SSL基础:21:使用ca子命令为其他证书签名
生活随笔
收集整理的這篇文章主要介紹了
SSL基础:21:使用ca子命令为其他证书签名
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
ca子命令使用事前準備的CSR文件,可通過-selfsign選項指定私鑰生成自簽名證書。使用req子命令也可以生成自簽名證書,自簽名證書在實際的使用中用處一般是用來創建ca證書的,上篇文章介紹了如何使用x509子命令結合自簽名的ca證書對其他證書簽名請求CSR文件進行簽名,這篇文章介紹一下使用ca子命令的方式。
事前準備: 準備自簽名證書
準備私鑰和CSR文件
可以分別使用genrsa子命令和req -new來分別準備私鑰和CSR文件,也可以直接使用req -newkey一次直接生成。
[root@liumiaocn ca]# openssl req -newkey rsa:2048 -keyout ca.key -nodes -out request.csr -subj "/C=CN/ST=LiaoNing/L=DaLian/O=devops/OU=unicorn/CN=devops.com" Generating a RSA private key ...........................+++++ .........+++++ writing new private key to 'ca.key' ----- [root@liumiaocn ca]# ls ca.key request.csr [root@liumiaocn ca]#確認私鑰和CSR內容
[root@liumiaocn ca]# openssl req -text -noout -verify -in request.csr verify OK Certificate Request:Data:Version: 1 (0x0)Subject: C = CN, ST = LiaoNing, L = DaLian, O = devops, OU = unicorn, CN = devops.comSubject Public Key Info:Public Key Algorithm: rsaEncryptionRSA Public-Key: (2048 bit)Modulus:00:9a:18:76:96:e8:29:f6:f0:e7:ad:39:38:31:92:23:7e:3d:f8:88:5f:8f:5f:27:c7:9c:07:6e:b1:3d:13:05:85:37:44:a1:1c:e9:d2:05:40:a7:99:e7:92:0b:6a:2e:4b:1c:54:b6:5f:ea:4e:db:0c:78:64:74:e8:33:35:bd:f9:6e:65:58:5e:e7:a6:93:c5:32:99:27:df:e3:34:01:a7:b8:32:18:b3:d1:2d:54:df:ec:65:99:88:55:12:45:9b:6f:d5:f8:6f:6c:10:fd:85:c0:f4:ab:38:a9:41:6b:91:42:6f:fd:f3:5c:c9:ec:e0:f6:5e:81:9d:e1:10:56:ad:16:b9:26:e9:93:23:20:f0:a3:3c:86:f8:bc:a3:2e:4e:0d:b0:3f:33:9c:79:c1:0e:8d:37:66:8c:97:d8:78:4a:a8:5f:5a:f9:1b:d7:b7:cc:8e:c9:24:a3:d6:1b:b0:7e:c4:a8:74:dc:fb:b5:81:6c:97:69:92:92:39:69:e5:f3:26:12:aa:af:33:05:31:41:9e:65:90:f0:b7:94:44:9d:41:7e:b8:04:97:00:b4:2a:50:54:79:bf:35:09:8a:29:27:39:06:e7:b3:23:c2:cf:43:d1:ec:69:8d:db:5a:c7:e3:7f:55:09:4f:e4:e0:52:d6:98:fb:b7:1d:38:4b:c3Exponent: 65537 (0x10001)Attributes:a0:00Signature Algorithm: sha256WithRSAEncryption6f:bd:e4:40:de:3f:0b:d1:37:03:74:e3:d6:e3:81:12:d8:bb:9e:e0:f0:d6:f3:7a:90:80:09:78:c1:8e:2f:22:d3:5e:06:89:01:10:2f:b3:46:dd:91:95:c9:28:4f:cc:71:fe:cc:a4:70:37:e7:3d:fb:73:5d:9c:6a:40:b8:7a:bd:93:61:a5:53:7f:ba:59:b3:c4:47:25:2b:d1:4b:f5:cd:99:df:64:1b:85:19:88:37:5a:b2:6a:00:26:b0:8e:5e:d4:29:f8:09:eb:bb:75:9b:38:d8:6d:35:e5:79:b6:fc:fb:e0:f5:1e:03:eb:1e:34:74:f9:f7:e0:f4:4e:a4:03:ac:17:8a:39:86:82:b4:0c:ed:b1:94:a3:ed:c8:e6:f2:f7:ef:12:5b:32:50:e4:f2:b0:e4:42:e3:22:84:f1:86:5e:77:d8:c9:b1:19:df:f1:0d:88:38:1f:2f:af:ad:63:3a:b8:a3:bf:aa:35:c1:de:84:ff:d3:4a:85:6d:e4:fd:56:a3:f7:72:99:e0:29:35:35:d3:9b:48:ac:0c:f3:5e:45:7f:a6:21:19:a9:40:b3:ab:a7:ac:80:4b:e8:84:a0:e7:77:1e:b6:ff:e1:f6:bf:51:1d:d9:d6:85:6c:7a:ce:c2:00:9a:4e:c3:9c:6b:51:59:a3:ce:a6:d6:66:43 [root@liumiaocn ca]#步驟2: 使用CA對CSR文件簽名
