Linux的ssl证书安装,LinuxSSL证书安装过程.doc

SSL 证书安装过程

第一步：安装mod_ssl[root@300second ~]#?yum -y install mod_ssl?

第二步：HTTP 服务器上配置mod_ssl[1] 建立服务器密钥[root@300second ~]#??cd /etc/pki/tls/certs/　?← 进入HTTP服务器配置文件所在目录[root@300second certs]#??make server.key　?← 建立服务器密钥umask 77 ; \?????????????? /usr/bin/openssl genrsa -des3 1024 > server.keyGenerating RSA private key, 1024 bit long modulus................++++++......++++++e is 65537 (0x10001)Enter pass phrase:　?????????????????????← 在这里输入口令Verifying - Enter pass phrase:　??← 确认口令，再次输入[root@300second certs]#??openssl rsa -in server.key -out server.key　?← 从密钥中删除密码(以避免系统启动后被询问口令)Enter pass phrase for server.key:　?← 输入口令writing RSA key[2] 建立服务器公钥[root@300second certs]#??make server.csr　?← 建立服务器密钥umask 77 ; \??????????????? /usr/bin/openssl req -utf8 -new -key server.key -out server.csrYou are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [GB]:CN　?← 输入国名State or Province Name (full name) [Berkshire]:Fujian　?← 输入省名Locality Name (eg, city) [Newbury]:Quanzhou　?← 输入城市名Organization Name (eg, company) [My Company Ltd]:　?← 输入组织名(任意)Organizational Unit Name (eg, section) []:　?← 不输入，直接回车Common Name (eg, your name or your server's hostname) []:　?← 输入通称(任意)Email Address []:300second@163.com?　?← 输入电子邮箱地址?Please enter the following 'extra' attributesto be sent with your certificate requestA challenge password []:　?← 不输入，直接回车An optional company name []:?　?← 不输入，直接回车

[3] 建立服务器证书[root@300second certs]#??openssl x509 -in server.csr -out server.pem -req -signkey server.key -days 365　?← 建立服务器证书Signature oksubject=/C=CN/ST=Fujian/L=Quanzhou/O=/CN=/emailAddress=300second@163.comGetting Private key[root@300second certs]#??chmod 400 server.*