CentOS 下的 Apache CA 证书申请与导入日志

Get request

[root@tsghweb openssl]# openssl genrsa -des3 -out server.key 1024

Generating RSA private key, 1024 bit long modulus

............++++++

..........++++++

e is 65537 (0x10001)

Enter pass phrase for server.key:

Verifying - Enter pass phrase for server.key:

[root@tsghweb openssl]# openssl req -new -key server.key -out server.csr

Enter pass phrase for server.key:

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [GB]:

State or Province Name (full name) [Berkshire]:

Locality Name (eg, city) [Newbury]:

Organization Name (eg, company) [My Company Ltd]:

Organizational Unit Name (eg, section) []:

Common Name (eg, your name or your server's hostname) []:

Email Address []:

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

[root@tsghweb openssl]#

… …

Verify CA file

[root@tsghweb openssl]# openssl verify -CAfile rootca.crt -purpose sslserver rootcaserver.crt

rootcaserver.crt: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server CA - G2

error 20 at 0 depth lookup:unable to get local issuer certificate

[root@tsghweb openssl]#

[root@tsghweb openssl]# openssl rsa -noout -modulus -in server.key | openssl sha1

Enter pass phrase for server.key:hp0521

fa955c5e12ba90274553d879ba144afb6f7a3946

[root@tsghweb openssl]#

[root@tsghweb openssl]# openssl verify -CAfile rootcaserver.crt -purpose sslserver rootca.crt

rootca.crt: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server CA - G2

error 2 at 1 depth lookup:unable to get issuer certificate

[root@tsghweb openssl]#

… …

Impot certification

[root@tsghweb openssl]# openssl pkcs7 -in server.p7b -inform DER -print_certs -out server-chain.pem

[root@tsghweb openssl]# cp server-chain.pem /etc/pki/tls/certs/server-chain.crt

[root@tsghweb openssl]#

[root@tsghweb openssl]# openssl x509 -in server.cer -inform DER -out server.pem

[root@tsghweb openssl]# cp server.pem /etc/pki/tls/certs/server.crt

[root@tsghweb openssl]# service httpd restart

Stopping httpd: [ OK ]

Starting httpd: Apache/2.2.3 mod_ssl/2.2.3 (Pass Phrase Dialog)

Some of your private key files are encrypted for security reasons.

In order to read them you have to provide the pass phrases.

Server www.hpmtaiwan.tw:443 (RSA)

Enter pass phrase:

OK: Pass Phrase Dialog successful.

[ OK ]

[root@tsghweb openssl]#