/pki/ca/private/cakey.pem-out/etc/pki/ca/cacert.pem-days 3650
CN
Gd
SZ
LT
JSB
Ca.litao.com
[Email protected]
OpenSSL X509-text-in/etc/pki/ca/cacert.pem displaying certificate information
3 supplement the necessary supporting documents:
Touch/etc/pki/ca/index.txt
echo >/etc/pki/ca/serial
----------------------------------------------------
Client requests:
Create your own private key for HTTP
(Umask 077; OpenSSL genrsa-out/etc/http/httpd.key 2048)
To generate a request:
OpenSSL req-new-key/etc/http/httpd.key-out/etc/http/httpd.csr-days 3650
CN
Gd
SZ
LT
JSB
Ca.litao.com
[Email protected]
Consistency with the CA
Upload to Server
Server signing Certificate:
We create a good CA on the host, receive the other people sent the certificate signing request, execute the following command, you can sign the certificate, generate the certificate file.
OpenSSL ca-in/path/httpd.csr-out/path/httpd.crt-days 3650
Y
Y
Server's CA