USB迷 | 专注于互联网分享

    最新消息: USBMI致力于为网友们分享Windows、安卓、IOS等主流手机系统相关的资讯以及评测、同时提供相关教程、应用、软件下载等服务。
    你的位置: 首页 > IT圈 > CA证书

    CA证书

    IT圈 admin 29浏览 0评论

    2024年4月24日发(作者:完颜觅珍)

    这篇文章有一些出入,注意下我修改的部分。

    HOWTO: Creating your own CA with OpenSSL

    Pheng Siong Ng

    ngps@

    Copyright © 2000, 2001 by Ng Pheng Siong.

    Revision History

    Revision $Revision: 1.1 $

    $Date: 2001/03/31 04:32:29 $

    Introduction

    This is a HOWTO on creating your own certification authority (CA) with OpenSSL.

    I last created a CA about a year ago, when I began work on M2Crypto and needed certificates for the SSL bits. I

    accepted the tools' default settings then, e.g., certificate validity of 365 days; this meant that my certificates,

    including my CA's certificate, have now expired.

    Since I am using these certificates for M2Crypto's demonstration programs (and I have forgotten the passphrase to

    the CA's private key), I decided to discard the old CA and start afresh. I also decided to document the process,

    hence this HOWTO.

    The Procedure

    I use

    , a Perl program written by Steve Hanson and bundled with OpenSSL.

    The following are the steps to create a CA:

    1. Choose a directory to do your CA work. All commands are executed within this directory. Let's call the

    directory

    demo

    .

    2. Copy

    and

    into

    demo

    .

    3. Apply the following patch to

    , which allows it to generate a CA certificate with a validity period of

    1095 days, i.e., 3 years:

    --- Sat Mar 31 12:40:13 2001

    +++ Sat Mar 31 12:41:15 2001

    @@ -97,7 +97,7 @@

    } else {

    print "Making CA certificate ...n";

    system ("$REQ -new -x509 -keyout " .

    - "${CATOP}/private/$CAKEY -out

    ${CATOP}/$CACERT $DAYS");

    + "${CATOP}/private/$CAKEY -out

    ${CATOP}/$CACERT -days 1095");

    $RET=$?;

    }

    }

    4. Create a new CA like this:

    ./ -newca

    A certificate filename (or enter to create)

    Making CA certificate ...

    Using configuration from

    Generating a 1024 bit RSA private key

    ............++++++

    ......................++++++

    writing new private key to './demoCA/private/'

    Enter PEM pass phrase:

    (这个密码要输入,下面要用到,

    比如:1234)

    Verifying password - Enter PEM pass phrase:

    -----

    You are about to be asked to enter information that will be incorporated

    into your certificate request.

    What you are about to enter is what is called a Distinguished Name or

    a DN.

    There are quite a few fields but you can leave some blank

    For some fields there will be a default value,

    If you enter '.', the field will be left blank.

    -----

    Country Name (2 letter code) [AU]:

    SG

    State or Province Name (full name) [Some-State]:

    .

    Locality Name (eg, city) []:

    .

    .

    Organization Name (eg, company) [Internet Widgits Pty Ltd]:

    DemoCA

    2024年4月24日发(作者:完颜觅珍)

    这篇文章有一些出入,注意下我修改的部分。

    HOWTO: Creating your own CA with OpenSSL

    Pheng Siong Ng

    ngps@

    Copyright © 2000, 2001 by Ng Pheng Siong.

    Revision History

    Revision $Revision: 1.1 $

    $Date: 2001/03/31 04:32:29 $

    Introduction

    This is a HOWTO on creating your own certification authority (CA) with OpenSSL.

    I last created a CA about a year ago, when I began work on M2Crypto and needed certificates for the SSL bits. I

    accepted the tools' default settings then, e.g., certificate validity of 365 days; this meant that my certificates,

    including my CA's certificate, have now expired.

    Since I am using these certificates for M2Crypto's demonstration programs (and I have forgotten the passphrase to

    the CA's private key), I decided to discard the old CA and start afresh. I also decided to document the process,

    hence this HOWTO.

    The Procedure

    I use

    , a Perl program written by Steve Hanson and bundled with OpenSSL.

    The following are the steps to create a CA:

    1. Choose a directory to do your CA work. All commands are executed within this directory. Let's call the

    directory

    demo

    .

    2. Copy

    and

    into

    demo

    .

    3. Apply the following patch to

    , which allows it to generate a CA certificate with a validity period of

    1095 days, i.e., 3 years:

    --- Sat Mar 31 12:40:13 2001

    +++ Sat Mar 31 12:41:15 2001

    @@ -97,7 +97,7 @@

    } else {

    print "Making CA certificate ...n";

    system ("$REQ -new -x509 -keyout " .

    - "${CATOP}/private/$CAKEY -out

    ${CATOP}/$CACERT $DAYS");

    + "${CATOP}/private/$CAKEY -out

    ${CATOP}/$CACERT -days 1095");

    $RET=$?;

    }

    }

    4. Create a new CA like this:

    ./ -newca

    A certificate filename (or enter to create)

    Making CA certificate ...

    Using configuration from

    Generating a 1024 bit RSA private key

    ............++++++

    ......................++++++

    writing new private key to './demoCA/private/'

    Enter PEM pass phrase:

    (这个密码要输入,下面要用到,

    比如:1234)

    Verifying password - Enter PEM pass phrase:

    -----

    You are about to be asked to enter information that will be incorporated

    into your certificate request.

    What you are about to enter is what is called a Distinguished Name or

    a DN.

    There are quite a few fields but you can leave some blank

    For some fields there will be a default value,

    If you enter '.', the field will be left blank.

    -----

    Country Name (2 letter code) [AU]:

    SG

    State or Province Name (full name) [Some-State]:

    .

    Locality Name (eg, city) []:

    .

    .

    Organization Name (eg, company) [Internet Widgits Pty Ltd]:

    DemoCA

    继续浏览有关 的文章

    与本文相关的文章

    发布评论

    评论列表 (0)

    1. 暂无评论