Question

centsos 检查openssl有没有安装

Answer 1

1，安装openssltarzxvfopenssl-1.0.0a.tar.gzcdopenssl-1.0.0a./config--prefix=/usr/local/opensslmake&&makeinstall2,安装apachetarzxvfhttpd-2.2.16.tar.gzcdhttpd-2.2.16./configure--prefix=/usr/local/apache--enable-ssl--enable-rewrite--enable-so--with-ssl=/usr/local/opensslmake&&makeinstall如果你是yuminstall,apt-get,pacman这样的软件管理工具进行安装的话，上面的二步可以省掉。3，创建主证书在/usr/local/apache/conf/下面建个目录ssl3.1，mkdirssl3.2，cp/openssl的安装目录/ssl/misc/CA.sh/usr/local/apache/conf/ssl/3.3用CA.sh来创建证书查看复制打印1.[root@BlackGhostssl]#./CA.sh-newca//建立主证书2.CAcertificatefilename(orentertocreate)3.4.MakingCAcertificate5.Generatinga1024bitRSAprivatekey6.++++++7.++++++8.writingnewprivatekeyto'./demoCA/private/./cakey.pem'9.EnterPEMpassphrase:10.Verifying-EnterPEMpassphrase:11.Verifyfailure12.EnterPEMpassphrase:13.Verifying-EnterPEMpassphrase:14.-----15.Youareabouttobeaskedtoenterinformationthatwillbeincorporated16.intoyourcertificaterequest.17.WhatyouareabouttoenteriswhatiscalledaDistinguishedNameoraDN.18.Therearequiteafewfieldsbutyoucanleavesomeblank19.Forsomefieldstherewillbeadefaultvalue,20.Ifyouenter'.',thefieldwillbeleftblank.21.-----22.CountryName(2lettercode)[AU]:cn23.StateorProvinceName(fullname)[Some-State]:cn24.LocalityName(eg,city)[]:cn25.OrganizationName(eg,company)[InternetWidgitsPtyLtd]:cn26.OrganizationalUnitName(eg,section)[]:cn27.CommonName(eg,YOURname)[]:localhost28.EmailAddress[]:xtaying@gmail.com29.30.Pleaseenterthefollowing'extra'attributes31.tobesentwithyourcertificaterequest32.Achallengepassword[]:******************33.Anoptionalcompanyname[]:34.Usingconfigurationfrom/etc/ssl/openssl.cnf35.Enterpassphrasefor./demoCA/private/./cakey.pem://填的是上面的PEM密码36.Checkthattherequestmatchesthesignature37.Signatureok38.CertificateDetails:39.SerialNumber:40.89:11:9f:a6:ca:03:63:ab41.Validity42.NotBefore:Aug712:35:282010GMT43.NotAfter:Aug612:35:282013GMT44.Subject:45.countryName=cn46.stateOrProvinceName=cn47.organizationName=cn48.organizationalUnitName=cn49.commonName=localhost50.emailAddress=xtaying@gmail.com51.X509v3extensions:52.X509v3SubjectKeyIdentifier:53.26:09:F3:D5:26:13:00:1F:3E:CC:86:1D:E4:EE:37:06:65:15:4E:7654.X509v3AuthorityKeyIdentifier:55.keyid:26:09:F3:D5:26:13:00:1F:3E:CC:86:1D:E4:EE:37:06:65:15:4E:7656.DirName:/C=cn/ST=cn/O=cn/OU=cn/CN=localhost/emailAddress=xtaying@gmail.com57.serial:89:11:9F:A6:CA:03:63:AB58.59.X509v3BasicConstraints:60.CA:TRUE61.CertificateistobecertifieduntilAug612:35:282013GMT(1095days)62.63.Writeoutdatabasewith1newentries64.DataBaseUpdated[root@BlackGhostssl]#./CA.sh-newca//建立主证书CAcertificatefilename(orentertocreate)MakingCAcertificateGeneratinga1024bitRSAprivatekey++++++++++++writingnewprivatekeyto'./demoCA/private/./cakey.pem'EnterPEMpassphrase:Verifying-EnterPEMpassphrase:VerifyfailureEnterPEMpassphrase:Verifying-EnterPEMpassphrase:-----Youareabouttobeaskedtoenterinformationthatwillbeincorporatedintoyourcertificaterequest.WhatyouareabouttoenteriswhatiscalledaDistinguishedNameoraDN.TherearequiteafewfieldsbutyoucanleavesomeblankForsomefieldstherewillbeadefaultvalue,Ifyouenter'.',thefieldwillbeleftblank.