#######################################################################
自建CA ===========>centos7==========>DIR:/etc/pki/CA

Country Name (2 letter code) [XX]:CN
State or ProviNCe Name (full name) []:WUHAN
Locality Name (eg, city) [Default City]:JIANGXIA
Organization Name (eg, company) [Default Company Ltd]:CA.jack.com
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:JACK WANG
Email Address []:wang2891135657@163.com
#######################################################################
openssl设置文件: /etc/pki/tls/openssl.cnf 关于证书和吊销列表设置
touch index.txt (天生索引数据库,即证书的相关信息)
echo 01 > serial (给定初始证书编号)
(umask 066;openssl genrsa -out private/cakey.pem 2048)天生CA私钥
openssl req -new -x509 -key private/cakey.pem -days 3650 -out cacert.pem
#用私钥天生CA自署名证书
openssl x509 -in cacert.pem -noout -text (查看CA证书信息,也可发送win查看,改后缀:crt)

#接受申请者的私钥
openssl req -new -key /root/.ssh/wh5003.com.key -out wh5003.com.csr (用申请者的私钥天生证书申请)
openssl ca -in wh5003.com.csr -out certs/wh5003.com.crt -days 710 (为申请者天生有效期710天的证书)
openssl x509 -in certs/wh5003.com.crt -noout -serial -subject (查看天生的证书的信息)
openssl ca -status 01 (查看状态)

#######################################################################
证书申请============>centos6==========>DIR:/data/certs

Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:WUHAN
Locality Name (eg, city) [Default City]:WUCHANG
Organization Name (eg, company) [Default Company Ltd]:CA.jack.com
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:JACK LIN
Email Address []:953752844@qq.com

#######################################################################
(umask 066;openssl genrsa -out wh5003.com.key 2048) 申请者天生私钥
scp wh5003.com.key jack7:/root/.ssh/ 发送给CA机构

#######################################################################
将CA和申请者证书安装在windows即可查看效果
#######################################################################

,

欧博客户端

欢迎进入欧博客户端(Allbet Game):www.aLLbetgame.us,欧博官网是欧博集团的官方网站。欧博官网开放Allbet注册、Allbe代理、Allbet电脑客户端、Allbet手机版下载等业务。

,

#######################################################################
证书吊销==========>centos7(CA)=======>DIR:/etc/pki/CA

openssl x509 -in certs/wh5003.com.crt -noout -serial -subject (查看需要吊销的证书编号)
openssl ca -revoke newcerts/01.pem (核对吊销信息)
echo 01 > crlnumber (天生初始吊销编号)
openssl ca -gencrl -out crl.pem (天生吊销列表证书)
openssl ca -status 01 (查看被吊销的编号状态)
cat index.txt (查看数据库索引信息)
sz crl.pem (也可在windows查看,改后缀:crl)

######################################################################
[20:43:05-root@jack7 CA]#tree /etc/pki/CA/

/etc/pki/CA/
├── cacert.pem
├── certs
│&NBsp;  └── wh5003.com.crt
├── crl
├── crlnumber
├── crlnumber.old
├── crl.pem
├── index.txt
├── index.txt.attr
├── index.txt.attr.old
├── index.txt.old
├── newcerts
│   └── 01.pem
├── private
│   └── cakey.pem
├── serial
├── serial.old
└── wh5003.com.csr