title: 信息安全实践Lab1-自建CA证书搭建https服务器
date: 2021-12-21 02:44:40
tags: 信息安全
categories: 信息安全实践
信息安全实践Lab1-自建CA证书搭建https服务器
搭建https服务器
本机环境: Ubuntu 20.04 OpenSSL 1.1.1f Firefox Browser 79.0(64-bit)
安装OpenSSL
$sudo apt-get install openssl
自建CA
建立myCA目录用于存放CA相关信息
cd && mkdir -p myCA/signedcerts && mkdir myCA/private && cd myCA
myCA 用于存放 CA 根证书,证书数据库,以及后续服务器生成的证书,密钥以及请求
signedcerts:保存签名证书的 copy
private: 包含私钥
配置myCA相关参数,在myCA目录下进行
echo '01'>serial && touch index.txt
创建caconfig.cnf文件
sudo apt-get install vim
vim ~/myCA/caconfig.cnf
caconfig.cnf文件内容如下:
注意文件中两个地方的username需要换成你自己的用户名。
# My sample caconfig.cnf file.
#
# Default configuration to use when one is not provided on the command line.
#
[ ca ]
default_ca = local_ca
#
#
# Default location of directories and files needed to generate certificates.
#
[ local_ca ]
dir = /home/username/myCA # 这里要将username替换为你的用户名
certificate = $dir/cacert.pem
database = $dir/index.txt
new_certs_dir = $dir/signedcerts
private_key = $dir/private/cakey.pem
serial = $dir/serial
#
#
# Default expiration and encryption policies for certificates.
#
default_crl_days = 365
default_days = 1825
default_md = SHA256
#
policy = local_ca_policy
x509_extensions = local_ca_extensions
#
#
# Default policy to use when generating server certificates. The following
# fields must be defined in the server certificate.
#
[ local_ca_policy ]
commonName = supplied
stateOrProvinceName = supplied
countryName = supplied
emailAddress = supplied
organizationName