赛题
CA
- CA根证书路径/CA/cacert.pem;
- 签发数字证书,颁发者信息:
国家 = CN
单位 = Inc
组织机构 = www.skills.com
公用名 = Skill Global Root CA
- 创建用户组ldsgp ,将zsuser、lsusr、wuusr添加到组内。
1.修改根证书存放目录
vim /etc/pki/tls/openssl.cnf
42 dir = /CA # Where everything is kept
50 certificate = $dir/cacert.pem # The CA certificate
2.创建根证书存放目录
[root@rserver ~]# cp -ra /etc/pki/CA/ /CA
[root@rserver CA]# touch {index.txt,serial}
[root@rserver CA]# echo 01 > serial
3.创建根证书
创建私钥
[root@rserver CA]# openssl genrsa -out private/cakey.pem
Generating RSA private key, 2048 bit long modulus
.....................................+++
.........................................+++
e is 65537 (0x10001)
生成cacert.pem根证书
[root@rserver CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:China
Locality Name (eg, city) [Default City]:GuangDong
Organization Name (eg, company) [Default Company Ltd]:skills
Organizational Unit Name (eg, section) []:Inc
Common Name (eg, your name or your server's hostname) []:Skill Global Root CA
Email Address []:
4.测试
[root@rserver CA]# openssl x509 -text -in /CA/cacert.pem -noout | grep Subject
Subject: C=CN, ST=China, O=skills, OU=Inc, CN=Skill Global Root CA
Subject Public Key Info:
X509v3 Subject Key Identifier:
[root@rserver CA]#