首页 > 系统相关 >Centos7 CA根证书搭建

Centos7 CA根证书搭建

时间:2022-10-04 00:44:53浏览次数:59  
标签:Name rootca csk CN CA Centos7 pem 搭建

案例

  • CA根证书路径/csk-rootca/csk-ca.pem;
  • 签发数字证书,颁发者信息:(仅包含如下信息)
    C = CN
    ST = China
    L = BeiJing
    O = skills
    OU = Operations Departments
    CN = CSK Global Root CA

配置

创建目录及文件

mkdir /csk-rootca
cd /csk-rootca
mkdir private		# 密钥存放位置
mkdir newcerts		# 新申请的证书位置
touch index.txt		# 数据库索引文件
echo 01 > serial	# 序列号记录文件,证书授权时会以此为起始号码

修改配置文件

vim /etc/pki/tls/openssl.cnf
...
[CA_default]
dir		= /csk-rootca
certificate	= /$dir/csk-ca.pem
...
policy		= policy_anything

生成私钥、根证书

cd /csk-rootca
openssl genrsa -out private/cakey.pem 4096
openssl req -new -x509 -key private/cakey.pem -out csk-ca.pem -days 3650
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN	# C 国家
State or Province Name (full name) []:China	# ST 城市
Locality Name (eg, city) [Default City]:BeiJing	# L 组织
Organization Name (eg, company) [Default Company Ltd]:skills	# O 组织
Organizational Unit Name (eg, section) []:Operations Departments	# OU 组织单位
Common Name (eg, your name or your server's hostname) []:CSK Global Root CA	# CN 公用名
Email Address []:	# 电子邮箱

查看根证书信息

[root@localhost csk-rootca]# openssl x509 -in csk-ca.pem -noout -text | grep Subject
        Subject: C=CN, ST=China, L=BeiJing, O=skills, OU=Operations Departments, CN=CSK Global Root CA
        Subject Public Key Info:
            X509v3 Subject Key Identifier:
[root@localhost csk-rootca]#

标签:Name,rootca,csk,CN,CA,Centos7,pem,搭建
From: https://www.cnblogs.com/frost-descent/p/16751951.html

相关文章

  • Tomcat——idea集成本地Tomcat
    IDEA集成本地Tomcat添加配置    添加本地Tomcat服务器    配置本地Tomcat路径    部署项目          在webapp中添加一个简......
  • HDU-5380 Travel with candy(贪心+单调队列)
    TravelwithcandyTimeLimit:2000/1000MS(Java/Others)    MemoryLimit:262144/262144K(Java/Others)TotalSubmission(s):396    AcceptedSubmission(s)......
  • SSM 环境搭建
    环境搭建创建web项目并添加相关依赖.相关依赖和配置统一项目构建字符编码为UTF-8,JDK版本号为1.8:<properties><project.build.sourceEncoding>UTF-8</pro......
  • this 的指向与 call, apply, bind 的模拟实现
    1.this的指向问题关于函数的this的指向并不是一个很复杂的问题我们首先要明确一个定义:fn=function(){...}指的是fn这个属性存储着一个函数的地址fn_addr,......
  • Python+Django+Nginx的从0到1的个人网站搭建(二)
    本文介绍阿里云ESC服务器的购买以及项目部署一、服务器购买点此购买再依次点击这里我选择新用户免费试用一个月,系统选择了Ubuntu,其余根据需求自选:记住你的公......
  • Connecting the Hosts: Street-Level IP Geolocation with Graph Neural Networks论文
    ConnectingtheHosts:Street-LevelIPGeolocationwithGraphNeuralNetworksABSTRACT大概讲述了该论文的重要性,作者利用主机信息和邻居关系嵌入到图中来推断拓扑结......
  • D. Bank Security Unification
    D.BankSecurityUnificationhttps://codeforces.ml/group/MKpYqfAQQQ/contest/401639/problem/D题意给你一个数列你可以选择一个子序列(可以不连续)这个序列的贡献......
  • Linux_Tomcat实战
    Tomcat实战tomcat简述tomcat安装部署jspgou项目tomcat简述Tomcat服务器是一个免费的开放源代码的Web应用服务器,Tomcat是Apache软件基金会(ApacheSoftwareFoun......
  • CentOS7如何进行扩容 - LVM
    CentOS(CommunityEnterpriseOperatingSystem)是Linux发行版之一,它是来自于RedHatEnterpriseLinux(RHEL)依照开放源代码规定发布的源代码所编译而成。由于出自同样的源......
  • 如何在阿里云服务器搭建flask
    下载flask不用我多说了,pip3installflask 今天在阿里云的服务器上测试一个Flask程序,命名指定了ip:0.0.0.0,port:5000,但是外网IP确怎么也访问不了网页 上网上好个查,发......