Shulou(Shulou.com)06/01 Report--

This article mainly introduces the relevant knowledge of how to build a private CA server under Linux. The content is detailed and easy to understand, easy to operate, and has a certain reference value. I believe you will gain something after reading this article on how to build a private CA server under Linux. Let's take a look.

CA is the international general name of certification body. It is an organization that issues, manages and cancels digital certificates to applicants of digital certificates. The function of CA is to check the legitimacy of the identity of the certificate holder and issue the certificate (sign the certificate mathematically) to prevent the certificate from being forged or tampered with.

First, establish a CA server

1. Generate key

(): indicates that this command is run in a child process in order not to change the umask value in the current Shell

Genrsa: generate private key

-out: the storage path of the private key. Cakey.pem: the key name, which is consistent with the configuration file.

2048: key length. Default is 1024.

2. Self-signed certificate

Req: generate a certificate signing request

-x509: generate self-signed certificate

-days n: the number of days the certificate is valid

-new: new request

-key / path/to/keyfile: specify the private key file

-out / path/to/somefile: output file location.

3. Initialize the working environment

Index.txt: index file to match certificate number

Serial: certificate serial number file, assigned only when the certificate is generated for the first time.

II. Node applies for certificate

1. Generate key pairs

2. Generate a certificate request

Modify the default information to simplify input and use consistent information across nodes.

3. Send the signature request file to the CA server

Third, sign the certificate

1. Sign the certificate on the CA server

2. Send it to the requester

IV. Revocation of certificate

(1) Node requests revocation

1. Obtain certificate serialx509: certificate format

-in: certificate to be revoked

-noout: no additional information is output

-serial: displays the serial number

-subject: displays subject information.

(2) CA verification information

1. The serial and subject information submitted by the node to verify whether it is consistent with the information in the index.txt file. 2. Revoke the certificate-revoke: delete the certificate.

View the list of revoked certificates 3, generate the number of the revoked certificate (if it is the first revocation) 4, update the certificate revocation list-gencrl: generate a certificate revocation list; 5, view the contents of the crl file-text: displayed in text.

This is the end of the article on "how to build a private CA server under Linux". Thank you for reading! I believe you all have a certain understanding of "how to build a private CA server under Linux". If you want to learn more, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.