差異處
這裏顯示兩個版本的差異處。
|
java:web:ssl:issuepersonalcertificate [2016/05/05 13:57] tony |
java:web:ssl:issuepersonalcertificate [2023/06/25 09:48] |
||
|---|---|---|---|
| 行 1: | 行 1: | ||
| - | {{tag>certificate}} | ||
| - | ====== Issue Personal Certificate ====== | ||
| - | 主要參考[[http://wiki.weithenn.org/cgi-bin/wiki.pl?OpenLDAP-SSL_TLS_%E8%A8%AD%E5%AE%9A|這篇]]內容,調整一下讓自己好重複使用: | ||
| - | <code batch> | ||
| - | #!/bin/bash | ||
| - | ROOT_KEY=rootca.key | ||
| - | ROOT_CSR=rooca.csr | ||
| - | ROOT_CRT=rootca.crt | ||
| - | P_KEY=tonylin.key | ||
| - | P_CSR=tonylin.csr | ||
| - | P_CRT=tonylin.crt | ||
| - | |||
| - | openssl genrsa -des3 -out $ROOT_KEY 2048 | ||
| - | openssl req -new -key rootca.key -out $ROOT_CSR | ||
| - | openssl x509 -req -days 7305 -sha1 -extfile /etc/ssl/openssl.cnf -extensions v3_ca \ | ||
| - | -signkey $ROOT_KEY -in $ROOT_CSR -out $ROOT_CRT | ||
| - | openssl genrsa -out $P_KEY 2048 | ||
| - | openssl req -new -key $P_KEY -out $P_CSR | ||
| - | openssl x509 -req -days 3650 -sha1 -extfile /etc/ssl/openssl.cnf -extensions v3_req -CA $ROOT_CRT -CAkey $ROOT_KEY \ | ||
| - | -CAserial rootca.srl -CAcreateserial -in $P_CSR -out $P_CRT | ||
| - | </code> | ||
| - | 該填的內容可以自行看那篇教學,我不贅述。 | ||
| - | ===== 其它 ===== | ||
| - | AD預設建出來的certificate是使用Subject Alternative Name去替代Subject。 | ||
| - | * [[https://technet.microsoft.com/zh-tw/library/ff625722(v=ws.10).aspx|How to Request a Certificate With a Custom Subject Alternative Name?]] | ||
| - | * | ||
| - | |||
| - | |||
| - | ====== ====== | ||
| - | ---- | ||
| - | \\ | ||
| - | ~~DISQUS~~ | ||
