Shulou(Shulou.com)06/01 Report--

Preparation environment: 2 virtual machines, centos6.7 (client) and centos7.0 (server)

Configuration file: / etc/pki/tls/openssl.cnf

①, create the required files

Touch / etc/pki/CA/index.txtecho 01 > / etc/pki/CA/serial

Under the ②, cd / etc/pki/CA directory

Generate a private key

(umask 066; openssl genrsa-out private/cakey.pem 2048)

Generate a self-signed certificate

Openssl req-new-x509-key / etc/pki/CA/private/cakey.pem-days 3650-out / etc/pki/CA/cacert.pem

-new: generate a new certificate signing request

-x509: dedicated to CA generation of self-signed certificates

-key: the private key file used to generate the request

-days n: the validity period of the certificate

-out / PATH/TO/SOMECERTFILE: path to save certificates

③, generate a private key on the client (6.7)

(umask 066; openssl genrsa-out / etc/pki/CA/httpd.key 1024)

Generate a certificate request file:

Openssl req-new-key / etc/pki/CA/httpd.key-days 365-out / etc/pki/CA/httpd.csr

Note: the name of country, province and company must be the same as CA

④, transfer the certificate file to (7.0)

Scp / etc/pki/CA/httpd.csr 192.168.1.10 (ip address): / etc/pki/CA/newcerts

⑤ 、

Openssl ca-in / et/pki/CA/newcerts/httpd.csr-out / etc/pki/CA/certs/httpd.crt-days 365

Send httpd.crt back (6.7)

Scp / etc/pki/CA/certs/httpd.crt ip address: / etc/pki/CA/

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.