1、在 CentOS7 中使用 gpg 创建 RSA 非对称密钥对
[root@centos7 ~]# gpg --gen-key
gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
gpg: directory `/root/.gnupg' created
gpg: new configuration file `/root/.gnupg/gpg.conf' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/root/.gnupg/secring.gpg' created
gpg: keyring `/root/.gnupg/pubring.gpg' created
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 1024
Requested keysize is 1024 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: centos7.key
Email address:
Comment:
You selected this USER-ID:
"centos7.key"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
[root@centos7 ~]# gpg --list-keys
/root/.gnupg/pubring.gpg
------------------------
pub 1024R/31F33761 2020-09-04
uid centos7.key
sub 1024R/E856ACD5 2020-09-04
2、将 CentOS7 导出的公钥,拷贝到 CentOS8 中,在 CentOS8 中使用 CentOS7 的公钥加密一个文件
[root@centos7 ~]# gpg --list-keys
/root/.gnupg/pubring.gpg
------------------------
pub 1024R/31F33761 2020-09-04
uid centos7.key
sub 1024R/E856ACD5 2020-09-04
[root@centos7 ~]# gpg -a --export -o centos7.pubkey
[root@centos7 ~]# ls
anaconda-ks.cfg centos7.pubkey
[root@centos7 ~]# cat centos7.pubkey
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.22 (GNU/Linux)
mI0EX1IylAEEAMRFpZuQ/yrTyfzbmAdqdwTv2b1dnYU0NOQaDGzEZFtGLMujuMeW
WmpCZKgqfEsuxl/Z23L4YJCagziEgMrQ0D+kDXFoTURYxPzqINSJNPuAhJ2O47kd
gxMAu/qwoKCR/KjlzCsLLP6HVFtOfrjXaKQyYEeEdlP7fs4NQ54/yh1nABEBAAG0
DmNlbnRvczcucHVia2V5iLkEEwECACMFAl9SMpQCGwMHCwkIBwMCAQYVCAIJCgsE
FgIDAQIeAQIXgAAKCRBsQW51MfM3YXXyBACTrW15AZCfEfWaqT+BROZYiZ4SUvgj
KnQCKC1mX6KXV5DP0sod9PJBz1ym7eHaBCzozn51z/AhZVWjDP/3vMSm6UFQZOzU
B/gjyTVoKFM4XFEP8iNZG3wjk1OnnZTR2QLQcf8E/xnP9d4Xu+QpjjGiNG8ZXviL
Mt4a03k4CkbjO7iNBF9SMpQBBADPZ1c6pNknpyFzoA4+BJEbqcvf+HrjiGOPKxhC
I9faCiD4R2CJ5nUuFMM+/i2RODFs+X21YMRllsBLuuu0yIOXbcZX1v1sbRIBI9Iw
mHTGmCltl7NuPNj6vITO6drFfM201/Kxq2GO4YPWv76V8TuBCyNrLLp8/qiLXXkB
r/DTcwARAQABiJ8EGAECAAkFAl9SMpQCGwwACgkQbEFudTHzN2H0tQP/VBSC6Zw/
sTi3BhmoDLccYKZJwXk3UnqvQUBnkb3j00u2E37dpeAx0FbEj+V6QQN9IgUNla2I
yQJV9gFc6Ot0pdHodHt995YbKhTW/lqo4MCWN80wQhQlpAGtoAjp7FHjZp+C5YJQ
1dvAh54qJU5gN0Ncz7lHm7xDOlQZxLGwqCs=
=OYAR
-----END PGP PUBLIC KEY BLOCK-----
[root@centos7 ~]# scp centos7.pubkey 10.0.0.8:/root
The authenticity of host '10.0.0.8 (10.0.0.8)' can't be established.
ECDSA key fingerprint is SHA256:r4COfaGRW6a9yYrF2tQRnKeZbPJj1UKfJyBBfliBJPw.
ECDSA key fingerprint is MD5:d5:15:30:7a:f6:d9:d6:4b:4d:e0:28:13:9b:ce:4f:ac.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.8' (ECDSA) to the list of known hosts.
root@10.0.0.8's password:
centos7.pubkey 100% 996 312.5KB/s 00:00
3、回到 CentOS7 服务器,远程拷贝 file.txt.gpg 文件到本地,使用 CentOS7的私钥解密文件
[root@centos8 ~]#gpg --gen-key
gpg (GnuPG) 2.2.9; Copyright (C) 2018 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
Note: Use "gpg --full-generate-key" for a full featured key generation dialog.
