|
FreeBSD的配置(2) Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:zhangp
Email Address []:zhangp@cy9.dq.cnpc.com.cn
为主机创建证书,首先创建RSA私钥,然后创建CA签名的证书。
$ openssl genrsa -out win2k.key 1024
warning, not much extra random data, consider using the -rand option
Generating RSA private key, 1024 bit long modulus
.....++++++
.....++++++
e is 65537 (0x10001)
$ openssl req -new -key win2k.key -out win2k.CSr
Using configuration from /etc/ssl/openssl.cnf
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Heilongjiang
Locality Name (eg, city) []:Daqing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Linuxdevice
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:win2k
Email Address []:win2k@cy9.dq.cnpc.com.cn
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
$ openssl x509 -req -days 182 -in win2k.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out win2k.crt
Signature ok
subject=/C=CN/ST=Heilongjiang/L=Daqing/O=Linuxdevice/
CN=win2k/Email=win2k@cy9.dq.cnpc.com.cn
Getting CA Private Key
Enter PEM pass phrase: 123456
类似的为主机freebsd创建证书。对于win2k的证书来说,还要做成PKCS12的格式。
$ openssl pkcs12 -eXPort -inkey win2k.key -certfile ca.crt -in win2k.crt -out win2k.p12
|
