有两台机器,一台负责签发(157),一台负责申请(105)。专用于CA生成自签名证书-key:生成请求时使用的私钥文件-daysn:证书的有效期-out/PATH/TO/SOMECERTFILE:证书的存放路径查看信息在证书:opensslx509-in/PATH/FROM/CERT_FILE-noout-text|issuer|subject|serial|dates步骤157在/etc/pki/CA/private(umask077;opensslgenrsa-outcakey.pem4096)fromThevisacertificateisin/etc/pki/CA/opensslreq-new-x509-keyprivate/cakey.pem-outcacert.pem-days365requiredoptioncountry,provincialcoverageandcompanyname157创建两个文件touch/etc/pki/CA/index.txtecho0F>/etc/pki/CA/serialStep105在/apps下创建私钥(umask077;opensslgenrsa-outapp.key1024)生成证书申请文件opensslreq-new-keyapp.key-outapp.csrrequiredoption国家,省会和公司名称其余的也需要填写,以防后面出错发ca请求到157scpapp.csrroot@192.168.41.157:/root/步骤3157签署证书opensslca-in/root/app.csr-out/etc/pki/CA/app.crt-days100第四步将szapp.csr和szcacert.pem发送到win桌面,并导入可信证书机构先灌cacert.pem-->app.csr(可以把cacert.pem改成cancert.csr)第五步撤销证书参考链接:https://sslhow.com/check-根...
