1 | [root@edokumenty ~]# cd /usr/lib/openssl/ |
---|
2 | |
---|
3 | [root@edokumenty openssl]# ./CA.pl -newca |
---|
4 | CA certificate filename (or enter to create) |
---|
5 | |
---|
6 | Making CA certificate ... |
---|
7 | Generating a 1024 bit RSA private key |
---|
8 | ...................++++++ |
---|
9 | .....++++++ |
---|
10 | writing new private key to './demoCA/private/cakey.pem' |
---|
11 | Enter PEM pass phrase: |
---|
12 | Verifying - Enter PEM pass phrase: |
---|
13 | ----- |
---|
14 | You are about to be asked to enter information that will be incorporated |
---|
15 | into your certificate request. |
---|
16 | What you are about to enter is what is called a Distinguished Name or a DN. |
---|
17 | There are quite a few fields but you can leave some blank |
---|
18 | For some fields there will be a default value, |
---|
19 | If you enter '.', the field will be left blank. |
---|
20 | ----- |
---|
21 | Country Name (2 letter code) [AU]:PL |
---|
22 | State or Province Name (full name) [Some-State]:Slaskie |
---|
23 | Locality Name (eg, city) []:Zabrze |
---|
24 | Organization Name (eg, company) [Internet Widgits Pty Ltd]:BetaSoft |
---|
25 | Organizational Unit Name (eg, section) []:Developers |
---|
26 | Common Name (eg, YOUR name) []:eDokumentyCA |
---|
27 | Email Address []:admins@betasoft.pl |
---|
28 | |
---|
29 | [root@edokumenty openssl]# mkdir requests |
---|
30 | [root@edokumenty openssl]# cd requests/ |
---|
31 | [root@edokumenty requests]# openssl genrsa -out x.key 1024 |
---|
32 | [root@edokumenty requests]# openssl genrsa -out x.key 1024 |
---|
33 | Generating RSA private key, 1024 bit long modulus |
---|
34 | ..................................++++++ |
---|
35 | ............++++++ |
---|
36 | e is 65537 (0x10001) |
---|
37 | [root@edokumenty requests]# ls -l |
---|
38 | razem 4 |
---|
39 | -rw-r--r-- 1 root root 887 2009-10-15 11:20 x.key |
---|
40 | [root@edokumenty requests]# openssl req -new -key x.key -days 3449 -out request.pem |
---|
41 | You are about to be asked to enter information that will be incorporated |
---|
42 | into your certificate request. |
---|
43 | What you are about to enter is what is called a Distinguished Name or a DN. |
---|
44 | There are quite a few fields but you can leave some blank |
---|
45 | For some fields there will be a default value, |
---|
46 | If you enter '.', the field will be left blank. |
---|
47 | ----- |
---|
48 | Country Name (2 letter code) [AU]:PL |
---|
49 | State or Province Name (full name) [Some-State]:Slaskie |
---|
50 | Locality Name (eg, city) []:Zabrze |
---|
51 | Organization Name (eg, company) [Internet Widgits Pty Ltd]:BetaSoft |
---|
52 | Organizational Unit Name (eg, section) []:Developers |
---|
53 | Common Name (eg, YOUR name) []:edokumenty |
---|
54 | Email Address []:admins@betasoft.pl |
---|
55 | |
---|
56 | Please enter the following 'extra' attributes |
---|
57 | to be sent with your certificate request |
---|
58 | A challenge password []: |
---|
59 | An optional company name []: |
---|
60 | [root@edokumenty requests]# openssl req -noout -text -in request.pem |
---|
61 | Certificate Request: |
---|
62 | Data: |
---|
63 | Version: 0 (0x0) |
---|
