Shulou(Shulou.com)05/31 Report--

This article is about how to create a private CA. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

In the process of creating a private CA, first prepare the host environment, using two virtual machines, one as CA with the IP address of 192.168.1.112, and one as the host using the certificate with the IP address of 192.168.1.104

1, the files needed to create the CA on the CA host

Create the required files in the / etc/pki/CA directory, as shown in the following figure:

2. Create a private key file:

Command used: (umask 077; openssl genrsa-out / etc/pki/CA/private/cakey.pem 2048)

3The CA host generates a certificate request and issues certificates for itself.

Command: openssl req-new-x509-key / etc/pki/CA/private/cakey.epm-days 7300-out / etc/pki/CA/cacert.pem

-new: generate a new certificate signing request

-x509: dedicated to CA generation of self-signed certificates

-key: the private key file used to generate the request

-days n: the validity period of the certificate; in "days"

-out: indicates the path where the certificate is saved

4. Generate a private key file on the host that needs to use the certificate

Take the http service as an example, create a new ssl directory under the / etc/httpd directory

Generate the private key file as shown in the following figure:

5. Generate CA request

6. Send a request to the CA host

7 the certificate signed by CA

8. The CA sends the signed certificate back to the host that sent the request.

The certificate signed by CA has been generated

View the index file of the certificate: this file includes the certificate number and subject information

01.pem is a generated certificate, which is placed here in the newcerts directory under the current directory. When it is really applied on the Internet, you should put the certificate under the certs directory and change the name of the certificate to the name of the host that needs to use the certificate to facilitate identification.

At this point, the creation of the private CA is complete. Here's how to revoke the certificate.

1. Obtain the serial number of the certificate serial on the client

2. Revoke the certificate:

3. Generate the number of the certificate to be revoked:

4. Update the list of revoked certificates:

Thank you for reading! This is the end of the article on "how to create a private CA". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.