car认证中心配置

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了car认证中心配置相关的知识,希望对你有一定的参考价值。

1.安装openssl软件

[[email protected] ~]# yum -y install openssl

 2.配置文件

172 basicConstraints=CA:TRUE

 3.生成公钥证书私钥

[[email protected] ~]# /etc/pki/tls/misc/CA -h

usage: /etc/pki/tls/misc/CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify

 [[email protected]~]# /etc/pki/tls/misc/CA -newca

Usingconfiguration from /etc/pki/tls/openssl.cnf

Enterpass phrase for /etc/pki/CA/private/./cakey.pem:

Checkthat the request matches the signature

Signatureok

CertificateDetails:

        Serial Number: 17413805404962385785(0xf1aa43c0e68f6f79)

        Validity

            Not Before: Jan 24 08:36:04 2016GMT

            Not After : Jan 23 08:36:04 2019GMT

        Subject:

            countryName               = CN

            stateOrProvinceName        = beijing

            organizationName           =xuegod

            organizationalUnitName      = IT

            commonName              = xuegod61.cn

            emailAddress               [email protected]

        X509v3 extensions:

            X509v3 Subject Key Identifier:

               DA:BD:34:5B:08:8A:90:30:75:7B:59:E3:F6:61:98:94:B6:7C:18:83

            X509v3 Authority Key Identifier:

               keyid:DA:BD:34:5B:08:8A:90:30:75:7B:59:E3:F6:61:98:94:B6:7C:18:83

 

            X509v3 Basic Constraints:

                CA:TRUE

Certificateis to be certified until Jan 23 08:36:04 2019 GMT (1095 days)

 

Writeout database with 1 new entries

DataBase Updated

 4.查看证书和私钥

[[email protected]~]# vim /etc/pki/CA/cacert.pem

查看私钥

[[email protected]~]# vim /etc/pki/CA/private/cakey.pem

-----BEGIN ENCRYPTED PRIVATE KEY-----

MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI7zwuLuC9VTYCAggA

MBQGCCqGSIb3DQMHBAgyhrOhDVaJAwSCBMhPUFUQDD3i/o+Zl+EKtX83Pe2lHHBl

8pQD6fh+DyzMINJ1hMycy/nRzBqt/+1bLnkIsmK2LN5YC4lLJbxzAODUrauOVGPs

/nbAO+70fg5xvosvJ1tfYI2h5inF3SbXvApf7bcazcw3Uf8w0KhWFiOFLyJuhefv

XTYvbdrKyrw3BCHJY9U8caEBkZvhndML7qFjeUary2SUoVNC49ACcfiuybNFGVdf

CoHwP1R7/2ieM3DHAYFdx0h0rsgr60tcko/WOihSrlJiBLlSsChBl6PwVZTZGbpF

wB54rLX3P3ZpRtUMZXEA+1pCxBukznWYziULx31bZpk+u4vUMvdund4+O6nEwKnG

nD2bqGoLltpqvQ/VdzAy94vKXOfYRYvA30ZVXEM+IAuf61taBaeX78pNEL6ylDaZ

nFSRK67pVJTaN414y/sKNwUgxRu9Mb68hjOL1MCdTbKA8/mYGRBRnq69bmVaUmzf

SH4ymXbUOz9AG/7JicRAs01AsM68fcQaNGEKcXA0NBKOQRWPMKJx5fTjgZbLpkhj

rR1U3rr8B9SroZrVt8qj0sjpfbYjd+ElNAZMeInHGFJ0R3cg7tRVviSWIbosAKk+

38zF4e2haKv1NSrh2UHT2sBmwFW74pHJ3EwUYpxS+mHDamCYKn2CTj9pO+lK6HFP

OJ62IApcWZmolR/OtqlniD3cGBY8FRNVL16KMTHdHIDTNYElL3wwDfVsb9B1YV8n

Rlni0v7VYv2ZPMu1La7sBYUEc7fkPOqleeHhUEU232h1UT/BnEUCOYKwr0f+uFur

/B2MspqbagU0fx5TSM2D+BPUf2M88qYmgynQim5hu4zOhHAmxjsdNMFMNTppUyHQ

Xr9Equ/L+3PlW1KhAxvy4npY8swAsDgQVX10GiEV6VAUZDgWg5uAWVk38QspifaG

1hGoRKAuDV/o+dpeMPJbemZ6iPDzpOlqXsjw1kU8BcbGHFY5pxoQ2YrAYsobiPMw

KQQuF0xcFZhjKnPUI2GyG+Am2FnTnwnd0wCKF5NR7qq5tsd9LlHFckX3OIBDWFqb

C12pzgyWa3JymqToeGdP3oVKW1TczrhNOQZEgahXAhEkr2t5qbtuiY9xTNOiSYeL

MfFNF6s6cf3WSFSWwUWidIrF3kBrhV2/2vzapObFxGfBsYhyadFrJjNO2ZYKQRwu

zqM5iuNltCKikMMz9EfScWlaIuZGzzgp/NptsD0dpZV5YWvmfFn+1EHck8JDWmXQ

FWeH3RYgn9mWM8PwjAjKHFHboGMdR3IILQ8u0PpW7SaOcAj29C/JRxwWajr11t6O

umi2cdtMRZDpD9qsrLE5xplMw6yPlbV+WrgM+MOs4DFrPnmjrEjUUD+F4ulsCeey

RE2TXyHwQOczqD8D6masMgw4DL9siLPDTtWjFxJmqJuJmISILF0CkDIIWBi9lRI8

Lu4XE0A6cl3wBVDjFefHUN8as6OzQ4QsFMqFnX4xVv4bSDWO9HEx4Dk8Hof/AOIH

JwYleEBvUjDO8FuGKfULZcwlTZdFfsfkTvZaORnBTh1QFLFg2RhZmhU4BEfuY+v7

oFIwQE55L+9zweERjjMPy1bfm7aC5+9+nGpxDsa8ua43b+eAfCSf/WsXCg4pmlp/

wPw=

-----END ENCRYPTED PRIVATE KEY-----

 5.客户端安装httpd

[[email protected] ~]# yum install httpd -y

6.客户端生成证书请求文件,获得证书

[[email protected] ~]# yum install openssl -y

生成私钥

[[email protected] ~]# openssl genrsa -des3-out /etc/httpd/conf.d/server.key

利用私钥生成证书请求文件

[[email protected]uegod63~]# openssl req -new -key /etc/httpd/conf.d/server.key -out /server.csr

[[email protected]~]# scp /server.csr [email protected]:/tmp

7.生成证书

[[email protected] ~]# openssl ca -keyfile/etc/pki/CA/private/cakey.pem -cert

/etc/pki/CA/cacert.pem-in /tmp/server.csr -out /server.crt

8.复制证书到客户端

[[email protected]]# scp /server.crt 192.168.1.64:/

9.客户端安装ssl

[[email protected]~]# yum install mod_ssl -y

10.客户端配置ssl

[[email protected]~]#vim /etc/httpd/conf.d/ssl.conf

改代码:SSLCertificateFile /etc/httpd/conf.d/server.crt

        SSLCertificateKeyFile/etc/httpd/conf.d/server.key

11.重启服务

[[email protected]~]#service httpd restart

12.客户端访问




 

浏览器查看证书


 

 



以上是关于car认证中心配置的主要内容,如果未能解决你的问题,请参考以下文章

CA认证授权服务器部署

CA认证授权服务器部署

CA认证授权服务器部署

搭建CA认证中心

苹果证书和公钥私钥加密

什么是CA安全体系,CA认证体系,C A 分别代表什么