红帽全球峰会此内容没有您所选择的语言版本。
E.2. Creating an SSL Certificate
The following procedure creates an SSL certificate and signs it with the CA key. SSL/TLS certificates provide a layer of security for accessing your installation over HTTPS. This procedure provides instructions for creating certificates and configuring the server with them.
openssl. To install this tool, run the following command on your server:
#yum install openssl
#yum install opensslProcedure E.2. Creating an SSL Certificate
- Create a key for your server:
#openssl genrsa -out ssl.key
#openssl genrsa -out ssl.keyCopy to Clipboard Copied! Toggle word wrap Toggle overflow This creates anssl.keyfile. - Use the key to create a signing request for your certificate:
#openssl req -new -key ssl.key -out ssl.csr
#openssl req -new -key ssl.key -out ssl.csrCopy to Clipboard Copied! Toggle word wrap Toggle overflow The signing request asks for some organization details to form the Distinguished Name (DN) in your certificate.Copy to Clipboard Copied! Toggle word wrap Toggle overflow This creates anssl.csrsigning request file. - Create the signed SSL certificate:
Create the signed SSL certificate:
Create the signed SSL certificate:Copy to Clipboard Copied! Toggle word wrap Toggle overflow opensslasks for your CA key's password.This creates a certificate file namedssl.crt.
Important
Procedure E.3. Resolving this error
- Create the index.txt file.
#touch /etc/pki/CA/index.txt
#touch /etc/pki/CA/index.txtCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Create a serial file to label the CA and all subsequent certificates.
#echo '1000' > /etc/pki/CA/serial
#echo '1000' > /etc/pki/CA/serialCopy to Clipboard Copied! Toggle word wrap Toggle overflow
#openssl ca -cert ca.crt -keyfile ca.key -out ssl.crt -infiles ssl.csr
#openssl ca -cert ca.crt -keyfile ca.key -out ssl.crt -infiles ssl.csrssl.crt and ssl.key form the certificate pair that your server uses to encrypt data via HTTPS.
You have created an SSL certificate and signed it with the CA key. openssl creates two files: ca.key, which is a key that administrators use to sign certificates, and ca.crt, which is the public CA certificate that users obtain to verify the validity of signed certificates they receive. Make sure users accessing your server have a copy of the ca.crt so that they can import it into their client's trusted CA store.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}