1.创建CA服务器
详情可以参考我的另一篇文章 : http://www.cnblogs.com/zhaojiedi1992/p/zhaojiedi_linux_011_ca.html
1.1 创建必要的目录和文件
[root@localhost CA]# mkdir csr crl newcerts [root@localhost CA]# touch index.txt serial [root@localhost CA]# echo 01>serial
1.2 修改默认配置
[root@localhost CA]# vim /etc/pki/tls/openssl.cnf #编辑以下行, 设置默认的国家,省,城市,组织名,部门名 countryName_default = CN stateOrProvinceName_default = HeNan localityName_default = ZhengZhou organizationName_default = ZKYT organizationalUnitName_default = Tech
1.3生成自签证书
[root@localhost CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048) Generating RSA private key, 2048 bit long modulus ........................................................................................................................................+++ ...+++ e is 65537 (0x10001) [root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3650 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ‘.‘, the field will be left blank. ----- Country Name (2 letter code) [CN]: State or Province Name (full name) [HeNan]: Locality Name (eg, city) [ZhengZhou]: Organization Name (eg, company) [ZKYT]: Organizational Unit Name (eg, section) [Tech]: Common Name (eg, your name or your server‘s hostname) []:ca.linuxpanda.com Email Address []:
原文:http://www.cnblogs.com/zhaojiedi1992/p/zhaojiedi_linux_019_https.html