CA实现
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了CA实现相关的知识,希望对你有一定的参考价值。
OPENSSL配置文件路径/etc/pki/tls/openssl.cnf
OPENSSL配置文件中CA配置项
[ CA_default ]
dir = /etc/pki/CA # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
crlnumber = $dir/crlnumber # the current crl number
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem
-
建立CA
cd /etc/pki/CA (umask 077;openssl genrsa -out private/cakey.pem 2048 ) #生成CA私钥 openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3650 #生成CA自签名证书 > index.txt #建立CA数据库(默认此文件不存在) echo 09 > serial #默认此文件不存在,编号数字为16进制
- 申请证书
(umask 066;openssl genrsa -out /test/app.key 1024) openssl req -new -key /test/app.key -out /test/app.csr #生成证书申请
- 颁发证书
openssl ca -in /test/app.csr -out /etc/pki/CA/certs/app.crt -days 100
- 吊销证书
openssl ca -revoke newcerts/0B.pem openssl ca -status 0B echo 09 > crlnumber openssl ca -gencrl -out /etc/pki/CA/crl.pem
以上是关于CA实现的主要内容,如果未能解决你的问题,请参考以下文章
精选博客反爬过程中 x-ca-noncex-ca-signature 参数的解密过程
[TIA PORTAL][CONVERT] Convert Char Array to DInt...DInt to Char Array..Useful and easy function(代码片段