1、生成CA私钥和公钥:
$ openssl genrsa -aes256 -out ca-key.pem 4096效果如下:
Generating RSA private key,4096bit long modulus............................................................................................................................................................................................++........++e is65537(0x10001)
Enter pass phraseforca-key.pem: cloud
Verifying - Enter pass phraseforca-key.pem: cloud需要记住设置的key,下面要用
2、进行证书生成
$ openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pemEnter pass phrase for ca-key.pem:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:cn
State or Province Name (full name) [Some-State]:shandong
Locality Name (eg, city) []:jinan
Organization Name (eg, company) [Internet Widgits Pty Ltd]:cloudtop
Organizational Unit Name (eg, section) []:cloudtop
Common Name (e.g. server FQDN or YOUR name) []:cloudtop
Email Address []:zhangyc@toplion.com.cn3、本地证书生成和客户端证书生成
$ openssl genrsa -out server-key.pem 4096$ openssl req -subj "/CN=cloudtop" -sha256 -new -key server-key.pem -out server.csr$ echo subjectAltName = DNS:cloudtop,IP:172.31.142.210,IP:127.0.0.1 > extfile.cnf$ openssl x509 -req -days365-sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem -extfile extfile.cnf$ openssl genrsa -out key.pem 4096$ openssl req -subj '/CN=client' -new -key key.pem -out client.csr$ echo extendedKeyUsage = clientAuth > extfile.cnf$ openssl x509 -req -days365-sha256 -inclient.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out cert.pem -extfile extfile.cnf$ rm -v client.csr server.csr$ chmod -v 0400 ca-key.pem key.pem server-key.pem$ chmod -v 0444 ca.pem server-cert.pem cert.pem$ sudo vim /etc/systemd/system/docker.service.d/http-proxy.conf具体描述待补充,草稿貌似只能保存一篇,先发出来占着坑,后续补充
扫一扫
2万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