執行命令:openssl ca -selfsign -keyfile ca.key -in request.csr -out test-cert.crt -config openssl.cnf -days 365 -batch
配置文件設定示例
結合前面對配置文件選項的說明,此處使用如下示例配置文件,此配置文件為最小程度所需要配置的內容
[root@liumiaocn ca]# vi openssl.cnf [root@liumiaocn ca]# mkdir newcerts [root@liumiaocn ca]# touch index.txt [root@liumiaocn ca]# echo "01" > serial [root@liumiaocn ca]# cat serial 01 [root@liumiaocn ca]# cat openssl.cnf [ ca ] default_ca = CA_default # The default ca section[ CA_default ] dir = . new_certs_dir = $dir/newcerts # default place for new certs. database = $dir/index.txt # database index file. default_md = sha256 # use SHA-256 by default policy = policy_match serial = $dir/serial # The current serial number[ policy_match ] countryName = match stateOrProvinceName = match organizationName = match organizationalUnitName = optional commonName = supplied emailAddress = optional [root@liumiaocn ca]#配置說明:配合上述設定內容,所以設定了newcerts目錄用于存放新生成的證書存放路徑,同時使用設定serial用于存放當前序列號字符串
創建自簽名證書
[root@liumiaocn ca]# openssl ca -selfsign -keyfile ca.key -in request.csr -out test-cert.crt -config openssl.cnf -days 365 -batch Using configuration from openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'CN' stateOrProvinceName :ASN.1 12:'LiaoNing' localityName :ASN.1 12:'DaLian' organizationName :ASN.1 12:'devops' organizationalUnitName:ASN.1 12:'unicorn' commonName :ASN.1 12:'devops.com' Certificate is to be certified until Dec 14 03:07:57 2020 GMT (365 days)Write out database with 1 new entries Data Base Updated [root@liumiaocn ca]#結果確認
[root@liumiaocn ca]# tree . . ├── ca.key ├── index.txt ├── index.txt.attr ├── index.txt.old ├── newcerts │ └── 01.pem ├── openssl.cnf ├── request.csr ├── serial ├── serial.old └── test-cert.crt1 directory, 10 files [root@liumiaocn ca]#使用x509子命令進行簽名
步驟1: 生成證書簽名請求CSR文件
簽名的動作是需要求前提的,CSR文件就是這個前提,而實際向各個CA機構進行收費的證書申請也是需要提供CSR文件,只是可能會以另外一種格式出現,最終CA機構也是類似的需要生成類似的CSR文件。
執行示例文件:openssl req -new -out request-dev.csr -nodes -subj “/C=CN/ST=LiaoNing/L=DaLian/O=devops/OU=dev/CN=dev.com”
比如這里生成如下的CSR文件:
[root@liumiaocn ca]# openssl req -new -out request-dev.csr -nodes -subj "/C=CN/ST=LiaoNing/L=DaLian/O=devops/OU=dev/CN=dev.com" Generating a RSA private key ..........................+++++ ........................................................................................................................................................................................................................................................................................+++++ writing new private key to 'privkey.pem' ----- [root@liumiaocn ca]# ls ca.key index.txt.attr newcerts privkey.pem request-dev.csr serial.old index.txt index.txt.old openssl.cnf request.csr serial test-cert.crt [root@liumiaocn ca]#步驟2: 使用x509子命令和ca證書進行簽名
