Инструменты пользователя
пакет_openssl
Различия
Здесь показаны различия между двумя версиями данной страницы.
| Предыдущая версия справа и слева Предыдущая версия Следующая версия | Предыдущая версия | ||
|
пакет_openssl [2019/07/08 12:53] val [Debian] |
пакет_openssl [2020/06/25 14:43] val [Создание запроса на сертификат] |
||
|---|---|---|---|
| Строка 42: | Строка 42: | ||
| ==== Создание пары приватный/публичный ключ ==== | ==== Создание пары приватный/публичный ключ ==== | ||
| <code> | <code> | ||
| - | user1@server:~$ openssl genrsa 1024 > key.private | + | user1@server:~$ openssl genrsa 2048 > key.private |
| user1@server:~$ openssl rsa -pubout < key.private > key.public | user1@server:~$ openssl rsa -pubout < key.private > key.public | ||
| Строка 69: | Строка 69: | ||
| ===== Создание параметра DH ===== | ===== Создание параметра DH ===== | ||
| <code> | <code> | ||
| - | # openssl dhparam -out dh1024.pem 1024 | + | # openssl dhparam -out /etc/openvpn/dh2048.pem 2048 |
| </code> | </code> | ||
| Строка 76: | Строка 76: | ||
| ==== Создание приватного ключа ==== | ==== Создание приватного ключа ==== | ||
| <code> | <code> | ||
| - | server# openssl genrsa -out server.key 1024 | + | server# openssl genrsa -out server.key 2048 |
| server# chmod 400 server.key | server# chmod 400 server.key | ||
| Строка 88: | Строка 88: | ||
| Country Name (2 letter code) [AU]:RU | Country Name (2 letter code) [AU]:RU | ||
| State or Province Name (full name) [Some-State]:Moscow region | State or Province Name (full name) [Some-State]:Moscow region | ||
| - | Locality Name (eg, city) []:Mosсow | + | Locality Name (eg, city) []:Moscow |
| Organization Name (eg, company) [Internet Widgits Pty Ltd]:cko | Organization Name (eg, company) [Internet Widgits Pty Ltd]:cko | ||
| Organizational Unit Name (eg, section) []:noc | Organizational Unit Name (eg, section) []:noc | ||
| Строка 124: | Строка 124: | ||
| server# openssl verify server.crt | server# openssl verify server.crt | ||
| server.crt: OK | server.crt: OK | ||
| + | |||
| + | # wget -O - https://www.corp55.un | ||
| </code> | </code> | ||
| Строка 152: | Строка 154: | ||
| ... | ... | ||
| [ CA_default ] | [ CA_default ] | ||
| + | ... | ||
| dir = /root/CA | dir = /root/CA | ||
| - | ... | + | |
| - | certificate = /var/www/html/ca.crt # for linux | + | certificate = /var/www/html/ca.crt |
| - | certificate = /usr/local/www/apache24/data/ca.crt # for freebsd | + | |
| - | ... | + | crl = /var/www/html/ca.crl |
| - | crl = /var/www/html/ca.crl # for linux | + | |
| - | crl = /usr/local/www/apache24/data/ca.crl # for freebsd | + | |
| private_key = $dir/ca.key | private_key = $dir/ca.key | ||
| ... | ... | ||
| Строка 174: | Строка 176: | ||
| ==== Создание зашифрованного приватного ключа ==== | ==== Создание зашифрованного приватного ключа ==== | ||
| <code> | <code> | ||
| - | lan# openssl genrsa -des3 -out CA/ca.key 1024 | + | lan# openssl genrsa -des3 -out CA/ca.key 2048 |
| </code><code> | </code><code> | ||
| - | Generating RSA key, 1024 bits | + | Generating RSA key, 2048 bits |
| Enter PEM pass phrase:Pa$$w0rd | Enter PEM pass phrase:Pa$$w0rd | ||
| Verifying - Enter PEM pass phrase:Pa$$w0rd | Verifying - Enter PEM pass phrase:Pa$$w0rd | ||
| Строка 187: | Строка 189: | ||
| ... | ... | ||
| [ req_distinguished_name ] | [ req_distinguished_name ] | ||
| + | ... | ||
| countryName_default = RU | countryName_default = RU | ||
| - | ... | ||
