日本免费全黄少妇一区二区三区-高清无码一区二区三区四区-欧美中文字幕日韩在线观看-国产福利诱惑在线网站-国产中文字幕一区在线-亚洲欧美精品日韩一区-久久国产精品国产精品国产-国产精久久久久久一区二区三区-欧美亚洲国产精品久久久久

  1. 首頁 > 云知道 > >

五 Linux簡(jiǎn)明系統(tǒng)維護(hù)手冊(cè)( 三 )

云知道


~/sslca#/usr/lib/ssl/misc/CA.sh -newcaCA certificate filename (or enter to create)(enter)Making CA certificate ...Using configuration from /usr/lib/ssl/openssl.cnfGenerating a 2048 bit RSA private key................................................................................writing new private key to "./demoCA/private/./cakey.pem"Enter PEM pass phrase:(enter password)Verifying password - Enter PEM pass phrase:(enter same password again)-----You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter ".", the field will be left blank.-----Country Name (2 letter code) [AU]:US(enter)State or Province Name (full name) [Some-State]:State(enter)Locality Name (eg, city) []:City(enter)Organization Name (eg, company) [Internet Widgits Pty Ltd]:21vianet(enter)Organizational Unit Name (eg, section) []:(enter)Common Name (eg, YOUR name) []:CA(enter)Email Address []:ca@xxx.com(enter)~/sslca#
2.7 下一步是給網(wǎng)關(guān)生成證書:
命令和要回答的問題如下:
~/sslca# /usr/lib/ssl/misc/CA.sh -newreqUsing configuration from /usr/lib/ssl/openssl.cnfGenerating a 2048 bit RSA private key..................................................................writing new private key to "newreq.pem"Enter PEM pass phrase:(enter password)Verifying password - Enter PEM pass phrase:(repeat password)-----You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter ".", the field will be left blank.-----Country Name (2 letter code) [AU]:US(enter)State or Province Name (full name) [Some-State]:State(enter)Locality Name (eg, city) []:City(enter)Organization Name (eg, company) [Internet Widgits Pty Ltd]:ExampleCo(enter)Organizational Unit Name (eg, section) []:(enter)Common Name (eg, YOUR name) []:vpnserver.rd.xxx.com(enter)Email Address []:user@xxx.com(enter)Please enter the following "extra" attributesto be sent with your certificate requestA challenge password []:(enter)An optional company name []:(enter)Request (and private key) is in newreq.pemnatecars@buzzword:~/sslca$ /usr/lib/ssl/misc/CA.sh -signUsing configuration from /usr/lib/ssl/openssl.cnfEnter PEM pass phrase:(password you entered for the ca certificate)Check that the request matches the signatureSignature okThe Subjects Distinguished Name is as followscountryName :PRINTABLE:"US"stateOrProvinceName:PRINTABLE:"State"localityName:PRINTABLE:"City"organizationName:PRINTABLE:"21vianet"commonName:PRINTABLE:"vpnserver.rd.xxx.com"emailAddress:IA5STRING:"rd@xxx.com"Certificate is to be certified until Feb 13 16:28:40 2012 GMT (3650 days)Sign the certificate? [y/n]:y(enter)1 out of 1 certificate requests certified, commit? [y/n]y(enter)Write out database with 1 new entriesData Base Updated(certificate snipped)Signed certificate is in newcert.pem
在以上步驟中一定要記住你輸入的密碼 。如果哪一不錯(cuò)了,想重新來過的話,記住刪除/var/sslca目錄下面的所有子目錄即可 。
2.8 把文件名字改為你需要的
~/sslca# mv newcert.pem vpnserver.rd.xxx.com.pem~/sslca# mv newreq.pem vpnserver.rd.xxx.com.key
2.9 編輯.key文件,刪除"-----BEGIN CERTIFICATE REQUEST-----"后面所有的東西,之后,這個(gè)文件應(yīng)該從"-----BEGIN RSA PRIVATE KEY-----"至"-----END RSA PRIVATE KEY-----"結(jié)束 。
2.10 如果正常的安裝了x.509補(bǔ)丁,你應(yīng)該可以看到/etc/ipsec.d及其下面的目錄 。如果沒有,你就自己建立 。然后按照下面的位置復(fù)制合適的文件:(此時(shí)你仍然在/var/sslca目錄中)
# cp vpnserver.rd.xxx.com.key /etc/ipsec.d/private# cp vpnserver.rd.xxx.com.pem /etc/ipsec.d# openssl x509 -in demoCA/cacert.pem -outform der -out rootca.der# cp rootca.der /etc/ipsec.d/cacerts/RootCA.der# openssl x509 -in host.example.com.pem -outform der -out /etc/x509cert.der# openssl ca -gencrl -out crl.pem# cp crl.pem /etc/ipsec.d/crls

推薦閱讀