ผลต่างระหว่างรุ่นของ "4. วิธีการสร้าง SSL"
ไปยังการนำทาง
ไปยังการค้นหา
Tanagan (คุย | มีส่วนร่วม) (Created page with "1. สร้าง private key '''# cd /etc/pki/tls/certs # make '''eai.key''''' ''' umask 77 ; \ /usr/bin/openssl genrsa -aes128 2048 > eai.key Generating RSA priva...") |
Tanagan (คุย | มีส่วนร่วม) |
||
| แถว 16: | แถว 16: | ||
'''# openssl rsa -in '''[[eai.key]]''' -out '''[[eai.key]]''''' | '''# openssl rsa -in '''[[eai.key]]''' -out '''[[eai.key]]''''' | ||
| − | '''Enter pass phrase for eai.key: '''[[# input passphrase]]''' | + | '''Enter pass phrase for eai.key: '''[[#input passphrase]]''' |
writing RSA key''' | writing RSA key''' | ||
| + | |||
| + | |||
| + | 3. สร้าง csr | ||
| + | '''# make eai.csr | ||
| + | |||
| + | '''umask 77 ; \ | ||
| + | /usr/bin/openssl req -utf8 -new -key eai.key -out eai.csr | ||
| + | You are about to be asked to enter information that will be incorporated | ||
| + | into your certificate request. | ||
| + | What you are about to enter is what is called a Distinguished Name or a DN. | ||
| + | There are quite a few fields but you can leave some blank | ||
| + | For some fields there will be a default value, | ||
| + | If you enter '.', the field will be left blank. | ||
| + | ----- | ||
| + | Country Name (2 letter code) [XX]:TH '''[[#country]]''' | ||
| + | State or Province Name (full name) []:Bangkok '''[[#state]]''' | ||
| + | Locality Name (eg, city) [Default City]:Dusit '''[[#city]]''' | ||
| + | Organization Name (eg, company) [Default Company Ltd]:EAI '''[[#company]]''' | ||
| + | Organizational Unit Name (eg, section) []:IT '''[[#department]]''' | ||
| + | Common Name (eg, your name or your server's hostname) []:mail.eai.in.th '''[[#server's FQDN]]''' | ||
| + | Email Address []:xxx@eai.in.th '''[[#email address]]''' | ||
| + | Please enter the following 'extra' attributes | ||
| + | to be sent with your certificate request | ||
| + | A challenge password []: '''[[#Enter]]''' | ||
| + | An optional company name []: '''[[#Enter]]''''' | ||
| + | |||
| + | |||
| + | 4. ทำการ generate key | ||
| + | '''# openssl x509 -in '''[[eai.csr]]''' -out '''[[eai.crt]]''' -req -signkey eai.key -days 3650''' | ||
| + | |||
| + | '''Signature ok | ||
| + | subject=/C=JP/ST=Hiroshima/L=Hiroshima/O=GTS/OU=Server World/CN=www.srv.world/emailAddress=xxx@eai.in.th | ||
| + | Getting Private key''' | ||
รุ่นแก้ไขเมื่อ 13:59, 8 พฤษภาคม 2563
1. สร้าง private key
# cd /etc/pki/tls/certs # make eai.key
umask 77 ; \ /usr/bin/openssl genrsa -aes128 2048 > eai.key Generating RSA private key, 2048 bit long modulus ... ... e is 65537 (0x10001) Enter pass phrase: #set passphrase Verifying - Enter pass phrase: #confirm
2. ถอด Passphase ออกจาก private key ที่สร้างขึ้น
# openssl rsa -in eai.key' -out eai.key
Enter pass phrase for eai.key: #input passphrase writing RSA key
3. สร้าง csr
# make eai.csr
umask 77 ; \ /usr/bin/openssl req -utf8 -new -key eai.key -out eai.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:TH #country State or Province Name (full name) []:Bangkok #state Locality Name (eg, city) [Default City]:Dusit #city Organization Name (eg, company) [Default Company Ltd]:EAI #company Organizational Unit Name (eg, section) []:IT #department Common Name (eg, your name or your server's hostname) []:mail.eai.in.th #server's FQDN Email Address []:xxx@eai.in.th #email address Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: #Enter An optional company name []: #Enter
4. ทำการ generate key
# openssl x509 -in eai.csr -out eai.crt -req -signkey eai.key -days 3650
Signature ok subject=/C=JP/ST=Hiroshima/L=Hiroshima/O=GTS/OU=Server World/CN=www.srv.world/emailAddress=xxx@eai.in.th Getting Private key
