[root@vpn ~]# mkdir /csk-rootca/
[root@vpn csk-rootca]# cp -a /etc/pki/CA/certs . #certs存放已颁发的证书
[root@vpn csk-rootca]# cp -a /etc/pki/CA/newcerts/ . #newcerts存放CA指令生成的新证书
[root@vpn csk-rootca]# cp -a /etc/pki/CA/private/ . #private存放私钥
[root@vpn csk-rootca]# touch index.txt #已签发证书的文本数据文件
[root@vpn csk-rootca]# echo "01" > serial #证书签发后使用的序列号参考文件
[root@vpn csk-rootca]# openssl genrsa -out private/csk-ca.pem 4096 #生成一个长度为4096的密钥
Generating RSA private key, 4096 bit long modulus
...........................++
....................++
e is 65537 (0x10001)
[root@vpn csk-rootca]# openssl req -new -x509 -key private/csk-ca.pem -out csk-ca.pem #签发数字证书
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN #国家
State or Province Name (full name) []:China #所在省
Locality Name (eg, city) [Default City]:BeiJing #所在市
Organization Name (eg, company) [Default Company Ltd]:skills #单位名称
Organization Unit Name (eg, section) []:Operations Departments #组织单位名称
Common Name (eg, your name or your server's hostname) []:CSK Global Root CA #单位域名
[root@vpn csk-rootca]# openssl x509 -text -in /csk-rootca/csk-ca.pem | grep Subject #查看证书信息
Subject: C=CN, ST=China, L=BeiJing, O=skills, OU=Operations Departments, CN=CSK Global Root CA
Subject Public Key Info:
X509v3 Subject Key Identifier:
Centos 7 设置CA根证书
最新推荐文章于 2024-01-03 14:07:21 发布