In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-28 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/02 Report--
This article mainly introduces the implementation of Shell script to generate SSL self-signed certificate. This article directly gives the implementation code, which contains a lot of comments. Friends who need it can refer to it.
A certificate is required to function properly after enabling mod_ssl for apache. Wrote a script to operate. The first step is to make sure that openssl is already on the machine.
The copy code is as follows:
#! / bin/sh
The root directory of the ssl certificate output.
SslOutputRoot= "/ etc/apache_ssl"
If [$#-eq 1]; then
SslOutputRoot=$1
Fi
If [!-d ${sslOutputRoot}]; then baby named http://www.bbqmw.net/qm_yeqm
Mkdir-p ${sslOutputRoot}
Fi
Cd ${sslOutputRoot}
Echo "starts creating the CA root certificate …"
Create the CA root certificate, which is later used to sign the certificate for the server. If it is through a commercial CA such as
If Verisign or Thawte sign the certificate, you don't need to create the root certificate yourself. Instead, you should
Post the contents of the server csr file generated later into an web table, pay the signing fee and
A certificate waiting to be signed. For more information about commercial CA, see:
Verisign-http://digitalid.verisign.com/server/apacheNotice.htm
Thawte Consulting-http://www.thawte.com/certs/server/request.html
CertiSign Certificadora Digital Ltda. -http://www.certisign.com.br
IKS GmbH-http://www.iks-jena.de/produkte/ca /
Uptime Commerce Ltd.-http://www.uptimecommerce.com
BelSign NV/SA-http://www.belsign.be
Generate the CA root certificate private key
Openssl genrsa-des3-out ca.key 1024
Generate CA root certificate
Fill in the fields as prompted, but note that Common Name is preferably a valid root domain name (such as zeali.net)
And cannot be exactly the same as the Common Name filled in the server certificate signing request file later, otherwise it will
Causes the certificate to appear when it is generated
Error 18 at 0 depth lookup:self signed certificate error
Openssl req-new-x509-days 365-key ca.key-out ca.crt
Echo "CA root certificate created."
Echo "starts to generate server certificate signing files and private keys..."
Generate server private key
Openssl genrsa-des3-out server.key 1024
Generate a server certificate signing request file. It is best for Common Name to fill in the full domain name using the certificate.
(for example, security.zeali.net)
Openssl req-new-key server.key-out server.csr
Ls-altrh ${sslOutputRoot} / server.*
Echo "server certificate signing file and private key generation completed."
Echo "starts signing server certificate signing documents with CA root certificate …"
Sign the server certificate and generate the server.crt file
See http://www.faqs.org/docs/securing/chap24sec195.html
Sign.sh START
Sign a SSL Certificate Request (CSR)
Copyright ©1998-1999 Ralf S. Engelschall, All Rights Reserved.
CSR=server.csr
Case $CSR in
* .csr) CERT= "echo $CSR | sed-e's /\ .csr / .crt /'"
) CERT= "$CSR.crt"
Esac
Make sure environment exists
If [!-d ca.db.certs]; then
Mkdir ca.db.certs
Fi
If [!-f ca.db.serial]; then
Echo '01' > ca.db.serial
Fi
If [!-f ca.db.index]; then
Cp / dev/null ca.db.index
Fi
Create an own SSLeay config
If you need to modify the validity period of the certificate, please modify the following default_days parameter.
The current setting is 10 years.
Cat > ca.config
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 207
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.