Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
3Activity
0 of .
Results for:
No results containing your search query
P. 1
如何製作 SSL X.509 憑證

如何製作 SSL X.509 憑證

Ratings:

5.0

(1)
|Views: 315 |Likes:
Published by twn353091
如何製作 SSL X.509 憑證
如何製作 SSL X.509 憑證

More info:

Published by: twn353091 on Nov 30, 2008
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

05/09/2014

pdf

text

original

\u5982\u4f55\u88fd\u4f5c SSL X.509 \u6191\u8b49\uff1f
\u76ee\u9304
1.\u524d\u8a00
2.\u82e5\u59b3\u662fro ot
1.\u8a2d\u5b9a OpenSSL \u7684\u74b0\u5883

2.\u88fd\u4f5c\u6700\u9ad8\u5c64\u8a8d\u8b49\u4e2d\u5fc3 (Root CA)
1.\u88fd\u4f5c Public/Private Key
2.\u586b\u5beb\u6191\u8b49\u7533\u8acb\u66f8
3.\u7c3d\u767c\u6191\u8b49

3.\u88fd\u4f5c\u4f3a\u670d\u5668\u7528\u7684\u6191\u8b49
1.\u88fd\u4f5c Public/Private Key
2.\u586b\u5beb\u6191\u8b49\u7533\u8acb\u66f8
3.\u7c3d\u767c\u6191\u8b49

3.\u82e5\u59b3\u662f\u4e00\u822c\u4f7f\u7528\u8005
1.\u8a2d\u5b9a OpenSSL \u7684\u74b0\u5883

2.\u88fd\u4f5c\u6700\u9ad8\u5c64\u8a8d\u8b49\u4e2d\u5fc3 (Root CA)
1.\u88fd\u4f5c Public/Private Key
2.\u586b\u5beb\u6191\u8b49\u7533\u8acb\u66f8
3.\u7c3d\u767c\u6191\u8b49

3.\u88fd\u4f5c\u4f3a\u670d\u5668\u7528\u7684\u6191\u8b49
1.\u88fd\u4f5c Public/Private Key
2.\u586b\u5beb\u6191\u8b49\u7533\u8acb\u66f8
3.\u7c3d\u767c\u6191\u8b49

4.\u8a2d\u5b9a\u4f3a\u670d\u5668
1.HTTP
1.Apache
2.POP3
1.Qpopper
3.SMTP
1.Sendmail
5.\u8a2d\u5b9a\u4f5c\u696d\u7cfb\u7d71
1.MS-WINDOWS

6.\u8a2d\u5b9a\u700f\u89bd\u5668
1.Mozilla \u8207 Netscape 6 \u4ee5\u5f8c\u7684\u7248\u672c
2.Internet Explorer
3.Opera
4.Lynx

7.\u8a2d\u5b9a\u96fb\u5b50\u90f5\u4ef6\u7a0b\u5f0f
1.Mozilla \u8207 Netscape 6 \u4ee5\u5f8c\u7684\u7248\u672c
2.Netscape 4 \u53ca\u66f4\u65e9\u7684\u7248\u672c
3.Outlook Express 6
4.Outlook Express 5.5
5.Outlook Express 4/5
6.Eudora 5.1 \u4ee5\u5f8c\u7684\u7248\u672c
7.Becky!
8.Opera \u90f5\u4ef6

8.\u8a2d\u5b9a\u5176\u5979\u4e0d\u652f\u63f4 SSL/TLS \u7684\u7a0b\u5f0f
1.Stunnel
9.\u89c0\u5ff5\u8a0e\u8ad6
\u7b2c 1 \u9801\uff0c \u5171 32 \u9801
SSL X.509 \u6191\u8b49\u6559\u5b78
2008/11/30
http://www.study-area.org/tips/certs/certs.html

1.SSL/X.509 \u7c21\u4ecb
2.\u6191\u8b49\u7121\u6548\u7684\u8b66\u544a
3.\u8cc7\u6599\uff1f\u4ec0\u9ebc\u8cc7\u6599\uff1f
4.\u6240\u4ee5 SSL \u5c31\u5b89\u5168\u4e86\u56c9\uff1f
5.\u4ec0\u9ebc\u662f\u6578\u4f4d\u7c3d\u540d\uff1f
6.\u4ec0\u9ebc\u662f\u6191\u8b49\uff1f
7.\u4ec0\u9ebc\u662f\u8a8d\u8b49\u4e2d\u5fc3\uff1f
8.\u4ec0\u9ebc\u662f\u6700\u9ad8\u5c64\u8a8d\u8b49\u4e2d\u5fc3\uff1f
9.\u5982\u4f55\u586b\u5beb\u6191\u8b49\u7533\u8acb\u66f8

10.X.509 \u6191\u8b49\u5236\u5ea6\u7684\u6aa2\u8a0e

11.\u5176\u5979 SSL/X.509 \u6191\u8b49\u7684\u505a\u6cd5
10.\u8a3b\u91cb
11.\u53c3\u8003\u8cc7\u6599
12.\u5f8c\u8a18

