本範例以Centos6為基礎。
#cd /etc/pki/tls/certs/
#openssl genrsa -des3 -out rootca.key 1024 輸入兩次密碼
#openssl req -new rootca.key -out root.csr 輸入一次密碼 ou are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:TW #國碼 State or Province Name (full name) []:Taiwan R.O.C #完整州,地區名稱 Locality Name (eg, city) [Default City]:Taichung #城市名 Organization Name (eg, company) [Default Company Ltd]:Qoop #公司名稱 Organizational Unit Name (eg, section) []:Salse #組織單位 Common Name (eg, your name or your server's hostname) []:rpm32.Qoop.com #完整主機名稱 Email Address []:[email protected] #聯絡的Mail Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: #按Enter即可 An optional company name []: #按Enter即可
#openssl x509 -req -signkey rootca.key -in rootca.csr -out rootca.crt Signature ok subject=/C=TW/ST=Taiwan R.O.C/L=Taichung/O=Qoop/OU=Salse/CN=rpm32.Qoop.com/[email protected] Getting Private key Enter pass phrase for rootca.key: # 輸入第一步驟的密碼
#openssl genrsa -out server.key 1024
#openssl req -new -key server.key -out server.csr 與第二大項步驟一樣 ~略~ Country Name (2 letter code) [XX]:TW State or Province Name (full name) []:Taiwan R.O.C Locality Name (eg, city) [Default City]: ~略~
#openssl x509 -req -CAcreateserial -CAkey rootca.key -CA rootca.crt -in server.csr -out server.crt Enter pass phrase for rootca.key: #輸入rootca.key的私鑰密碼