In this tutorial i will be using CentOS to demonstrate the configuration of OpenSSL as a local certificate authority. Once this is setup you can use this server to sign certificates for other servers on your network. In this example i will also generate a request for signing from the server but in production instances you can/will do this from the requesting server.
1) Find out where the openssl.cnf file is located
which openssl
locate openssl.cnf
2) Change to the folder containing the openssl.cnf file, make a backup of the file
cd /etc/pki/tls
Use root user for the following
cp openssl.cnf openssl_bkup.cnf
3) Configure cnf file as needed
vi openssl.cnf
change
dir = ./local-ca or /etc/pki/local-ca
Under the [change req_distinguished_name] heading you can modify the defaults
as needed (helps in faster option selection but not required)
Modify the opensssl configuration to enable revocation list
comment out "crlnumber"
should be #crlnumber after change
4) After the configuration edits
mkdir local-ca
cd local-ca
mkdir newcerts
mkdir certs
mkdir req
mkdir private
mkdir crl
echo "01" > serial
touch index.txt
5) Create the CA
cd /etc/pki/local-ca
openssl req -new -x509 -newkey rsa:2048 -keyout private/cakey.pem -out cacert.pem -days 3650
6) Create request for certificate from the Certificate Authority above (different server)
openssl req -new -nodes -newkey rsa:1024 -keyout private/newsecuredserver.key -out req/newsecuredserver.req -days 1095
7) Create the signed Certificate from the request above
openssl ca -policy policy_anything -out certs/newsercuredserver.pem -in req/newsecuredserver.req
ssl certificate is .pem
key files are .key
Backup
Backup entire OpenSSL directory
/etc/pki
Remember to keep the directory permissions
ls -Fla pki
Create the certificate revocation list
openssl ca -config openssl.cnf -gencrl -out /crl/pem
Revoking Certificates
openssl ca -revoke /System/Library/OpenSSL/groundsweel/certs/mainfinsrvprod/pem
Create new request after revoking the certificate
openssl req -new -nodes -out /System/Library/OpenSSL/mainfinsrvprod/req/mainfinsrvprodnew.req
Create new signed certificate
openssl ca -config /System/Library/OpenSSL/openssl.cnf -policy poilicy_anything -out /System/Library/OpenSSL/main0ca/certs/mainfinsrvprodnew.pem -infiles /System/Library/OpenSSL/main-ca/req/mainfinsrvprodnew.req
Benefits of casino games - Curaçao Casino
ReplyDeleteBenefits of casino games in a casino are 메리트 카지노 쿠폰 usually based on luck and good luck, and as you become acquainted with these, it 메리트 카지노 is highly unlikely 인카지노 that they are
The King Casino | Ventureberg
ReplyDeleteDiscover the rise and fall of the septcasino king ventureberg.com/ casino, 1xbet app one of the world's largest The Casino is operated by the King Casino aprcasino Group. novcasino You can