本範例以Centos6為基礎。

1. 建立私鑰SSL key

   #cd /etc/pki/tls/certs/

   #openssl genrsa -des3 -out rootca.key 1024
   輸入兩次密碼

2. 建立憑證申請書SSL CSR

   #openssl req -new rootca.key -out root.csr
   輸入一次密碼
    
   ou are about to be asked to enter information that will be incorporated
   into your certificate request.
   What you are about to enter is what is called a Distinguished Name or a DN.
   There are quite a few fields but you can leave some blank
   For some fields there will be a default value,
   If you enter '.', the field will be left blank.
   -----
   Country Name (2 letter code) [XX]:TW    #國碼
   State or Province Name (full name) []:Taiwan R.O.C #完整州,地區名稱
   Locality Name (eg, city) [Default City]:Taichung  #城市名
   Organization Name (eg, company) [Default Company Ltd]:Qoop #公司名稱
   Organizational Unit Name (eg, section) []:Salse  #組織單位
   Common Name (eg, your name or your server's hostname) []:rpm32.Qoop.com #完整主機名稱
   Email Address []:[email protected] #聯絡的Mail
    
   Please enter the following 'extra' attributes
   to be sent with your certificate request
   A challenge password []: #按Enter即可
   An optional company name []: #按Enter即可

3. 建立RootCA自己簽發給自己 SSL crt

   #openssl x509 -req -signkey rootca.key -in rootca.csr -out rootca.crt
   Signature ok
   subject=/C=TW/ST=Taiwan R.O.C/L=Taichung/O=Qoop/OU=Salse/CN=rpm32.Qoop.com/[email protected]
   Getting Private key
   Enter pass phrase for rootca.key:  # 輸入第一步驟的密碼

1. SSL key:

   #openssl genrsa -out server.key 1024

2. SSL CSR:

   #openssl req -new -key server.key -out server.csr
   與第二大項步驟一樣
   ~略~
   Country Name (2 letter code) [XX]:TW
   State or Province Name (full name) []:Taiwan R.O.C
   Locality Name (eg, city) [Default City]:
   ~略~

3. SSL crt:

   #openssl x509 -req -CAcreateserial -CAkey rootca.key -CA rootca.crt -in server.csr -out server.crt
    
   Enter pass phrase for rootca.key: #輸入rootca.key的私鑰密碼

1. Benjr_CA
2. OpenLDAP-Postfix With SMTP SSL TLS 設定
3. OpenSSL 簽發憑證方式
4. 網路安全與實務理論-PGP/GnuPG-楊中皇