 debian + openssl |
  |
| debian + openssl |
 4.06.2010, 09:33:17
Post
#1
|
|
|
Grupa: Zarejestrowani Postów: 384 Pomógł: 13 Dołączył: 16.06.2006 Ostrzeżenie: (0%) 
 |
Stworzyłem certyfikat w openssl, gdzie wszystko przebiegło pomyślnie wg tej instrukcji
Cytat :/usr/lib/ssl/misc# ./CA.pl -newca CA certificate filename (or enter to create) Making CA certificate ... Generating a 1024 bit RSA private key .....................................++++++ .........++++++ writing new private key to './demoCA/private/cakey.pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]  LState or Province Name (full name) [Some-State]:Mazowieckie Locality Name (eg, city) []:Miasto Organization Name (eg, company) [Internet Widgits Pty Ltd]:Serwer Organizational Unit Name (eg, section) []:s Common Name (eg, YOUR name) []:s Email Address []:serwer@s.pl Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: Using configuration from /usr/lib/ssl/openssl.cnf Enter pass phrase for ./demoCA/private/cakey.pem: Check that the request matches the signature Signature ok Certificate Details: Serial Number: ce:ff:fa:f3:aa:db:b4:be Validity Not Before: Jun 4 08:11:11 2010 GMT Not After : Jun 3 08:11:11 2013 GMT Subject: countryName = PL stateOrProvinceName = Mazowieckie organizationName = Serwer organizationalUnitName = s commonName = sspr emailAddress = serwer@s.pl X509v3 extensions: X509v3 Subject Key Identifier: 72:E0:76:CB:EA:98:20:76:E2:B2:E6:67:CC:2C:97:99:6E:13:20:16 X509v3 Authority Key Identifier: keyid:72:E0:76:CB:EA:98:20:76:E2:B2:E6:67:CC:2C:97:99:6E:13:20:16 DirName:/C=PL/ST=Mazowieckie/O=Serwer Studencki Politechniki Radomskiej/OU=sspr/CN=sspr/emailAddress=serwer@pr.radom.pl serial:CE:FF:FA:F3:AA:DB:B4:BE X509v3 Basic Constraints: CA:TRUE Certificate is to be certified until Jun 3 08:11:11 2013 GMT (1095 days) Write out database with 1 new entries Data Base Updated stu:/usr/lib/ssl/misc# openssl x509 -setalias "Serwer" -outform DER -in demoCA/cacert.pem -out cacert.der stu:/usr/lib/ssl/misc# vi /usr/lib/ssl/openssl.cnf <-- odkomentowanie nsCertType = server stu:/usr/lib/ssl/misc# ./CA.pl -newreq-nodes Generating a 1024 bit RSA private key .....................................................++++++ ................++++++ writing new private key to 'newkey.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU] LState or Province Name (full name) [Some-State]:Mazowieckie Locality Name (eg, city) []:Miasto Organization Name (eg, company) [Internet Widgits Pty Ltd]:Serwer Organizational Unit Name (eg, section) []:s Common Name (eg, YOUR name) []:s Email Address []:serwer@s.pl Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: Request is in newreq.pem, private key is in newkey.pem stu:/usr/lib/ssl/misc# ./CA.pl -sign Using configuration from /usr/lib/ssl/openssl.cnf Enter pass phrase for ./demoCA/private/cakey.pem: Check that the request matches the signature Signature ok Certificate Details: Serial Number: ce:ff:fa:f3:aa:db:b4:bf Validity Not Before: Jun 4 08:21:30 2010 GMT Not After : Jun 4 08:21:30 2011 GMT Subject: countryName = PL stateOrProvinceName = Mazowieckie localityName = Miasto organizationName = Serwer organizationalUnitName = s commonName = s emailAddress = serwer@s.pl X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Cert Type: SSL Server Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: FC:6E:24:85:37:44:93:A5:15:73:BF:08:24:32:EE:15:51:8E:66:73 X509v3 Authority Key Identifier: keyid:72:E0:76:CB:EA:98:20:76:E2:B2:E6:67:CC:2C:97:99:6E:13:20:16 Certificate is to be certified until Jun 4 08:21:30 2011 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated Signed certificate is in newcert.pem Mimo tego strona nie wchodzi mi przez https. Możecie mi podpowiedzieć co zrobiłem źle albo czego jeszcze nie zrobiłem ? -------------------- |
 |
 
|
|
4.06.2010, 17:50:17
Post
#2
|
|
|
Grupa: Zarejestrowani Postów: 150 Pomógł: 6 Dołączył: 3.03.2010 Ostrzeżenie: (0%)
|
W httpd.conf (jesli korzystasz z apache) musisz wlaczyc jeszcze SSL a potem zresetowac apache
|
|
|
|
|
|
Wersja Lo-Fi | Aktualny czas: 22.06.2025 - 21:49 |