GnuPG needs to construct a user ID to identify your key.
Real name: centos8.key
Email address:
You selected this USER-ID:
"centos8.key"
Change (N)ame, (E)mail, or (O)kay/(Q)uit? O
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key F5DD935F5056807E marked as ultimately trusted
gpg: directory '/root/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/root/.gnupg/openpgp-revocs.d/B7EE96B9780EE2850FE22393F5DD935F5056807E.rev'
public and secret key created and signed.
pub rsa2048 2020-09-06 [SC] [expires: 2022-09-06]
B7EE96B9780EE2850FE22393F5DD935F5056807E
uid centos8.key
sub rsa2048 2020-09-06 [E] [expires: 2022-09-06]
[root@centos8 ~]#gpg --list-keys
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2022-09-06
/root/.gnupg/pubring.kbx
------------------------
pub rsa2048 2020-09-06 [SC] [expires: 2022-09-06]
B7EE96B9780EE2850FE22393F5DD935F5056807E
uid [ultimate] centos8.key
sub rsa2048 2020-09-06 [E] [expires: 2022-09-06]
[root@centos8 ~]#gpg --import centos7.pubkey
gpg: key 6C416E7531F33761: public key "centos7.pubkey" imported
gpg: Total number processed: 1
gpg: imported: 1
[root@centos8 ~]#gpg --list-keys
/root/.gnupg/pubring.kbx
------------------------
pub rsa2048 2020-09-06 [SC] [expires: 2022-09-06]
B7EE96B9780EE2850FE22393F5DD935F5056807E
uid [ultimate] centos8.key
sub rsa2048 2020-09-06 [E] [expires: 2022-09-06]
pub rsa1024 2020-09-04 [SC]
BE061776CEC9C274EC2147496C416E7531F33761
uid [ unknown] centos7.pubkey
sub rsa1024 2020-09-04 [E]
[root@centos8 ~]#gpg -e -r centos7.pubkey file.txt
gpg: 6D9D79A9E856ACD5: There is no assurance this key belongs to the named user
sub rsa1024/6D9D79A9E856ACD5 2020-09-04 centos7.pubkey
Primary key fingerprint: BE06 1776 CEC9 C274 EC21 4749 6C41 6E75 31F3 3761
Subkey fingerprint: AE35 94D0 172A 8AE9 F69F 607A 6D9D 79A9 E856 ACD5
It is NOT certain that the key belongs to the person named
in the user ID. If you *really* know what you are doing,
you may answer the next question with yes.
Use this key anyway? (y/N) y
[root@centos8 ~]#cat file.txt
CentOS Linux release 8.0.1905 (Core)
[root@centos8 ~]#cat file.txt.gpg |base64
hIwDbZ15qehWrNUBA/91ggIpGkRZLAfx58N9jhUjv3fnSYWSnpMRWL7rlft+gw4gRlqFVDG+4Tic
xLrCufPtReVZh+/A4Bn9THWDFWGyd6f3dw08xGLDMkrAQDEHRq1Lnp1lOS4vrKde6WqPYGTTv1EQ
H2UZKpNcytYM1yZnlCA6LRnl+UelQBk52bS4SNJpAYvHG60OAUvEUNiEQM+MMhCn0/gxONNj1HS1
7mCy00t6gyViwkxYyIYCUrmpg7FP7R+zTP+vNWjMhicm2gH4m1usP1G2CTstgKZCHYxU/+/jI33R
Cl1SJlD/nR5548sXY9SgsaDGdBQt
[root@centos8 ~]#scp file.txt.gpg 10.0.0.7:/root
root@10.0.0.7's password:
file.txt.gpg 100% 249 113.9KB/s 00:00
[root@centos7 ~]# gpg -d file.txt.gpg
gpg: encrypted with 1024-bit RSA key, ID E856ACD5, created 2020-09-04
"centos7.pubkey"
CentOS Linux release 8.0.1905 (Core)
[root@centos7 ~]# gpg -o file.txt -d file.txt.gpg
gpg: encrypted with 1024-bit RSA key, ID E856ACD5, created 2020-09-04
