如何在一台　web　服务器上注册CA证书

1：新建一台web服务器，主机名为www 

yum install -y httpd 

2：生成私钥

mkdir /etc/httpd/ssl 

cd /etc/httpd/ssl 

(umask 077;openssl genrsa -out /etc/httpd/ssl/httpd.key 2048)

3：生成证书签署请求

openssl req -new -key /etc/httpd/ssl/httpd.key -out httpd.csr -days 365 

证书请求内容如下：

Country Name (2 letter code) [XX]:CN 

State or Province Name (full name) []:beijing 

Locality Name (eg, city) [Default City]:beijing 

Organization Name (eg, company) [Default Company Ltd]:uplooking 

Organizational Unit Name (eg, section) []:ops 

Common Name (eg, your name or your server's hostname) []:www.uplooking.com 

Email Address []:yinhuanyi@uplooking.com 

4：将证书请求通过scp发送给CA主机 

scp httpd.csr root@192.168.23.10:/root/ 

5：在CA主机上签署证书（在CA主机上操作），将签署了的证书先保存在/etc/pki/CA/certs/目录下 

openssl ca -in /root/httpd.csr -out /etc/pki/CA/certs/httpd.crt -days 365 

6：将证书发送给web服务器

scp /etc/pki/CA/certs/httpd.crt root@192.168.23.11:/etc/httpd/ssl/ 

7：查看证书中的信息

openssl x509 -in /etc/httpd/ssl/httpd.crt -noout -serial -subject 

posted @ 2017-09-17 21:04 ~小学生~ 阅读(1209) 评论(0) 编辑收藏举报

刷新页面返回顶部

小学生^.^