openssl实现私有CA
目录
CA的配置文件:/etc/pki/tls/openssl.cnf
CA生成一对密钥
创建/etc/pki/CA/private目录
[root@localhost ~]# mkdir /etc/pki/CA/private
[root@localhost ~]# cd /etc/pki/CA
生成密钥
[root@localhost CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
................+++++
...........................................................+++++
e is 65537 (0x010001)
CA生成自签署证书
[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365
You are