沉舟侧畔千帆进,病树前头万木春。这篇文章主要讲述#yyds干货盘点#私有CA和证书申请相关的知识,希望能为你提供帮助。
建立私有CA:
OpenCA:OpenCA开源组织使用Perl对OpenSSL进行二次开发而成的一套完善的PKI免费软件openssl:相关包
openssl和openssl-libs
证书申请及签署步骤:
【#yyds干货盘点#私有CA和证书申请】1、生成证书申请请求
2、RA核验
3、CA签署
4、获取证书
[root@C8-8 ~]# whereis openssl
openssl: /usr/bin/openssl /usr/share/man/man1/openssl.1ssl.gz
1.openssl-libs包
[root@C8-8 ~]# rpm -ql openssl-libs
/etc/pki/tls
/etc/pki/tls/certs
/etc/pki/tls/ct_log_list.cnf
/etc/pki/tls/misc
/etc/pki/tls/openssl.cnf
/etc/pki/tls/private
/usr/lib/.build-id
/usr/lib/.build-id/00
/usr/lib/.build-id/00/2a6b0c4063f20cd80099a3b4d9e3732e0bbc73
/usr/lib/.build-id/32
/usr/lib/.build-id/32/e275760859214d906dab89c9ab008bc40f6e6f
/usr/lib/.build-id/39
/usr/lib/.build-id/39/da39ce3c907073d0e69f48906646b3e288ca78
/usr/lib/.build-id/54
....
2.openssl的配置文件:/etc/pki/tls/openssl.cnf
三种策略:match匹配、optional可选、supplied提供match:要求申请填写的信息跟CA设置信息必须一致optional:可有可无,跟CA设置信息可不一致supplied:必须填写这项申请信息
[root@C8-8 ~]# cat /etc/pki/tls/openssl.cnf
#
####################################################################
[ ca ]
default_ca= CA_default
# The default ca section
####################################################################
[ CA_default ]
dir = /etc/pki/CA # Where everything is kept
certs = $dir/certs# Where the issued certs are kept
crl_dir = $dir/crl# Where the issued crl are kept
database= $dir/index.txt# database index file.
#unique_subject = no# Set to no to allow creation of
# several certs with same subject.
new_certs_dir= $dir/newcerts # default place for new certs.
certificate = $dir/cacert.pem # The CA certificate
serial= $dir/serial # The current serial number
crlnumber = $dir/crlnumber# the current crl number
# must be commented out to leave a V1 CRL
crl = $dir/crl.pem # The current CRL private_key = $dir/private/cakey.pem# The private key
RANDFILE= $dir/private/.rand# private random number file
x509_extensions = usr_cert# The extensions to add to the cert
#Comment out the following two lines for the "traditional"
#(and highly broken) format.
name_opt= ca_default# Subject Name options
cert_opt= ca_default推荐阅读
- Linux 服务器日常巡检脚本分享 #yyds干货盘点#
- 国际专线主要是能解决用户什么问题呢()
- #yyds干货盘点# 数字序列
- 阿里云镜像配置 PackMan 镜像
- 视频平台部署如何给软件包文件赋予对应的用户权限()
- docker部署单机版skywalking
- 运行时数据区中包含哪些区域(哪些线程共享?哪些线程独享?#yyds干货盘点#)
- 算法与正则表达式
- #yyds干货盘点#mybatis-plus学习与实践逻辑删除