Fidora 4.0 路徑:
/etc/pki/tls/misc/CA
RedHat Enterprise 3.0/4.0 路徑:
/usr/share/ssl/misc
產生 Root CA:
./CA -newca
看 Cert 編碼後內容:
cd ../../CA
openssl x509 -in cacert.pem -noout -text
產生 Cert Request:
./CA -newreq
看 Cert REQ 編碼後內容:
openssl req -in newreq.pem -noout -text
分出 private key:
head -18 newreq.pem > private.des3
簽發 Cert:
./CA -sign
更改 Root CA 的有效期限:
vi CA
DAYS="-days 3650"
更改簽發出來的 Cert 的有效期限:
vi /etc/pki/tls/openssl.cnf
default_days = 730 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha1 # which md to use.
preserve = no # keep passed DN ordering
拿掉 private key 上的 DES3:
openssl rsa -in private.des3 -out private.key
將 Cert 匯入 LDAP 必須先轉成 .der 格式
openssl x509 -in newcert.pem -outform der -out newcert.der
LDIF 檔內 attribute
userCertificate;binary:<file:///path/newcert.der
將個人 Cert 匯入 Outlook Express 必須先轉成 pkcs12 格式
此種格式同時含有 Cert 及 private key
openssl pkcs12 -export -in newcert.pem -out newcert.p12 -inkey private.key
Blog Archive
-
▼
2006
(19)
-
▼
December
(19)
- Use OpenSSL to Get Hash Values
- Linux Hostname
- Linux File Access Permissions
- LDAP with TLS
- Home Directory Solution for LDAP Linux Users
- LDAP Replica
- LDAP Partition
- Linux 開機時設定
- 提示符號含所在路徑
- Fedora 5 Console Font
- LDAP vs. Linux Account
- LDAP - osa_top.ldif
- LDAP - top.ldif
- LDAP vs. Outlook Express - kevin.ldif
- LDAP vs. Outlook Express - userdefine.schema
- RedHat RPM
- OpenLDAP 指令
- Certification
- 進階 vi 教學
-
▼
December
(19)
Tuesday, December 19, 2006
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment