系统中搭建CA
CA的配置文件
vim /etc/pki/tls/openssl.cnf
默认 CA_default (可建多个)
[ CA_default ]
dir = /etc/pki/CA # Where everything is kept CA的工作目录
certs = $dir/certs # Where the issued certs are kept 存放证书的地方
crl_dir = $dir/crl # Where the issued crl are kept 证书吊销列表
database = $dir/index.txt # database index file. 存放证书信息的数据库,需要手工创建
new_certs_dir = $dir/newcerts # default place for new certs. 新证书默认放此文件夹
certificate = $dir/cacert.pem # The CA certificate CA的证书文件
serial = $dir/serial # The current serial number 下一个要颁发的证书序列号(16进制数)
crlnumber = $dir/crlnumber # the current crl number下一个要吊销证书的序列号
crl = $dir/crl.pem # The current CRL 证书吊销列表
private_key = $dir/private/cakey.pem # The private key 存放私钥
RANDFILE = $dir/private/.rand # private random number file 生成随机数