使用CA和CAkey指定CA的私鑰和證書文件,然后對CSR文件進行簽名,得到簽名之后的證書文件02.pem
證書簽名命令示例:openssl ca -in request-dev.csr -keyfile ca.key -cert newcerts/01.pem -config openssl.cnf -days 90 -batch
[root@liumiaocn ca]# openssl ca -in request-dev.csr -keyfile ca.key -cert newcerts/01.pem -config openssl.cnf -days 90 -batch Using configuration from openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'CN' stateOrProvinceName :ASN.1 12:'LiaoNing' localityName :ASN.1 12:'DaLian' organizationName :ASN.1 12:'devops' organizationalUnitName:ASN.1 12:'dev' commonName :ASN.1 12:'dev.com' Certificate is to be certified until Mar 14 03:10:23 2020 GMT (90 days)Write out database with 1 new entries Certificate:Data:Version: 1 (0x0)Serial Number: 2 (0x2)Signature Algorithm: sha256WithRSAEncryptionIssuer: C=CN, ST=LiaoNing, O=devops, OU=unicorn, CN=devops.comValidityNot Before: Dec 15 03:10:23 2019 GMTNot After : Mar 14 03:10:23 2020 GMTSubject: C=CN, ST=LiaoNing, O=devops, OU=dev, CN=dev.comSubject Public Key Info:Public Key Algorithm: rsaEncryptionRSA Public-Key: (2048 bit)Modulus:00:ac:3c:66:ee:17:f0:60:9c:5c:3c:cb:82:72:57:5e:a2:1a:c7:36:39:53:e9:96:76:ea:b0:60:9a:6f:74:0a:fb:88:ae:16:bf:94:a1:9d:e9:f9:93:9b:13:6d:48:af:29:b4:ab:4c:8d:77:59:05:5d:cf:86:14:db:f8:4c:63:c0:bf:2c:8d:46:b7:19:4a:91:3f:a0:70:41:d0:5f:e8:cd:6a:60:08:da:96:31:74:6c:4d:18:b4:1e:d7:af:0d:db:0a:f2:87:8b:be:a9:6c:48:c7:3d:55:76:5e:15:a6:86:1f:b8:58:ec:70:1d:4d:fb:ab:9e:9e:66:66:f1:43:e0:22:b6:ea:65:5f:35:75:35:8d:41:a2:1e:af:21:b5:53:ac:3e:7b:3f:c2:83:f2:af:cd:d1:63:9f:83:d2:16:19:13:30:f1:a3:93:05:16:93:fb:3c:1a:5b:8d:c5:82:7a:70:cb:78:95:58:be:94:6a:bb:8e:86:1f:59:24:d2:43:cd:39:36:22:b9:3b:1e:d4:a4:4b:23:36:43:a3:44:2d:be:89:56:e3:de:04:a1:68:6f:9a:d0:a2:ea:4a:ff:f3:e6:31:95:c4:3d:f1:a5:52:cb:08:44:67:8e:f0:f0:36:43:2d:67:77:a2:32:01:9d:45:51:0b:bf:6b:4f:b1:f5Exponent: 65537 (0x10001)Signature Algorithm: sha256WithRSAEncryption81:99:be:7b:c8:b4:f0:b5:5f:5c:a2:39:bc:47:bb:b0:e1:46:b9:63:54:33:c0:89:d2:4b:f1:16:b2:08:ef:63:a9:7d:26:45:95:08:62:a6:11:d1:45:c3:78:db:cd:05:95:77:a1:30:cd:b5:59:70:2b:35:11:23:c7:92:48:d1:19:b2:d0:e6:de:53:47:59:bd:c7:c2:d7:b1:19:54:8c:66:86:34:4c:26:14:90:43:63:35:19:44:79:cf:f0:b9:e3:04:74:6b:c0:ee:5d:58:db:c4:a8:18:fa:b6:43:71:ee:41:b9:f0:cb:0c:b9:0c:a5:09:49:11:72:7b:d3:cb:f0:25:99:e2:61:74:c2:20:3c:d8:06:f8:b4:fe:70:f1:c4:c9:1c:fb:c4:89:87:16:34:39:f0:de:03:da:a3:b7:f5:5f:16:cf:58:68:2c:fc:a0:86:49:20:49:a6:1e:09:bf:6d:6b:2f:0c:af:df:df:8c:42:6f:95:69:ed:26:90:07:35:66:3b:e1:9a:b8:18:6c:14:91:0c:10:3c:25:0a:ff:97:fe:e9:ca:13:61:22:c0:7e:16:63:92:c5:a5:88:f2:38:e8:e9:fb:a0:62:54:e6:e2:fb:3d:71:e7:9f:b3:3b:f1:0d:2b:a4:d0:18:13:0f:25:b5:77:76:b4:21:b8 -----BEGIN CERTIFICATE----- MIIDHTCCAgUCAQIwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCQ04xETAPBgNV BAgMCExpYW9OaW5nMQ8wDQYDVQQKDAZkZXZvcHMxEDAOBgNVBAsMB3VuaWNvcm4x EzARBgNVBAMMCmRldm9wcy5jb20wHhcNMTkxMjE1MDMxMDIzWhcNMjAwMzE0MDMx MDIzWjBRMQswCQYDVQQGEwJDTjERMA8GA1UECAwITGlhb05pbmcxDzANBgNVBAoM BmRldm9wczEMMAoGA1UECwwDZGV2MRAwDgYDVQQDDAdkZXYuY29tMIIBIjANBgkq hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDxm7hfwYJxcPMuCcldeohrHNjlT6ZZ2 6rBgmm90CvuIrha/lKGd6fmTmxNtSK8ptKtMjXdZBV3PhhTb+ExjwL8sjUa3GUqR P6BwQdBf6M1qYAjaljF0bE0YtB7Xrw3bCvKHi76pbEjHPVV2XhWmhh+4WOxwHU37 q56eZmbxQ+AituplXzV1NY1Boh6vIbVTrD57P8KD8q/N0WOfg9IWGRMw8aOTBRaT +zwaW43Fgnpwy3iVWL6UaruOhh9ZJNJDzTk2Irk7HtSkSyM2Q6NELb6JVuPeBKFo b5rQoupK//PmMZXEPfGlUssIRGeO8PA2Qy1nd6IyAZ1FUQu/a0+x9QIDAQABMA0G CSqGSIb3DQEBCwUAA4IBAQCBmb57yLTwtV9cojm8R7uw4Ua5Y1QzwInSS/EWsgjv Y6l9JkWVCGKmEdFFw3jbzQWVd6EwzbVZcCs1ESPHkkjRGbLQ5t5TR1m9x8LXsRlU jGaGNEwmFJBDYzUZRHnP8LnjBHRrwO5dWNvEqBj6tkNx7kG58MsMuQylCUkRcnvT y/AlmeJhdMIgPNgG+LT+cPHEyRz7xImHFjQ58N4D2qO39V8Wz1hoLPyghkkgSaYe Cb9tay8Mr9/fjEJvlWntJpAHNWY74Zq4GGwUkQwQPCUK/5f+6coTYSLAfhZjksWl iPI46On7oGJU5uL7PXHnn7M78Q0rpNAYEw8ltXd2tCG4 -----END CERTIFICATE----- Data Base Updated [root@liumiaocn ca]#結果確認如下所示
[root@liumiaocn ca]# tree . . ├── ca.key ├── index.txt ├── index.txt.attr ├── index.txt.attr.old ├── index.txt.old ├── newcerts │ ├── 01.pem │ └── 02.pem ├── openssl.cnf ├── privkey.pem ├── request.csr ├── request-dev.csr ├── serial ├── serial.old └── test-cert.crt1 directory, 14 files [root@liumiaocn ca]# [root@liumiaocn ca]# openssl x509 -noout -in newcerts/02.pem -issuer -subject -dates issuer=C = CN, ST = LiaoNing, O = devops, OU = unicorn, CN = devops.com subject=C = CN, ST = LiaoNing, O = devops, OU = dev, CN = dev.com notBefore=Dec 15 03:10:23 2019 GMT notAfter=Mar 14 03:10:23 2020 GMT [root@liumiaocn ca]#簡化證書簽名
因為ca子命令使用配置文件,所以可以通過設定配置文件減少證書簽名時所需要輸入的參數,修改證書配置如下:
[root@liumiaocn ca]# cat openssl.cnf [ ca ] default_ca = CA_default # The default ca section[ CA_default ] dir = . new_certs_dir = $dir/newcerts # default place for new certs. database = $dir/index.txt # database index file. default_md = sha256 # use SHA-256 by default policy = policy_match serial = $dir/serial # The current serial number private_key = $dir/private/ca.key # The private key certificate = $dir/ca.crt # The CA certificate default_days = 90 # how long to certify for[ policy_match ] countryName = match stateOrProvinceName = match organizationName = match organizationalUnitName = optional commonName = supplied emailAddress = optional [root@liumiaocn ca]#然后根據設定,做如下準備
[root@liumiaocn ca]# cp newcerts/01.pem ca.crt [root@liumiaocn ca]# mkdir private [root@liumiaocn ca]# cp ca.key private/ca.key [root@liumiaocn ca]# tree . . ├── ca.crt ├── ca.key ├── index.txt ├── index.txt.attr ├── index.txt.attr.old ├── index.txt.old ├── newcerts │ ├── 01.pem │ └── 02.pem ├── openssl.cnf ├── private │ └── ca.key ├── privkey.pem ├── request.csr ├── request-dev.csr ├── serial ├── serial.old └── test-cert.crt2 directories, 16 files [root@liumiaocn ca]#生成CSR命令示例:openssl req -new -out request-test.csr -nodes -subj “/C=CN/ST=LiaoNing/L=DaLian/O=devops/OU=test/CN=test.com”
[root@liumiaocn ca]# openssl req -new -out request-test.csr -nodes -subj "/C=CN/ST=LiaoNing/L=DaLian/O=devops/OU=test/CN=test.com" Generating a RSA private key .........+++++ ....................................................................................+++++ writing new private key to 'privkey.pem' ----- [root@liumiaocn ca]#證書簽名命令示例:openssl ca -config openssl.cnf -batch -in request-test.csr
[root@liumiaocn ca]# openssl ca -config openssl.cnf -batch -in request-test.csr Using configuration from openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'CN' stateOrProvinceName :ASN.1 12:'LiaoNing' localityName :ASN.1 12:'DaLian' organizationName :ASN.1 12:'devops' organizationalUnitName:ASN.1 12:'test' commonName :ASN.1 12:'test.com' Certificate is to be certified until Mar 14 05:07:14 2020 GMT (90 days)Write out database with 1 new entries Certificate:Data:Version: 1 (0x0)Serial Number: 3 (0x3)Signature Algorithm: sha256WithRSAEncryptionIssuer: C=CN, ST=LiaoNing, O=devops, OU=unicorn, CN=devops.comValidityNot Before: Dec 15 05:07:14 2019 GMTNot After : Mar 14 05:07:14 2020 GMTSubject: C=CN, ST=LiaoNing, O=devops, OU=test, CN=test.comSubject Public Key Info:Public Key Algorithm: rsaEncryptionRSA Public-Key: (2048 bit)Modulus:00:b2:28:1e:a6:1b:2c:67:69:6d:7d:bf:ec:a5:df:d7:87:f1:b6:42:3c:48:87:39:36:08:13:29:1e:48:ab:dd:45:33:77:44:81:00:6f:95:63:1a:3f:58:d7:6d:70:ff:f7:d8:3c:c7:50:9d:e5:d9:d2:49:16:cb:92:dc:20:11:46:96:67:d6:16:ba:cd:c2:67:d1:6b:a2:c4:a7:aa:d0:cf:34:2a:b8:98:8d:30:b1:c0:86:d2:a8:77:85:de:29:11:7f:6a:cf:83:b2:c9:c3:a4:4f:f2:4b:c2:51:14:7e:cc:db:d4:a9:e5:65:50:a4:a1:95:f8:d0:a0:c6:71:85:3b:c1:89:69:8b:e8:60:c8:d2:b4:ee:85:35:56:a1:5a:db:b4:d6:66:ff:16:cd:55:fe:7d:61:d6:51:7f:3e:30:ff:63:9c:0d:5f:af:24:7a:c6:21:ee:57:80:d2:a3:d8:1d:10:42:54:b0:27:cd:dc:7c:da:8a:8e:3a:68:89:09:5d:4b:7e:04:d0:5e:ec:a4:ea:2e:a5:ea:06:52:8a:8e:f4:72:8e:b8:ff:e6:1b:36:11:a9:1e:f0:02:25:c2:8f:05:f8:0e:e2:43:18:a2:43:4b:6f:23:f4:3f:96:54:3e:68:de:6c:9e:98:a7:44:5e:6a:17:ac:2a:70:01:cb:d5:1fExponent: 65537 (0x10001)Signature Algorithm: sha256WithRSAEncryption0c:6e:41:38:29:ad:a4:5d:0b:05:1c:f7:fb:1b:d7:14:29:8c:70:fe:61:78:5c:d7:3f:ab:b9:da:e9:44:ca:c0:9c:8f:2a:1c:75:4a:7d:c3:29:fe:9a:8f:8f:60:e7:54:cc:f1:7c:36:05:d9:9a:11:e8:c5:d2:44:78:65:2e:24:21:84:22:41:09:50:9c:72:82:4f:b0:54:4b:a9:55:cc:fc:87:b7:9b:de:af:98:34:b0:3d:1f:fb:cc:ad:c3:c3:b7:47:0a:e2:05:47:70:2c:25:92:48:3f:38:8e:df:24:69:80:6d:99:f3:6e:db:ac:57:1e:9b:88:44:dd:e8:12:03:ac:03:8c:07:a4:49:6f:00:96:6a:70:e3:a7:55:1b:78:82:a2:89:14:eb:3a:d9:d7:e7:2c:62:79:65:11:e1:8a:51:f2:3e:aa:98:d7:fe:c8:89:5a:05:1b:1e:b4:65:c5:a4:b0:ba:e9:25:58:07:14:02:6e:54:6a:58:75:af:05:5a:5e:01:c8:3f:b6:37:76:e2:4e:a0:ff:5f:c5:f9:c3:15:d3:27:7f:5d:fa:a5:64:f5:2b:c5:14:01:5c:12:ec:1f:c7:a2:86:31:c2:7c:9e:cf:44:8f:da:96:ae:a9:dd:aa:18:78:02:6d:1b:b1:4c:2a:76:cb:f1:0b:1d:79 -----BEGIN CERTIFICATE----- MIIDHzCCAgcCAQMwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCQ04xETAPBgNV BAgMCExpYW9OaW5nMQ8wDQYDVQQKDAZkZXZvcHMxEDAOBgNVBAsMB3VuaWNvcm4x EzARBgNVBAMMCmRldm9wcy5jb20wHhcNMTkxMjE1MDUwNzE0WhcNMjAwMzE0MDUw NzE0WjBTMQswCQYDVQQGEwJDTjERMA8GA1UECAwITGlhb05pbmcxDzANBgNVBAoM BmRldm9wczENMAsGA1UECwwEdGVzdDERMA8GA1UEAwwIdGVzdC5jb20wggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyKB6mGyxnaW19v+yl39eH8bZCPEiH OTYIEykeSKvdRTN3RIEAb5VjGj9Y121w//fYPMdQneXZ0kkWy5LcIBFGlmfWFrrN wmfRa6LEp6rQzzQquJiNMLHAhtKod4XeKRF/as+DssnDpE/yS8JRFH7M29Sp5WVQ pKGV+NCgxnGFO8GJaYvoYMjStO6FNVahWtu01mb/Fs1V/n1h1lF/PjD/Y5wNX68k esYh7leA0qPYHRBCVLAnzdx82oqOOmiJCV1LfgTQXuyk6i6l6gZSio70co64/+Yb NhGpHvACJcKPBfgO4kMYokNLbyP0P5ZUPmjebJ6Yp0ReahesKnABy9UfAgMBAAEw DQYJKoZIhvcNAQELBQADggEBAAxuQTgpraRdCwUc9/sb1xQpjHD+YXhc1z+rudrp RMrAnI8qHHVKfcMp/pqPj2DnVMzxfDYF2ZoR6MXSRHhlLiQhhCJBCVCccoJPsFRL qVXM/Ie3m96vmDSwPR/7zK3Dw7dHCuIFR3AsJZJIPziO3yRpgG2Z827brFcem4hE 3egSA6wDjAekSW8Almpw46dVG3iCookU6zrZ1+csYnllEeGKUfI+qpjX/siJWgUb HrRlxaSwuuklWAcUAm5Ualh1rwVaXgHIP7Y3duJOoP9fxfnDFdMnf136pWT1K8UU AVwS7B/HooYxwnyez0SP2pauqd2qGHgCbRuxTCp2y/ELHXk= -----END CERTIFICATE----- Data Base Updated [root@liumiaocn ca]#生成的03.pem即是生成的證書文件
[root@liumiaocn ca]# tree . . ├── ca.crt ├── ca.key ├── index.txt ├── index.txt.attr ├── index.txt.attr.old ├── index.txt.old ├── newcerts │ ├── 01.pem │ ├── 02.pem │ └── 03.pem ├── openssl.cnf ├── private │ └── ca.key ├── privkey.pem ├── request.csr ├── request-dev.csr ├── request-test.csr ├── serial ├── serial.old └── test-cert.crt2 directories, 18 files [root@liumiaocn ca]# openssl x509 -in newcerts/03.pem -noout -issuer -subject -dates issuer=C = CN, ST = LiaoNing, O = devops, OU = unicorn, CN = devops.com subject=C = CN, ST = LiaoNing, O = devops, OU = test, CN = test.com notBefore=Dec 15 05:07:14 2019 GMT notAfter=Mar 14 05:07:14 2020 GMT [root@liumiaocn ca]#總結
以上是生活随笔為你收集整理的SSL基础:21:使用ca子命令为其他证书签名的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 网页唤起QQ临时会话
- 下一篇: ECharts地图省会,城市,县坐标