SHECA 數(shù)字證書--網(wǎng)絡(luò)因此更真實(shí)Apache-ssl Web Server 申請證書流程一 生成key 文件隨機(jī)選硬盤上三個(gè)文件randfile1-----randfile3ssleay ge

SHECA 數(shù)字證書--網(wǎng)絡(luò)因此更真實(shí)

Apache-ssl Web Server 申請證書流程一 生成key 文件

隨機(jī)選硬盤上三個(gè)文件randfile1-----randfile3

ssleay genrsa –des3 –rand randfile1:randfile2:randfile3 1024 > servername.key這將生成1024 bit RSA key pair 并存入文件servername.key(servername 你要申請證書的服務(wù)器名) 請牢記生成時(shí)的密碼并備份servername.key, 將其放在安全的地方如果忘記密碼或文件丟失您要重新申請證書

二 生成請求文件CSR

ssleay req –new –key servername.key –out servername.csr生成時(shí)請正確填入如下信息

Country code:

例如CN

State or province: 例如shanghai

Locality: 例如pudong

Organization:

例如sheca

Organizational unit: 例如operate

Common name: 例如 (與申請的服務(wù)器域名相同) 系統(tǒng)將生成請求文件servername.csr

-----BEGIN NEW CERTIFICATE REQUEST-----

MIIBJjCB0QIBADBsMQswCQYDVQQGEwJDSDELMAkGA1UECBMCc2gxCzAJBgNV BAcTAnNoMRcwFQYDVQQKHg5OCm13ThxluXU1icZT8DERMA8GA1UECx4IThyJxo 0ifs8xFzAVBgNVBAMTDmRvbmdzaGljYWlqaW5nMFwwDQYJKoZIhvcNAQEBBQAD SwAwSAJBAKax43NaCNTZk5dmgkgUne5IMpOVc/eZdvv6IOtNcWVx9umt7TQUJanFHKnLQEZdlBFPVemnckUcZ5eRq/SeEm0CAwEAAaAAMA0GCSqGSIb3DQEBBAUAA0EAfHcY8kAY51knSBuXn2kZ2NxeHp6wZGWp3jkHVXSO24XIvAWSrZzTFYd2kbrT86tY KANeCpUo2GX5gNJ04iwpsQ==

-----END NEW CERTIFICATE REQUEST-----

用notepad 將其存為servername.txt, 靜候CA 的審批通過

三 安裝證書

CA 審核通過后將一個(gè)包含root 和cert 證書的文件發(fā)送給申請人

This is Your Web Server Cert Pem Code

-----BEGIN CERTIFICATE-----

MIICNzCCAaCgAwIBAgICFiUwDQYJKoZIhvcNAQEEBQAwUTELMAkGA1UEBhMC Q04xMjAwBgNVBAoTKVNoYW5naGFpIEVsZWN0cm9uaWMgQ2VydGlmaWNhdGUg QXV0aG9yaXR5MQ4wDAYDVQQDEwVTSEVDQTAeFw05OTExMTIwMDAwMDBaF w0wMDAzMTEwODI3MDhaMIGFMQswCQYDVQQGEwJDTjEOMAwGA1UEChMFc2hlY2ExEjAQBgNVBAsTCW9wZXJhdGlvbjERMA8GA1UECBMIc2hhbmdoYWkxDjAM BgNVBAMTBXhpbnlpMQ8wDQYDVQQHEwZwdWRvbmcxHjAcBgkqhkiG9w0BCQEW D3hpbnlpQHNoZWNhLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCpBD5V al3K6hDwC4K7RZ5BvHNFi9n4smiTNlP5AiquSp/wgWTMTVHDOKUkjZnlg1G5ph9ifbgBu6U1/rSO0/DNAgMBAAGjLTArMAsGA1UdDwQEAwIFoDAJBgNVHRMEAjAAMBE中國協(xié)卡認(rèn)證體系

SHECA 數(shù)字證書--網(wǎng)絡(luò)因此更真實(shí)

GCWCGSAGG EIBAQQEAwIFYDANBgkqhkiG9w0BAQQFAAOBgQCTIbQsGmWmZcmBV IPEqZtAL3UXSiRTFkx0MtbwKAWxxwV4edpgmCHMrXjG39kbUcxyThCE M PRNBsScySaI3riS2LaqVMOIIVmNNtNbm9U2OwbIKLPC0hPt2iZrouIJEfSq1dsr3uBD siSI0X/7CRDOgsINMqAqLXaoS4wZWg==

-----END CERTIFICATE-----

This is Root Cert Pem Code

-----BEGIN CERTIFICATE-----

MIICNTCCAZ6gAwIBAgIBATANBgkqhkiG9w0BAQQFADBRMQswCQYDVQQGEwJD TjEyMDAGA1UEChMpU2hhbmdoYWkgRWxlY3Ryb25pYyBDZXJ0aWZpY2F0ZSBBdX Rob3JpdHkxDjAMBgNVBAMTBVNIRUNBMB4XDTk5MDEwMTAwMDAwMFoXDTAz MTIzMTIzNTk1OV owUTELMAkGA1UEBhMCQ04xMjAwBgNVBAoTKVNoYW5naGFp IEVsZWN0cm9uaWMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MQ4wDAYDVQQDEwV TSEVDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsEPg6J1OhvURYjTpk3n/E0pzjpPTAThyWSwY L wAlpSqKTQPMG6ADbFLvNJYDutnN3ikHRLf09g TIfCiYVcrbRakoIR4YbTZByVMMtiI4zPNiWuQhvWuEXgioMkpnv0fCeIRe0DuMZCptz3dtX1 /1wK dGYWCOPoMsZp pCMCAwEAAaMdMBswCwYDVR0PBAQDAgEGMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEACqHA LLwEuq3OfCHEW966a2QLfuN7KdC96d/JZXbp1sieoVMZHSrwPKgbdU0/hfl8Ldinbqme3a/UTiTXXF/RJqq9q/nEMfCMX9L58MKAfrfKKJUz1AUwBP dEfpmE6d4SJAm9oPZnIHxERv iwrURflsIdbGgphmntBLIBaIxo=

-----END CERTIFICATE-----

備份此文件將上部分用notepad 存為cert.txt (包含-----BEGIN CERTIFICATE-----到-----END CERTIFICATE-----)

將下部分用notepad 存為root.txt (包含-----BEGIN CERTIFICATE-----到-----END CERTIFICATE-----)

cp cert.txt /usr/local/ssl/certs/cert.txt

cp root.txt /usr/local/ssl/certs/root.txt

cp servername.key /usr/local/ssl/certs/servername.key

修改httpsd 文件

SSLCertificatekeyFile /usr/local/ssl/certs/servername.key

SSLCACertificateFile /usr/local/ssl/certs/root.txt

SSLCertificateFile /usr/local/ssl/certs/cert.txt

四 重起server

想了解更多的server 配置請?jiān)L問 http://www.apache-ssl.org

中國協(xié)卡認(rèn)證體系