...
http://www.linuxquestions.org/questions/linux-software-2/start-apache-with-the-pass-phrase-258973/
Using Multiple SSL Certificates in Apache with One IP Address
Cacert wiki
Securing the WordPress admin interface using (Free!) SSL certificates
Saját CA létesítése és tanúsítványok létrehozása
...
| Code Block |
|---|
| theme | Eclipse |
|---|
| language | bash |
|---|
| title | OpenSSL telepítése |
|---|
| linenumbers | true |
|---|
|
yum install openssl |
CA konfigurálása
| Code Block |
|---|
| theme | Eclipse |
|---|
| language | bash |
|---|
| title | CA konfigurálása |
|---|
| linenumbers | true |
|---|
|
mkdir -p /u01/app/myCA/certs
mkdir /u01/app/myCA/csr
mkdir /u01/app/myCA/newcerts
mkdir /u01/app/myCA/private
cp /etc/pki/tls/openssl.cnf /u01/app/myCA/.
cd /u01/app/myCA
echo 00 > serial
echo 00 > crlnumber
touch index.txt |
CA létrehozása
| Code Block |
|---|
| theme | Eclipse |
|---|
| language | bash |
|---|
| title | CA létrehozása |
|---|
| linenumbers | true |
|---|
|
# Create CA private key
openssl genrsa -des3 -passout pass:qwerty -out private/rootCA.key 2048
# Remove passphrase
openssl rsa -passin pass:qwerty -in private/rootCA.key -out private/rootCA.key
# Create CA self-signed certificate
openssl req -config openssl.cnf -new -x509 -subj '/C=DK/L=Aarhus/O=frogger CA/CN=theheat.dk' -days 999 -key private/rootCA.key -out certs/rootCA.crt |
Szerver tanusítvány létrehozása
| Code Block |
|---|
| theme | Eclipse |
|---|
| language | bash |
|---|
| title | Szerver tanúsítvány létrehozása |
|---|
| linenumbers | true |
|---|
|
# Create private key for the winterfell server
openssl genrsa -des3 -passout pass:qwerty -out private/winterfell.key 2048
# Remove passphrase
openssl rsa -passin pass:qwerty -in private/winterfell.key -out private/winterfell.key
# Create CSR for the winterfell server
openssl req -config openssl.cnf -new -subj '/C=DK/L=Aarhus/O=frogger/CN=winterfell' -key private/winterfell.key -out csr/winterfell.csr
# Create certificate for the winterfell server
openssl ca -batch -config openssl.cnf -days 999 -in csr/winterfell.csr -out certs/winterfell.crt -keyfile private/rootCA.key -cert certs/rootCA.crt -policy policy_anything |
Kliens tanúsítvány létrehozása
| Code Block |
|---|
| theme | Eclipse |
|---|
| language | bash |
|---|
| title | Kliens tanúsítvány létrehozása |
|---|
| linenumbers | true |
|---|
|
# Create private key for a client
openssl genrsa -des3 -passout pass:qwerty -out private/client.key 2048
# Remove passphrase
openssl rsa -passin pass:qwerty -in private/client.key -out private/client.key
# Create CSR for the client.
openssl req -config openssl.cnf -new -subj '/C=DK/L=Aarhus/O=frogger/CN=theClient' -key private/client.key -out csr/client.csr
# Create client certificate.
openssl ca -batch -config openssl.cnf -days 999 -in csr/client.csr -out certs/client.crt -keyfile private/rootCA.key -cert certs/rootCA.crt -policy policy_anything |
Kliens tanúsítvány exportálása pkcs12 formátumba
| Code Block |
|---|
| theme | Eclipse |
|---|
| language | bash |
|---|
| title | Kliens tanúsítvány exportálása pkcs12 formátumba |
|---|
| linenumbers | true |
|---|
|
# Export the client certificate to pkcs12 for import in the browser
openssl pkcs12 -export -passout pass:qwerty -in certs/client.crt -inkey private/client.key -certfile certs/rootCA.crt -out certs/clientcert.p12 |
CSR létrehozása OpenSSL segítségével
| Code Block |
|---|
| theme | Eclipse |
|---|
| language | bash |
|---|
| title | CSR létrehozása |
|---|
| linenumbers | true |
|---|
|
openssl req -nodes -newkey rsa:2048 -keyout infotools.key -out infotools.csr |
