|
|
แถว 1: |
แถว 1: |
− | 1. สร้าง private key
| + | <languages/> |
− | '''# cd /etc/pki/tls/certs
| + | <translate> |
− | # make '''[[eai.key]]'''''
| |
| | | |
− | ''' umask 77 ; \
| |
− | /usr/bin/openssl genrsa -aes128 2048 > eai.key
| |
− | Generating RSA private key, 2048 bit long modulus
| |
− | ...
| |
− | ...
| |
− | e is 65537 (0x10001)
| |
− | Enter pass phrase: '''[[#set passphrase]]'''
| |
− | Verifying - Enter pass phrase: '''[[#confirm]]'''''
| |
| | | |
| | | |
− | 2. ถอด Passphase ออกจาก private key ที่สร้างขึ้น
| |
− | '''# openssl rsa -in '''[[eai.key]]''' -out '''[[eai.key]]'''''
| |
| | | |
− | '''Enter pass phrase for eai.key: '''[[#input passphrase]]'''
| + | [[Universal Acceptance Implementation]] |
− | writing RSA key'''
| |
| | | |
| | | |
− | 3. สร้าง csr
| + | </translate> |
− | '''# make eai.csr
| |
− | | |
− | '''umask 77 ; \
| |
− | /usr/bin/openssl req -utf8 -new -key eai.key -out eai.csr
| |
− | You are about to be asked to enter information that will be incorporated
| |
− | into your certificate request.
| |
− | What you are about to enter is what is called a Distinguished Name or a DN.
| |
− | There are quite a few fields but you can leave some blank
| |
− | For some fields there will be a default value,
| |
− | If you enter '.', the field will be left blank.
| |
− | -----
| |
− | Country Name (2 letter code) [XX]:'''[[TH]]''' '''[[#country]]'''
| |
− | State or Province Name (full name) []:'''[[Bangkok]]''' '''[[#state]]'''
| |
− | Locality Name (eg, city) [Default City]:'''[[Dusit]]''' '''[[#city]]'''
| |
− | Organization Name (eg, company) [Default Company Ltd]:'''[[EAI]]''' '''[[#company]]'''
| |
− | Organizational Unit Name (eg, section) []:'''[[IT]]''' '''[[#department]]'''
| |
− | Common Name (eg, your name or your server's hostname) []:'''[[mail.eai.in.th]]''' '''[[#server's FQDN]]'''
| |
− | Email Address []:'''[[xxx@eai.in.th]]''' '''[[#email address]]'''
| |
− | Please enter the following 'extra' attributes
| |
− | to be sent with your certificate request
| |
− | A challenge password []: '''[[#Enter]]'''
| |
− | An optional company name []: '''[[#Enter]]'''''
| |
− | | |
− | | |
− | 4. ทำการ generate key
| |
− | '''# openssl x509 -in '''[[eai.csr]]''' -out '''[[eai.crt]]''' -req -signkey '''[[eai.key]]''' -days 3650'''
| |
− | | |
− | '''Signature ok
| |
− | subject=/C=JP/ST=Hiroshima/L=Hiroshima/O=GTS/OU=Server World/CN=www.srv.world/emailAddress=xxx@eai.in.th
| |
− | Getting Private key'''
| |