In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-01 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
What is CA
CA is like the Bureau of Industry and Commerce. The CA certificate is a business license issued to merchants and an identity authentication license issued to each site on the Internet. For example, the website that appears after we enter www.xxx.com, how do we know if it is secure? How do we know it is the website we want to log on to? If it has a CA certificate, and we have its certificate in our computer, then we can judge that it is safe and reliable.
What are the contents of the CA certificate?
The x509 standard defines the contents of the CA certificate. Here is a comparison of the three versions.
Third, how to obtain CA certificate
Since the CA certificate is so important to the online public node, how do you get it?
To get the CA certificate like the CA registration authority to apply for it, but to spend money, a year does not have much money, ordinary users do not need CA, only those sites that need to be recognized by the network society, sites, platforms need CA certification.
But is there a free CA for free?
We can create our own CA and then issue our own certificates. But what's the point of doing this? Of course, it doesn't make much sense for small companies and ordinary users, but powerful companies dare to do so, such as monopolies, who issue certificates to themselves, believe it or not, it monopolizes resources, and you can't help it if you don't believe it.
For example, 12306, is it right for us to open it to indicate that the certificate is not trusted? It issued a certificate to itself. It said, "believe it or not, there is no second website that sells train tickets."
Learn 12306 to build your own CA
In linux, we will use the OpenSSL installation package to establish a private CA
Steps:
1. Generate a private key
When the private key is used to issue a certificate, it is used when adding a digital signature to the certificate
two。 Generate self-signed certificate
Each communicating party imports this certificate to the trusted Certificate Authority
3. Configuration file
/ etc/pki/tls/openssl.cnf
4. Working directory
/ etc/pki/CA/
5. Detailed steps for establishing CA
1. Generate a private key to / etc/pki/CA/private
2. Generate self-signed certificate to / etc/pki/CA/
If our company is called alibaba in Zhengzhou, China, the company number is 123456, the website is www.alibaba.com, and the mailbox is wuhf123@126.com.
3. Provide the necessary supporting documents so that when others apply for a certificate or revoke a certificate, I can record their information automatically in the future.
(1) create an index.txt file under / etc/pki/CA/
(2) create a / etc/pki/CA/serial file and add a starting number to it
Apply for a certificate from CA
If our company is called wuhfnet and our website is called www.wuhfnet.com
1. Generate your own private key
two。 Generate a certificate signing request file
Openssl req-new-key.. -out.. -days..
The options in the certificate signing request, except for common name to fill in your own website, must be consistent with the CA issuing authority.
3. Send the request file to CA
Copy it with a flash drive or send it by e-mail, just like you send a possible application to the Bureau of Industry and Commerce.
7. CA issues certificates
1. Verify the identity information of the requester
Just like the Trade and Industry Bureau receives an application and then goes to your company to examine your qualifications.
two。 Sign the certificate
Openssl ca-in.. -out.. -days..
3. Return the signed certificate to the requestor
VIII. Revocation of certificate
1. Obtain the serial number of the revocation certificate
2. Revoke the certificate
Openssl ca-revoke / PATH/FROM/CRT-FILE
3. Generate the revocation number
Echo 01 > / etc/pki/CA/crlnumber
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 230
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.