"centos7.pubkey"
[root@centos7 ~]# ls
anaconda-ks.cfg centos7.pubkey file.txt file.txt.gpg
[root@centos7 ~]# cat file.txt
CentOS Linux release 8.0.1905 (Core)
4、在 CentOS7 中使用 openssl 软件创建 CA
[root@centos7 ~]# touch /etc/pki/CA/index.txt
[root@centos7 ~]# echo 01 > /etc/pki/CA/serial
[root@centos7 ~]# cd /etc/pki/CA/
[root@centos7 CA]# (umask 066;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus
.............+++
.................................................................+++
e is 65537 (0x10001)
[root@centos7 ~]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3650
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:henan
Locality Name (eg, city) [Default City]:zhengzhou
Organization Name (eg, company) [Default Company Ltd]:magedu
Organizational Unit Name (eg, section) []:it
Common Name (eg, your name or your server's hostname) []:ca.kobe.com
Email Address []:
[root@centos7 ~]# openssl x509 -in /etc/pki/CA/cacert.pem -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
85:2b:1d:53:5a:a2:97:a8
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=CN, ST=henan, L=zhengzhou, O=magedu, OU=it, CN=ca.kobe.com
Validity
Not Before: Sep 4 13:16:42 2020 GMT
Not After : Sep 2 13:16:42 2030 GMT
Subject: C=CN, ST=henan, L=zhengzhou, O=magedu, OU=it, CN=ca.kobe.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ca:31:c9:e0:cf:93:4a:be:d3:92:7a:12:08:61:
0d:2b:e3:a7:cb:b2:ae:a7:8b:9f:cf:94:3b:26:a8:
23:12:80:1b:a6:7c:64:85:5e:a1:63:b6:d9:e4:19:
6a:c9:5a:b5:ae:82:5e:d1:31:16:ea:11:61:8d:58:
26:b1:dd:28:6b:a8:da:9e:07:81:82:13:91:ba:3f:
55:e4:5c:53:73:f6:35:ed:f1:33:05:5d:10:a7:37:
6e:4f:70:bb:0a:39:72:95:7b:56:f0:09:64:45:11:
9e:c6:85:56:04:2c:45:ed:46:c2:ac:ac:ca:2c:02:
cc:dc:f1:47:a1:3d:6f:fb:08:c1:42:60:fa:d8:ae:
3b:99:be:08:2f:8c:eb:ef:40:b6:3e:9d:43:a0:82:
78:ba:f9:a8:fe:0f:46:07:fc:a0:48:ab:b8:ba:18:
64:a1:04:46:b7:a1:df:e0:82:68:ec:25:29:07:d1:
9e:69:68:eb:90:97:62:2c:13:ff:d6:14:e9:40:1d:
db:ba:2d:80:8e:48:25:a4:3f:23:46:19:6e:fb:75:
43:14:51:84:9f:2b:dd:ed:57:71:f9:03:d3:a8:d4:
a9:a8:eb:4e:e4:c1:36:ea:38:ab:53:b7:5a:ba:83:
c1:c9:ca:a1:1b:7c:d9:88:39:ff:6d:ac:5a:dc:a0:
45:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7B:73:E7:67:E8:9F:84:48:66:41:40:5D:E9:D8:E9:4E:93:8E:4C:25
X509v3 Authority Key Identifier:
keyid:7B:73:E7:67:E8:9F:84:48:66:41:40:5D:E9:D8:E9:4E:93:8E:4C:25
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
85:7f:bb:3c:9a:1a:26:fa:d0:66:ac:e4:57:3a:70:f4:15:e5:
b8:58:73:5f:98:30:64:4d:e9:3b:32:73:d9:8e:f7:78:25:49:
4c:ef:d6:e1:7d:ba:08:b3:4a:d4:3f:f6:7f:71:30:ce:6a:44:
54:ff:c4:71:4d:ff:ae:4a:ff:bb:7a:62:15:2b:b0:4c:79:9d:
77:b2:a1:fa:9c:c2:b7:f6:ca:9a:b3:e5:e2:3a:66:89:6c:a5:
15:fb:74:64:0c:e9:bc:b1:05:10:d9:40:56:20:b6:32:ba:a0:
47:f7:37:d4:44:83:7a:f1:ae:fe:f2:6b:3a:33:67:7f:02:8a:
d0:4d:40:dd:9a:9b:33:66:00:d7:9f:d7:25:29:78:f6:78:25:
0d:cf:b0:86:95:5d:d0:56:f3:10:02:19:e0:eb:c0:c1:7f:a9:
7b:91:c2:b9:00:15:fd:f8:a2:2e:db:57:5a:26:8f:46:69:85:
03:26:4d:e5:cf:66:08:67:f3:e5:73:af:b1:ff:3d:1a:92:3c:
8b:04:4a:97:d3:e3:f2:18:d1:e3:a8:72:8a:bf:1d:c3:a7:d1:
f8:3f:ef:34:48:02:92:67:89:d4:d9:25:08:b4:20:37:01:ca:
10:6d:fb:81:64:8b:81:df:ee:f8:c6:be:af:cb:12:fb:cb:7b:
06:e1:9c:02
5、 在 CentOS7 中使用 openssl 软件创建一个证书申请请求文件,并使用上面的跟证书对其进行签署
[root@centos7 ~]# (umask 066;openssl genrsa -out /data/app.key 2048)
Generating RSA private key, 2048 bit long modulus
........+++
..........................+++
e is 65537 (0x10001)
[root@centos7 ~]# openssl req -new -key /data/app.key -out /data/app.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:henan
Locality Name (eg, city) [Default City]:luoyang
Organization Name (eg, company) [Default Company Ltd]:magedu
Organizational Unit Name (eg, section) []:ops
Common Name (eg, your name or your server's hostname) []:app.kobe.com
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@centos7 ~]# openssl ca -in /data/app.csr -out /etc/pki/CA/certs/app.crt -days 180
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Sep 4 13:28:33 2020 GMT
Not After : Mar 3 13:28:33 2021 GMT
Subject:
countryName = CN
stateOrProvinceName = henan
organizationName = magedu
organizationalUnitName = ops
commonName = app.kobe.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
25:9E:96:A4:23:12:B7:87:FE:F7:61:D4:DB:F2:5D:B3:CB:4C:2E:E4
X509v3 Authority Key Identifier:
keyid:7B:73:E7:67:E8:9F:84:48:66:41:40:5D:E9:D8:E9:4E:93:8E:4C:25
Certificate is to be certified until Mar 3 13:28:33 2021 GMT (180 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@centos7 ~]# openssl x509 -in /etc/pki/CA/certs/app.crt -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=CN, ST=henan, L=zhengzhou, O=magedu, OU=it, CN=ca.kobe.com
Validity
Not Before: Sep 4 13:28:33 2020 GMT
Not After : Mar 3 13:28:33 2021 GMT
Subject: C=CN, ST=henan, O=magedu, OU=ops, CN=app.kobe.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c3:22:c2:81:e3:fe:31:43:53:23:35:46:e0:cf:
f0:4e:07:a0:73:56:a6:30:4e:41:4b:a9:a4:ac:a8:
50:70:04:8a:bf:63:a0:39:05:52:f0:b1:2d:1d:a9:
2d:ac:31:c0:07:b1:03:20:4d:39:ce:5c:fe:70:35:
fe:fe:cd:82:e3:cb:60:aa:bd:47:fd:5b:5d:20:68:
eb:58:04:73:34:19:d7:07:38:99:81:97:4e:02:34:
98:27:8c:a0:51:47:aa:04:9f:6b:38:53:0f:ba:50:
fd:54:a2:00:43:50:47:78:d2:72:68:84:1d:7c:62:
91:bb:c5:d6:0b:0e:cc:6a:dd:83:d7:8d:4a:21:94:
4e:d2:77:c4:3f:63:71:80:30:8b:c3:df:0e:85:33:
b7:1b:fe:92:86:fa:f3:be:24:1e:98:d1:04:c7:37:
59:1f:e4:e9:ea:ce:aa:ea:fd:73:3d:73:33:9c:ee:
98:5c:d0:15:ac:3c:a3:53:26:1a:01:29:b2:56:bb:
30:c1:f1:45:de:50:08:67:a0:7b:b1:89:66:94:b7:
4c:c0:94:67:54:94:2e:3c:e7:32:dc:9f:0a:4e:bb:
3a:33:9a:c1:a3:43:72:6f:8f:d5:90:ce:38:9f:24:
