没有合适的资源?快使用搜索试试~ 我知道了~
资源推荐
资源详情
资源评论
HTTPS 双向认证+USB 硬件加密锁配置教程
环境: Ubuntu14.04,apache2.4.7, openssl1.0.1f
作者: Jailman
安装 apache2
apt-get install apache2 -y
一般 openssl 默认已经安装
开启 apache 的 ssl 模块和 ssl 站点
a2enmod ssl
a2ensite default-ssl.conf
创建证书目录
mkdir /etc/apache2/certs
进入目录创建证书和秘钥
cd /etc/apache2/certs
/usr/lib/ssl/misc/CA.sh -newca
root@bogon:/etc/apache2/certs# /usr/lib/ssl/misc/CA.sh -newca
CA certificate filename (or enter to create)
Making CA certificate ...
Generating a 2048 bit RSA private key
.............................................................................................+++
..+++
writing new private key to './demoCA/private/./cakey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Beijing
Locality Name (eg, city) []:Beijing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:PWRD
Organizational Unit Name (eg, section) []:OPS
Common Name (e.g. server FQDN or YOUR name) []:10.1.1.128
Email Address []:jailman@sina.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:111111
An optional company name []:pwrd
Using configuration from /usr/lib/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/./cakey.pem:
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 14695213526817228816 (0xcbefe2d81474c810)
Validity
Not Before: Jan 5 05:30:34 2017 GMT
Not After : Jan 5 05:30:34 2020 GMT
Subject:
countryName = CN
stateOrProvinceName = Beijing
organizationName = PWRD
organizationalUnitName = OPS
commonName = 10.1.1.128
emailAddress = jailman@sina.com
X509v3 extensions:
X509v3 Subject Key Identifier:
50:CA:37:3C:45:11:0E:E1:BA:E7:80:74:66:D0:98:B9:21:8E:13:BD
X509v3 Authority Key Identifier:
keyid:50:CA:37:3C:45:11:0E:E1:BA:E7:80:74:66:D0:98:B9:21:8E:13:BD
X509v3 Basic Constraints:
CA:TRUE
Certificate is to be certified until Jan 5 05:30:34 2020 GMT (1095 days)
Write out database with 1 new entries
Data Base Updated
tree 命令查看一下
root@bogon:/etc/apache2/certs# tree
.
└── demoCA
├── cacert.pem
├── careq.pem
├── certs
├── crl
├── index.txt
├── index.txt.attr
├── index.txt.old
├── newcerts
│ └── CBEFE2D81474C810.pem
├── private
│ └── cakey.pem
└── serial
剩余19页未读,继续阅读
资源评论
大囚长
- 粉丝: 973
- 资源: 48
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功