ผลต่างระหว่างรุ่นของ "4. วิธีการสร้าง SSL"

จาก Wiki_EAI
ไปยังการนำทาง ไปยังการค้นหา
 
(ไม่แสดง 2 รุ่นระหว่างกลางโดยผู้ใช้ 1 คน)
แถว 32: แถว 32:
 
  If you enter '.', the field will be left blank.
 
  If you enter '.', the field will be left blank.
 
  -----
 
  -----
  Country Name (2 letter code) [XX]:TH '''[[#country]]'''
+
  Country Name (2 letter code) [XX]:'''[[TH]]''' '''[[#country]]'''
  State or Province Name (full name) []:Bangkok   '''[[#state]]'''
+
  State or Province Name (full name) []:'''Bangkok'''   '''[[#state]]'''
  Locality Name (eg, city) [Default City]:Dusit '''[[#city]]'''
+
  Locality Name (eg, city) [Default City]:'''[[Dusit]]''' '''[[#city]]'''
  Organization Name (eg, company) [Default Company Ltd]:EAI  '''[[#company]]'''
+
  Organization Name (eg, company) [Default Company Ltd]:'''[[EAI]]''' '''[[#company]]'''
  Organizational Unit Name (eg, section) []:IT  '''[[#department]]'''
+
  Organizational Unit Name (eg, section) []:'''[[IT]]''' '''[[#department]]'''
  Common Name (eg, your name or your server's hostname) []:mail.eai.in.th  '''[[#server's FQDN]]'''
+
  Common Name (eg, your name or your server's hostname) []:'''[[mail.eai.in.th]]''' '''[[#server's FQDN]]'''
  Email Address []:xxx@eai.in.th '''[[#email address]]'''
+
  Email Address []:'''[[xxx@eai.in.th]]''' '''[[#email address]]'''
 
  Please enter the following 'extra' attributes
 
  Please enter the following 'extra' attributes
 
  to be sent with your certificate request
 
  to be sent with your certificate request
แถว 46: แถว 46:
  
 
4. ทำการ generate key
 
4. ทำการ generate key
  '''# openssl x509 -in '''[[eai.csr]]''' -out '''[[eai.crt]]''' -req -signkey eai.key -days 3650'''
+
  '''# openssl x509 -in '''[[eai.csr]]''' -out '''[[eai.crt]]''' -req -signkey '''[[eai.key]]''' -days 3650'''
  
 
  '''Signature ok
 
  '''Signature ok
 
  subject=/C=JP/ST=Hiroshima/L=Hiroshima/O=GTS/OU=Server World/CN=www.srv.world/emailAddress=xxx@eai.in.th
 
  subject=/C=JP/ST=Hiroshima/L=Hiroshima/O=GTS/OU=Server World/CN=www.srv.world/emailAddress=xxx@eai.in.th
 
  Getting Private key'''
 
  Getting Private key'''

รุ่นแก้ไขปัจจุบันเมื่อ 16:37, 20 พฤษภาคม 2564

1. สร้าง private key

# cd /etc/pki/tls/certs
# make eai.key
	umask 77 ; \
/usr/bin/openssl genrsa -aes128 2048 > eai.key
Generating RSA private key, 2048 bit long modulus
...
...
e is 65537 (0x10001)
Enter pass phrase: #set passphrase
Verifying - Enter pass phrase:  #confirm


2. ถอด Passphase ออกจาก private key ที่สร้างขึ้น

# openssl rsa -in eai.key' -out eai.key
Enter pass phrase for eai.key:  #input passphrase
writing RSA key


3. สร้าง csr

# make eai.csr
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key eai.key -out eai.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:TH		#country
State or Province Name (full name) []:Bangkok		   #state
Locality Name (eg, city) [Default City]:Dusit		#city
Organization Name (eg, company) [Default Company Ltd]:EAI  	#company
Organizational Unit Name (eg, section) []:IT  	 #department
Common Name (eg, your name or your server's hostname) []:mail.eai.in.th  	 #server's FQDN
Email Address []:xxx@eai.in.th		#email address
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:		#Enter
An optional company name []:		#Enter


4. ทำการ generate key

# openssl x509 -in eai.csr -out eai.crt -req -signkey eai.key -days 3650
Signature ok
subject=/C=JP/ST=Hiroshima/L=Hiroshima/O=GTS/OU=Server World/CN=www.srv.world/emailAddress=xxx@eai.in.th
Getting Private key