AdminGuide/CertificatePathCreation: ssl2.sh

Plik ssl2.sh, 5.4 KB (dodany przez JP, 15 years temu)
xx

Historia tworzenia CA i certyfikatu edokumenty na PLD

Line 
1[root@edokumenty ~]# cd /usr/lib/openssl/
2
3[root@edokumenty openssl]# ./CA.pl -newca
4CA certificate filename (or enter to create)
5
6Making CA certificate ...
7Generating a 1024 bit RSA private key
8...................++++++
9.....++++++
10writing new private key to './demoCA/private/cakey.pem'
11Enter PEM pass phrase:
12Verifying - Enter PEM pass phrase:
13-----
14You are about to be asked to enter information that will be incorporated
15into your certificate request.
16What you are about to enter is what is called a Distinguished Name or a DN.
17There are quite a few fields but you can leave some blank
18For some fields there will be a default value,
19If you enter '.', the field will be left blank.
20-----
21Country Name (2 letter code) [AU]:PL
22State or Province Name (full name) [Some-State]:Slaskie
23Locality Name (eg, city) []:Zabrze
24Organization Name (eg, company) [Internet Widgits Pty Ltd]:BetaSoft
25Organizational Unit Name (eg, section) []:Developers
26Common Name (eg, YOUR name) []:eDokumentyCA
27Email Address []:admins@betasoft.pl
28
29[root@edokumenty openssl]# mkdir requests
30[root@edokumenty openssl]# cd requests/
31[root@edokumenty requests]# openssl genrsa -out x.key 1024
32[root@edokumenty requests]# openssl genrsa  -out x.key 1024
33Generating RSA private key, 1024 bit long modulus
34..................................++++++
35............++++++
36e is 65537 (0x10001)
37[root@edokumenty requests]# ls -l
38razem 4
39-rw-r--r--  1 root root 887 2009-10-15 11:20 x.key
40[root@edokumenty requests]# openssl req -new -key x.key -days 3449 -out request.pem
41You are about to be asked to enter information that will be incorporated
42into your certificate request.
43What you are about to enter is what is called a Distinguished Name or a DN.
44There are quite a few fields but you can leave some blank
45For some fields there will be a default value,
46If you enter '.', the field will be left blank.
47-----
48Country Name (2 letter code) [AU]:PL
49State or Province Name (full name) [Some-State]:Slaskie
50Locality Name (eg, city) []:Zabrze
51Organization Name (eg, company) [Internet Widgits Pty Ltd]:BetaSoft
52Organizational Unit Name (eg, section) []:Developers
53Common Name (eg, YOUR name) []:edokumenty
54Email Address []:admins@betasoft.pl
55
56Please enter the following 'extra' attributes
57to be sent with your certificate request
58A challenge password []:
59An optional company name []:
60[root@edokumenty requests]# openssl req  -noout -text -in  request.pem
61Certificate Request:
62    Data:
63        Version: 0 (0x0)
64        Subject: C=PL, ST=Slaskie, L=Zabrze, O=BetaSoft, OU=Developers, CN=edokumenty/emailAddress=admins@betasoft.pl
65        Subject Public Key Info:
66            Public Key Algorithm: rsaEncryption
67            RSA Public Key: (1024 bit)
68                Modulus (1024 bit):
69                    00:ba:8a:0e:c0:c9:87:7a:e6:52:9e:6f:6a:6b:08:
70                    ef:50:5c:86:1e:dc:e7:5f:dc:7d:75:85:88:68:95:
71                    72:52:1a:28:8a:db:03:1f:e0:55:bd:7d:8b:f3:88:
72                    66:be:cd:d4:8b:2b:e1:58:0f:aa:15:df:a5:20:55:
73                    fd:b1:5a:30:1c:39:0e:99:b1:30:38:f0:69:c2:88:
74                    ea:e3:a0:0a:21:18:66:ce:ed:44:25:67:ec:0d:fe:
75                    2e:3b:29:51:d2:36:e3:29:1e:29:ba:3d:c7:cb:5e:
76                    12:a4:98:d4:6d:5c:25:8c:c6:0a:05:c5:6e:1a:f5:
77                    c0:60:43:d6:a8:3c:8b:9e:87
78                Exponent: 65537 (0x10001)
79        Attributes:
80            a0:00
81    Signature Algorithm: md5WithRSAEncryption
82        9f:c0:c2:41:73:f6:d2:8c:25:5a:bc:2a:79:99:a5:f7:a5:0e:
83        51:4a:da:b4:3b:ee:19:73:fb:23:ba:ab:71:2a:6b:75:ee:02:
84        cc:1e:ff:25:a6:ac:ce:4f:09:83:4e:85:87:2d:ac:f0:23:94:
85        3f:b2:c8:7e:af:46:ff:d5:98:0b:16:b6:71:48:7e:2d:74:8a:
86        c5:d4:56:b0:9e:0c:6e:0f:a0:88:a5:8c:eb:4f:c5:eb:03:e4:
87        f7:10:07:5f:aa:b9:3e:5c:93:b4:0d:89:2c:e9:1e:ec:f5:c2:
88        ec:d3:44:f7:8a:94:d2:70:a4:14:94:b0:15:14:c7:a6:b6:e5:
89        8c:dc
90[root@edokumenty requests]# cd ..
91root@edokumenty openssl]# cp requests/request.pem newreq.pem
92root@edokumenty openssl]# ./CA.pl -sign
93Using configuration from /var/lib/openssl/openssl.cnf
94Enter pass phrase for ./demoCA/private/cakey.pem:
95Check that the request matches the signature
96Signature ok
97Certificate Details:
98        Serial Number:
99            db:e1:8d:be:8c:fd:cb:88
100        Validity
101            Not Before: Oct 15 09:23:59 2009 GMT
102            Not After : Oct 15 09:23:59 2011 GMT
103        Subject:
104            countryName               = PL
105            stateOrProvinceName       = Slaskie
106            localityName              = Zabrze
107            organizationName          = BetaSoft
108            organizationalUnitName    = Developers
109            commonName                = edokumenty
110            emailAddress              = admins@betasoft.pl
111        X509v3 extensions:
112            X509v3 Basic Constraints:
113                CA:FALSE
114            Netscape Comment:
115                OpenSSL Generated Certificate
116            X509v3 Subject Key Identifier:
117                98:8D:8C:B1:AD:5A:6A:E6:4E:BA:98:98:FE:44:6C:EB:6F:78:82:B9
118            X509v3 Authority Key Identifier:
119                keyid:E4:59:7A:6F:14:DA:48:D1:B1:C0:EC:1E:F9:03:DB:A2:4C:D3:2A:16
120                DirName:/C=PL/ST=Slaskie/L=Zabrze/O=BetaSoft/OU=Developers/CN=eDokumentyCA/emailAddress=admins@betasoft.pl
121                serial:DB:E1:8D:BE:8C:FD:CB:87
122
123Certificate is to be certified until Oct 15 09:23:59 2011 GMT (730 days)
124Sign the certificate? [y/n]:n
125CERTIFICATE WILL NOT BE CERTIFIED
126Signed certificate is in newcert.pem
127
128[root@edokumenty openssl]# vim /var/lib/openssl/openssl.cnf