64 | Subject: C=PL, ST=Slaskie, L=Zabrze, O=BetaSoft, OU=Developers, CN=edokumenty/emailAddress=admins@betasoft.pl |
---|
65 | Subject Public Key Info: |
---|
66 | Public Key Algorithm: rsaEncryption |
---|
67 | RSA Public Key: (1024 bit) |
---|
68 | Modulus (1024 bit): |
---|
69 | 00:ba:8a:0e:c0:c9:87:7a:e6:52:9e:6f:6a:6b:08: |
---|
70 | ef:50:5c:86:1e:dc:e7:5f:dc:7d:75:85:88:68:95: |
---|
71 | 72:52:1a:28:8a:db:03:1f:e0:55:bd:7d:8b:f3:88: |
---|
72 | 66:be:cd:d4:8b:2b:e1:58:0f:aa:15:df:a5:20:55: |
---|
73 | fd:b1:5a:30:1c:39:0e:99:b1:30:38:f0:69:c2:88: |
---|
74 | ea:e3:a0:0a:21:18:66:ce:ed:44:25:67:ec:0d:fe: |
---|
75 | 2e:3b:29:51:d2:36:e3:29:1e:29:ba:3d:c7:cb:5e: |
---|
76 | 12:a4:98:d4:6d:5c:25:8c:c6:0a:05:c5:6e:1a:f5: |
---|
77 | c0:60:43:d6:a8:3c:8b:9e:87 |
---|
78 | Exponent: 65537 (0x10001) |
---|
79 | Attributes: |
---|
80 | a0:00 |
---|
81 | Signature Algorithm: md5WithRSAEncryption |
---|
82 | 9f:c0:c2:41:73:f6:d2:8c:25:5a:bc:2a:79:99:a5:f7:a5:0e: |
---|
83 | 51:4a:da:b4:3b:ee:19:73:fb:23:ba:ab:71:2a:6b:75:ee:02: |
---|
84 | cc:1e:ff:25:a6:ac:ce:4f:09:83:4e:85:87:2d:ac:f0:23:94: |
---|
85 | 3f:b2:c8:7e:af:46:ff:d5:98:0b:16:b6:71:48:7e:2d:74:8a: |
---|
86 | c5:d4:56:b0:9e:0c:6e:0f:a0:88:a5:8c:eb:4f:c5:eb:03:e4: |
---|
87 | f7:10:07:5f:aa:b9:3e:5c:93:b4:0d:89:2c:e9:1e:ec:f5:c2: |
---|
88 | ec:d3:44:f7:8a:94:d2:70:a4:14:94:b0:15:14:c7:a6:b6:e5: |
---|
89 | 8c:dc |
---|
90 | [root@edokumenty requests]# cd .. |
---|
91 | root@edokumenty openssl]# cp requests/request.pem newreq.pem |
---|
92 | root@edokumenty openssl]# ./CA.pl -sign |
---|
93 | Using configuration from /var/lib/openssl/openssl.cnf |
---|
94 | Enter pass phrase for ./demoCA/private/cakey.pem: |
---|
95 | Check that the request matches the signature |
---|
96 | Signature ok |
---|
97 | Certificate Details: |
---|
98 | Serial Number: |
---|
99 | db:e1:8d:be:8c:fd:cb:88 |
---|
100 | Validity |
---|
101 | Not Before: Oct 15 09:23:59 2009 GMT |
---|
102 | Not After : Oct 15 09:23:59 2011 GMT |
---|
103 | Subject: |
---|
104 | countryName = PL |
---|
105 | stateOrProvinceName = Slaskie |
---|
106 | localityName = Zabrze |
---|
107 | organizationName = BetaSoft |
---|
108 | organizationalUnitName = Developers |
---|
109 | commonName = edokumenty |
---|
110 | emailAddress = admins@betasoft.pl |
---|
111 | X509v3 extensions: |
---|
112 | X509v3 Basic Constraints: |
---|
113 | CA:FALSE |
---|
114 | Netscape Comment: |
---|
115 | OpenSSL Generated Certificate |
---|
116 | X509v3 Subject Key Identifier: |
---|
117 | 98:8D:8C:B1:AD:5A:6A:E6:4E:BA:98:98:FE:44:6C:EB:6F:78:82:B9 |
---|
118 | X509v3 Authority Key Identifier: |
---|
119 | keyid:E4:59:7A:6F:14:DA:48:D1:B1:C0:EC:1E:F9:03:DB:A2:4C:D3:2A:16 |
---|
120 | DirName:/C=PL/ST=Slaskie/L=Zabrze/O=BetaSoft/OU=Developers/CN=eDokumentyCA/emailAddress=admins@betasoft.pl |
---|
121 | serial:DB:E1:8D:BE:8C:FD:CB:87 |
---|
122 | |
---|
123 | Certificate is to be certified until Oct 15 09:23:59 2011 GMT (730 days) |
---|
124 | Sign the certificate? [y/n]:n |
---|
125 | CERTIFICATE WILL NOT BE CERTIFIED |
---|
126 | Signed certificate is in newcert.pem |
---|
127 | |
---|
128 | [root@edokumenty openssl]# vim /var/lib/openssl/openssl.cnf |
---|