Diferencia entre revisiones de «OpenSSL»
De gacq wiki
(→Without phass phrase to use with daemons) |
|||
| (No se muestran 3 ediciones intermedias del mismo usuario) | |||
| Línea 9: | Línea 9: | ||
= Own CA (Certification Authority) = | = Own CA (Certification Authority) = | ||
== Without phass phrase to use with daemons == | == Without phass phrase to use with daemons == | ||
| − | + | ;Modify default parameters in /etc/ssl/openssl.cnf | |
| + | |||
cd /srv | cd /srv | ||
/usr/lib/ssl/misc/CA.pl -newca | /usr/lib/ssl/misc/CA.pl -newca | ||
| − | + | chmod 750 /srv/demoCA/private | |
| + | chmod 640 /srv/demoCA/private/cakey.pem | ||
| + | |||
| + | ;Update "dir" to "/srv/demoCA" in /etc/ssl/openssl.cnf | ||
| + | |||
mkdir /etc/ssl/`hostname` | mkdir /etc/ssl/`hostname` | ||
cd /etc/ssl/`hostname` | cd /etc/ssl/`hostname` | ||
/usr/lib/ssl/misc/CA.pl -newreq-nodes | /usr/lib/ssl/misc/CA.pl -newreq-nodes | ||
/usr/lib/ssl/misc/CA.pl -signreq | /usr/lib/ssl/misc/CA.pl -signreq | ||
| + | chmod 640 newkey.pem | ||
Revisión actual del 16:30 30 jul 2008
Self signed certificate
openssl genrsa 2048 > /etc/ssl/private/`hostname`.key chmod 640 /etc/ssl/private/`hostname`.key chown root:ssl-cert /etc/ssl/private/`hostname`.key openssl req -new -key /etc/ssl/private/`hostname`.key -x509 -days 9999 -out /etc/ssl/certs/`hostname`.cert
Own CA (Certification Authority)
Without phass phrase to use with daemons
- Modify default parameters in /etc/ssl/openssl.cnf
cd /srv /usr/lib/ssl/misc/CA.pl -newca chmod 750 /srv/demoCA/private chmod 640 /srv/demoCA/private/cakey.pem
- Update "dir" to "/srv/demoCA" in /etc/ssl/openssl.cnf
mkdir /etc/ssl/`hostname` cd /etc/ssl/`hostname` /usr/lib/ssl/misc/CA.pl -newreq-nodes /usr/lib/ssl/misc/CA.pl -signreq chmod 640 newkey.pem