-----CountryName(2lettercode)[AU]:cnStateorProvinceName(fullname)[Some-State]:cnLocalityName(eg,city)[]:cnOrganizationName(eg,company)[InternetWidgitsPtyLtd]:cnOrganizationalUnitName(eg,section)[]:cnCommonName(eg,YOURname)[]:localhostEmailAddress[]:xtaying@gmail.comPleaseenterthefollowing'extra'attributestobesentwithyourcertificaterequestAchallengepassword[]:******************Anoptionalcompanyname[]:Usingconfigurationfrom/etc/ssl/openssl.cnfEnterpassphrasefor./demoCA/private/./cakey.pem://填的是上面的PEM密码CheckthattherequestmatchesthesignatureSignatureokCertificateDetails:SerialNumber:89:11:9f:a6:ca:03:63:abValidityNotBefore:Aug712:35:282010GMTNotAfter:Aug612:35:282013GMTSubject:countryName=cnstateOrProvinceName=cnorganizationName=cnorganizationalUnitName=cncommonName=localhostemailAddress=xtaying@gmail.comX509v3extensions:X509v3SubjectKeyIdentifier:26:09:F3:D5:26:13:00:1F:3E:CC:86:1D:E4:EE:37:06:65:15:4E:76X509v3AuthorityKeyIdentifier:keyid:26:09:F3:D5:26:13:00:1F:3E:CC:86:1D:E4:EE:37:06:65:15:4E:76DirName:/C=cn/ST=cn/O=cn/OU=cn/CN=localhost/emailAddress=xtaying@gmail.comserial:89:11:9F:A6:CA:03:63:ABX509v3BasicConstraints:CA:TRUECertificateistobecertifieduntilAug612:35:282013GMT(1095days)Writeoutdatabasewith1newentriesDataBaseUpdated安装成功的话，会在ssl目录下面产生一个文件夹demoCA4生成服务器私钥和服务器证书查看复制打印1.[root@BlackGhostssl]#opensslgenrsa-des3-outserver.key1024//产生服务器私钥2.GeneratingRSAprivatekey,1024bitlongmodulus3.++++++4.++++++5.eis65537(0x10001)6.Enterpassphraseforserver.key:7.Verifying-Enterpassphraseforserver.key:8.[root@BlackGhostssl]#opensslreq-new-keyserver.key-outserver.csr//生成服务器证书9.Enterpassphraseforserver.key:10.Youareabouttobeaskedtoenterinformationthatwillbeincorporated11.intoyourcertificaterequest.12.WhatyouareabouttoenteriswhatiscalledaDistinguishedNameoraDN.13.Therearequiteafewfieldsbutyoucanleavesomeblank14.Forsomefieldstherewillbeadefaultvalue,15.Ifyouenter'.',thefieldwillbeleftblank.16.-----17.CountryName(2lettercode)[AU]:cn18.StateorProvinceName(fullname)[Some-State]:cn19.LocalityName(eg,city)[]:cn20.OrganizationName(eg,company)[InternetWidgitsPtyLtd]:cn21.OrganizationalUnitName(eg,section)[]:cn22.CommonName(eg,YOURname)[]:localhost//要填全域名23.EmailAddress[]:xtaying@gmail.com24.25.Pleaseenterthefollowing'extra'attributes26.tobesentwithyourcertificaterequest27.Achallengepassword[]:*****************28.Anoptionalcompanyname[]:[root@BlackGhostssl]#opensslgenrsa-des3-outserver.key1024//产生服务器私钥GeneratingRSAprivatekey,1024bitlongmodulus++++++++++++eis65537(0x10001)Enterpassphraseforserver.key:Verifying-Enterpassphraseforserver.key:[root@BlackGhostssl]#opensslreq-new-keyserver.key-outserver.csr//生成服务器证书Enterpassphraseforserver.key:Youareabouttobeaskedtoenterinformationthatwillbeincorporatedintoyourcertificaterequest.WhatyouareabouttoenteriswhatiscalledaDistinguishedNameoraDN.TherearequiteafewfieldsbutyoucanleavesomeblankForsomefieldstherewillbeadefaultvalue,Ifyouenter'.',thefieldwillbeleftblank.-----CountryName(2lettercode)[AU]:cnStateorProvinceName(fullname)[Some-State]:cnLocalityName(eg,city)[]:cnOrganizationName(eg,company)[InternetWidgitsPtyLtd]:cnOrganizationalUnitName(eg,section)[]:cnCommonName(eg,YOURname)[]:localhost//要填全域名EmailAddress[]:xtaying@gmail.comPleaseenterthefollowing'extra'attributestobesentwithyourcertificaterequestAchallengepassword[]:*****************Anoptionalcompanyname[]:4.1对产生的服务器证书进行签证cpserver.csrnewseq.pem