57:00:cc:38:91:50:be:93:ea:98:37:6c:af:ec:88:
40:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
25:9E:96:A4:23:12:B7:87:FE:F7:61:D4:DB:F2:5D:B3:CB:4C:2E:E4
X509v3 Authority Key Identifier:
keyid:7B:73:E7:67:E8:9F:84:48:66:41:40:5D:E9:D8:E9:4E:93:8E:4C:25
Signature Algorithm: sha256WithRSAEncryption
87:9b:bf:79:1d:0b:c2:f3:ab:17:d4:d6:31:75:20:29:b3:a1:
48:af:85:7c:df:ae:23:71:eb:17:01:91:14:cf:03:f1:bf:9f:
37:de:b6:d1:41:64:27:ab:7a:7c:98:e6:73:84:eb:0e:65:e7:
e8:e2:85:f6:06:d6:03:9b:59:6e:e0:1d:69:66:8a:88:9a:86:
de:68:f3:b4:45:84:64:46:99:b9:0d:a5:96:c3:83:0f:67:c8:
6b:b5:95:b5:2c:3f:2e:b9:20:8f:ba:c3:80:03:fc:bf:29:d6:
4e:6c:78:d4:cf:cb:2d:02:25:29:bc:54:fe:4d:44:34:5d:01:
7a:d2:be:f2:2b:07:55:d3:d5:41:ce:dc:19:40:83:2c:28:30:
00:d1:b2:a3:b1:f0:ef:fc:fe:97:5f:9b:b4:69:a7:65:b6:70:
73:2e:32:44:7a:14:ef:59:54:74:3b:92:6d:8d:f5:85:c9:37:
74:d0:08:dc:16:12:c2:5a:f9:ce:a9:b5:9e:e5:59:d9:63:b1:
62:a8:68:10:57:73:5c:92:58:66:0b:88:3d:a2:4d:b8:53:a6:
d7:cd:bb:67:f0:c3:a7:aa:44:a9:fe:6f:67:5a:99:a7:0a:cb:
da:fe:10:0a:93:6e:df:4b:5a:59:6c:04:7d:64:5a:9e:ae:62:
3d:0e:20:40
6、吊销已经签署成功的证书
[root@centos7 ~]# openssl x509 -in /etc/pki/CA/certs/app.crt -noout -serial -subject
serial=01
subject= /C=CN/ST=henan/O=magedu/OU=ops/CN=app.kobe.com
[root@centos7 ~]# openssl ca -revoke /etc/pki/CA/newcerts/01.pem
Using configuration from /etc/pki/tls/openssl.cnf
Revoking Certificate 01.
Data Base Updated
[root@centos7 ~]# openssl ca -gencrl -out /etc/pki/CA/crl.pem
Using configuration from /etc/pki/tls/openssl.cnf
[root@centos7 ~]# openssl crl -in /etc/pki/CA/crl.pem -noout -text
Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: /C=CN/ST=henan/L=zhengzhou/O=magedu/OU=it/CN=ca.kobe.com
Last Update: Sep 4 13:39:46 2020 GMT
Next Update: Oct 4 13:39:46 2020 GMT
CRL extensions:
X509v3 CRL Number:
1
Revoked Certificates:
Serial Number: 01
Revocation Date: Sep 4 13:37:09 2020 GMT
Signature Algorithm: sha256WithRSAEncryption
ae:5c:46:28:ac:9e:6a:b9:ee:f8:dc:c3:87:7d:d4:b5:07:06:
3b:cc:66:2a:33:98:fc:6a:50:3e:b1:d0:11:ae:a5:8a:79:c4:
95:28:1e:92:a4:b2:85:62:5f:d5:9b:94:dd:6a:2e:5b:80:d6:
77:70:23:02:13:66:c6:88:a4:27:f9:17:1b:d0:3f:93:60:36:
05:ae:c1:5d:04:a4:49:b9:16:2c:bb:d1:3a:34:af:8a:30:e5:
4e:9d:bb:e0:4f:94:f5:9a:01:ce:26:9e:fd:4f:94:54:c8:67:
eb:2c:36:38:f3:64:64:1f:2c:7e:61:72:ab:7e:cb:b7:ea:f1:
1b:b6:be:60:ae:3c:73:f9:66:82:9c:87:74:2a:12:9a:9e:16:
d7:1f:07:39:d8:4c:7f:35:87:87:03:6f:e7:79:85:23:bb:74:
15:8b:63:7b:53:4a:e8:88:36:57:08:10:ad:f8:2a:6d:20:5a:
d3:e7:f9:cc:f0:8c:a2:bd:ca:7a:cf:28:95:78:0d:b0:ff:2a:
a7:de:f0:50:d1:53:98:17:24:e8:e2:22:3a:9c:b0:42:09:64:
81:94:11:56:76:16:1c:a0:e5:c4:cc:77:62:d5:1b:bd:47:dc:
71:3a:d1:4b:db:7f:b6:9d:03:de:9d:f4:b4:df:03:53:33:fb:
51:41:1c:44
[root@centos7 ~]# openssl ca -status 01
Using configuration from /etc/pki/tls/openssl.cnf
01=Revoked (R)