Здесь показаны различия между двумя версиями данной страницы.
Предыдущая версия справа и слева Предыдущая версия Следующая версия | Предыдущая версия | ||
пакет_openssl [2019/07/08 12:53] val [Debian] |
пакет_openssl [2020/06/25 14:43] val [Создание запроса на сертификат] |
||
---|---|---|---|
Строка 42: | Строка 42: | ||
==== Создание пары приватный/публичный ключ ==== | ==== Создание пары приватный/публичный ключ ==== | ||
<code> | <code> | ||
- | user1@server:~$ openssl genrsa 1024 > key.private | + | user1@server:~$ openssl genrsa 2048 > key.private |
user1@server:~$ openssl rsa -pubout < key.private > key.public | user1@server:~$ openssl rsa -pubout < key.private > key.public | ||
Строка 69: | Строка 69: | ||
===== Создание параметра DH ===== | ===== Создание параметра DH ===== | ||
<code> | <code> | ||
- | # openssl dhparam -out dh1024.pem 1024 | + | # openssl dhparam -out /etc/openvpn/dh2048.pem 2048 |
</code> | </code> | ||
Строка 76: | Строка 76: | ||
==== Создание приватного ключа ==== | ==== Создание приватного ключа ==== | ||
<code> | <code> | ||
- | server# openssl genrsa -out server.key 1024 | + | server# openssl genrsa -out server.key 2048 |
server# chmod 400 server.key | server# chmod 400 server.key | ||
Строка 88: | Строка 88: | ||
Country Name (2 letter code) [AU]:RU | Country Name (2 letter code) [AU]:RU | ||
State or Province Name (full name) [Some-State]:Moscow region | State or Province Name (full name) [Some-State]:Moscow region | ||
- | Locality Name (eg, city) []:Mosсow | + | Locality Name (eg, city) []:Moscow |
Organization Name (eg, company) [Internet Widgits Pty Ltd]:cko | Organization Name (eg, company) [Internet Widgits Pty Ltd]:cko | ||
Organizational Unit Name (eg, section) []:noc | Organizational Unit Name (eg, section) []:noc | ||
Строка 124: | Строка 124: | ||
server# openssl verify server.crt | server# openssl verify server.crt | ||
server.crt: OK | server.crt: OK | ||
+ | |||
+ | # wget -O - https://www.corp55.un | ||
</code> | </code> | ||
Строка 152: | Строка 154: | ||
... | ... | ||
[ CA_default ] | [ CA_default ] | ||
+ | ... | ||
dir = /root/CA | dir = /root/CA | ||
- | ... | + | |
- | certificate = /var/www/html/ca.crt # for linux | + | certificate = /var/www/html/ca.crt |
- | certificate = /usr/local/www/apache24/data/ca.crt # for freebsd | + | |
- | ... | + | crl = /var/www/html/ca.crl |
- | crl = /var/www/html/ca.crl # for linux | + | |
- | crl = /usr/local/www/apache24/data/ca.crl # for freebsd | + | |
private_key = $dir/ca.key | private_key = $dir/ca.key | ||
... | ... | ||
Строка 174: | Строка 176: | ||
==== Создание зашифрованного приватного ключа ==== | ==== Создание зашифрованного приватного ключа ==== | ||
<code> | <code> | ||
- | lan# openssl genrsa -des3 -out CA/ca.key 1024 | + | lan# openssl genrsa -des3 -out CA/ca.key 2048 |
</code><code> | </code><code> | ||
- | Generating RSA key, 1024 bits | + | Generating RSA key, 2048 bits |
Enter PEM pass phrase:Pa$$w0rd | Enter PEM pass phrase:Pa$$w0rd | ||
Verifying - Enter PEM pass phrase:Pa$$w0rd | Verifying - Enter PEM pass phrase:Pa$$w0rd | ||
Строка 187: | Строка 189: | ||
... | ... | ||
[ req_distinguished_name ] | [ req_distinguished_name ] | ||
+ | ... | ||
countryName_default = RU | countryName_default = RU | ||
- | ... | ||
stateOrProvinceName_default = Moscow region | stateOrProvinceName_default = Moscow region | ||
- | ... | ||
localityName_default = Moscow | localityName_default = Moscow | ||
- | ... | ||
0.organizationName_default = cko | 0.organizationName_default = cko | ||
- | ... | ||
organizationalUnitName_default = noc | organizationalUnitName_default = noc | ||
- | ... | + | emailAddress_default = noc@corpX.un |
- | emailAddress_default = userX@isp.un | + | |
+ | [ req_attributes ] | ||
... | ... | ||
</code> | </code> | ||
Строка 207: | Строка 207: | ||
Enter pass phrase for ca.key:Pa$$w0rd | Enter pass phrase for ca.key:Pa$$w0rd | ||
... | ... | ||
- | Country Name (2 letter code) [AU]:RU | ||
- | State or Province Name (full name) [Some-State]:Moscow region | ||
- | Locality Name (eg, city) []:Moscow | ||
- | Organization Name (eg, company) [Internet Widgits Pty Ltd]:cko | ||
- | Organizational Unit Name (eg, section) []:noc | ||
Common Name (eg, YOUR name) []:corpX.un | Common Name (eg, YOUR name) []:corpX.un | ||
- | Email Address []:noc@corpX.un | ||
</code> | </code> | ||
Строка 227: | Строка 221: | ||
==== Создание приватного ключа сервиса ==== | ==== Создание приватного ключа сервиса ==== | ||
<code> | <code> | ||
- | www# openssl genrsa -out www.key 1024 | + | www# openssl genrsa -out www.key 2048 |
www# chmod 400 www.key | www# chmod 400 www.key | ||
</code> | </code> | ||
Строка 238: | Строка 232: | ||
</code><code> | </code><code> | ||
... | ... | ||
- | Country Name (2 letter code) [AU]:RU | ||
- | State or Province Name (full name) [Some-State]:Moscow region | ||
- | Locality Name (eg, city) []:Moscow | ||
- | Organization Name (eg, company) [Internet Widgits Pty Ltd]:cko | ||
- | Organizational Unit Name (eg, section) []:noc | ||
Common Name (eg, YOUR name) []:www.corpX.un | Common Name (eg, YOUR name) []:www.corpX.un | ||
- | Email Address []:noc@corpX.un | + | ... |
- | + | ||
- | Please enter the following 'extra' attributes | + | |
- | to be sent with your certificate request | + | |
- | A challenge password []: | + | |
- | An optional company name []: | + | |
</code> | </code> | ||
Строка 324: | Строка 308: | ||
==== Создание приватного ключа пользователя ==== | ==== Создание приватного ключа пользователя ==== | ||
<code> | <code> | ||
- | $ openssl genrsa -out user1.key 1024 | + | $ openssl genrsa -out user1.key 2048 |
</code> | </code> | ||
Строка 331: | Строка 315: | ||
$ openssl req -new -key user1.key -out user1.req | $ openssl req -new -key user1.key -out user1.req | ||
... | ... | ||
- | Country Name (2 letter code) [RU]: | + | Organizational Unit Name (eg, section) [noc]:group1 |
- | State or Province Name (full name) [Moscow region]: | + | |
- | Locality Name (eg, city) [Moscow]: | + | |
- | Organization Name (eg, company) [cko]: | + | |
- | Organizational Unit Name (eg, section) []:group1 | + | |
Common Name (eg, YOUR name) []:user1 | Common Name (eg, YOUR name) []:user1 | ||
- | Email Address []:user1@corpX.un | + | Email Address [noc@corpX.un]:user1@corpX.un |
... | ... | ||
</code> | </code> |