| stateOrProvinceName_default = Moscow region | stateOrProvinceName_default = Moscow region | ||
| - | ... | ||
| localityName_default = Moscow | localityName_default = Moscow | ||
| - | ... | ||
| 0.organizationName_default = cko | 0.organizationName_default = cko | ||
| - | ... | ||
| organizationalUnitName_default = noc | organizationalUnitName_default = noc | ||
| - | ... | + | emailAddress_default = noc@corpX.un |
| - | emailAddress_default = userX@isp.un | + | |
| + | [ req_attributes ] | ||
| ... | ... | ||
| </code> | </code> | ||
| Строка 207: | Строка 207: | ||
| Enter pass phrase for ca.key:Pa$$w0rd | Enter pass phrase for ca.key:Pa$$w0rd | ||
| ... | ... | ||
| - | Country Name (2 letter code) [AU]:RU | ||
| - | State or Province Name (full name) [Some-State]:Moscow region | ||
| - | Locality Name (eg, city) []:Moscow | ||
| - | Organization Name (eg, company) [Internet Widgits Pty Ltd]:cko | ||
| - | Organizational Unit Name (eg, section) []:noc | ||
| Common Name (eg, YOUR name) []:corpX.un | Common Name (eg, YOUR name) []:corpX.un | ||
| - | Email Address []:noc@corpX.un | ||
| </code> | </code> | ||
| Строка 227: | Строка 221: | ||
| ==== Создание приватного ключа сервиса ==== | ==== Создание приватного ключа сервиса ==== | ||
| <code> | <code> | ||
| - | www# openssl genrsa -out www.key 1024 | + | www# openssl genrsa -out www.key 2048 |
| www# chmod 400 www.key | www# chmod 400 www.key | ||
| </code> | </code> | ||
| Строка 238: | Строка 232: | ||
| </code><code> | </code><code> | ||
| ... | ... | ||
| - | Country Name (2 letter code) [AU]:RU | ||
| - | State or Province Name (full name) [Some-State]:Moscow region | ||
| - | Locality Name (eg, city) []:Moscow | ||
| - | Organization Name (eg, company) [Internet Widgits Pty Ltd]:cko | ||
| - | Organizational Unit Name (eg, section) []:noc | ||
| Common Name (eg, YOUR name) []:www.corpX.un | Common Name (eg, YOUR name) []:www.corpX.un | ||
| - | Email Address []:noc@corpX.un | + | ... |
| - | + | ||
| - | Please enter the following 'extra' attributes | + | |
| - | to be sent with your certificate request | + | |
| - | A challenge password []: | + | |
| - | An optional company name []: | + | |
| </code> | </code> | ||
| Строка 324: | Строка 308: | ||
| ==== Создание приватного ключа пользователя ==== | ==== Создание приватного ключа пользователя ==== | ||
| <code> | <code> | ||
| - | $ openssl genrsa -out user1.key 1024 | + | $ openssl genrsa -out user1.key 2048 |
| </code> | </code> | ||
| Строка 331: | Строка 315: | ||
| $ openssl req -new -key user1.key -out user1.req | $ openssl req -new -key user1.key -out user1.req | ||
| ... | ... | ||
| - | Country Name (2 letter code) [RU]: | + | Organizational Unit Name (eg, section) [noc]:group1 |
| - | State or Province Name (full name) [Moscow region]: | + | |
| - | Locality Name (eg, city) [Moscow]: | + | |
| - | Organization Name (eg, company) [cko]: | + | |
| - | Organizational Unit Name (eg, section) []:group1 | + | |
| Common Name (eg, YOUR name) []:user1 | Common Name (eg, YOUR name) []:user1 | ||
| - | Email Address []:user1@corpX.un | + | Email Address [noc@corpX.un]:user1@corpX.un |
| ... | ... | ||
| </code> | </code> | ||
пакет_openssl.txt · Последние изменения: 2020/06/25 14:43 — val
Инструменты страницы
За исключением случаев, когда указано иное, содержимое этой вики предоставляется на условиях следующей лицензии: CC Attribution-Share Alike 4.0 International