\u524d\u8a00\u7248\u6b0a\u6240\u6709\u00a9 2002 \u4f9d\u746a\u8c93\u3002\u4f9d\u746a\u8c93\u4fdd\u6709\u6240\u6709\u6b0a\u5229\u3002\u5982\u6b32\u8f49\u8f09\u3001\u5f15\u7528\u672c\u6587\uff0c\u8acb\u5148\u8a73\u95b1\u65c5
\u820d\u4f9d\u746a\u7248\u6b0a\u8072\u660e\u3002

\u672c\u6587\u7684\u76ee\u7684\u70ba\uff1a\u5728 Linux/*BSD/UNIX \u4e0b\uff0c\u7528 OpenSSL \uff0c\u4ee5\u81ea\u5df1\u540d\u5b57\u767c\u884c X.509 SSL \u6191
\u8b49 (Certificate) \u3002\u6211\u5011\u6703\u88fd\u4f5c\u5169\u500b\u6191\u8b49\uff1a\u7b2c\u4e00\u6b65\u5148\u505a\u4ee5\u81ea\u5df1\u70ba\u540d (XXX Association, YYY
Corporation) \uff0c\u81ea\u5df1\u7c3d\u540d\u80cc\u66f8\u7684\u6700\u9ad8\u5c64\u8a8d\u8b49\u4e2d\u5fc3 (Root CA) \uff0c\u7b2c\u4e8c\u6b65\u518d\u505a\u4ee5\u4f3a\u670d\u5668\u70ba\u540d
(www.abccompany.com) \uff0c\u7528\u7b2c\u4e00\u6b65\u505a\u7684\u6700\u9ad8\u5c64\u8a8d\u8b49\u4e2d\u5fc3 (XXX Association, YYY Corporation)
\u7c3d\u767c\u7684\u6191\u8b49 (Certificate) \u3002\u70ba\u7c21\u5316\u8d77\u898b\uff0c\u6211\u5011\u4e0d\u505a\u4e2d\u9593\u7684\u6191\u8b49\u55ae\u4f4d\uff0c\u76f4\u63a5\u7531\u6700\u9ad8\u5c64\u8a8d\u8b49\u4e2d\u5fc3
(Root CA) \uff0c\u4f86\u7c3d\u767c\u6191\u8b49\u3002

\u672c\u6587\u53ea\u8a0e\u8ad6 SSL X.509 \u6191\u8b49\u505a\u6cd5\uff0c\u4e0d\u8a0e\u8ad6\u7cfb\u7d71\u5b89\u5168\u554f\u984c\uff0c\u4e0d\u8a0e\u8ad6\u52a0\u89e3\u5bc6\u7684\u6f14\u7b97\u6cd5\uff0c\u4e5f \u4e0d\u8a0e\u8ad6 OpenSSL \u7684\u5982\u4f55\u5b89\u88dd\u3002\u6211\u5047\u8a2d\u59b3\u77ad\u89e3\u57fa\u672c Public Key/Private Key \u4e0d\u5c0d\u7a31\u52a0\u89e3\u5bc6\u7684\u89c0 \u5ff5\uff0c\u77e5\u9053\u4ec0\u9ebc\u662f RSA/DSA \u6f14\u7b97\u6cd5\u3002\u6211\u4e5f\u5047\u8a2d\u59b3\u5df2\u7d93\u88dd\u597d\u4e86 OpenSSL \uff0c\u5b89\u88dd\u6642\u4f7f\u7528\u4e0b\u5217\u7b26

\u5408 FHS[1] \u6a19\u6e96\u7684\u8a2d\u5b9a\uff1a
./config --prefix=/usr --openssldir=/usr/share/ssl
\u6216\u5b89\u88dd RPM \u6216 apt \u7684 openssl \u5957\u4ef6\u3002

\u672c\u6587\u662f\u505a\u6cd5\u6559\u5b78 (HOWTO) \uff0c\u6240\u4ee5\u5728\u7de8\u6392\u4e0a\uff0c\u628a\u505a\u6cd5\u6b65\u9a5f (how) \u653e\u5728\u6700\u524d\u9762\uff0c\u89c0\u5ff5\u8aaa \u660e\u548c\u8a0e\u8ad6 (what and why) \u7b49\uff0c\u90fd\u653e\u5728\u6587\u672b\u3002\u82e5\u59b3\u770b\u4e0d\u61c2\u505a\u6cd5\uff0c\u6216\u60f3\u5148\u5b78\u4e00\u4e9b\u57fa\u672c\u6982\u5ff5\uff0c\u8acb \u5148\u5f80\u5f8c\u7ffb\u95b1\uff0c\u4e0d\u9700\u7531\u524d\u5230\u5f8c\u95b1\u8b80\u3002

\u8acb\u6ce8\u610f\uff1a\u4f9d\u672c\u6587\u88fd\u4f5c\u7684\u6191\u8b49\uff0c\u9084\u662f\u6703\u5728\u700f\u89bd\u5668\u7b49 SSL \u7a0b\u5f0f\u4e0a\u51fa\u73fe\u6191\u8b49\u7121\u6548\u7684\u8b66\u544a\u3002\u8a73
\u60c5\u8acb\u53c3\u8003\u300cSSL/X.509 \u7c21\u4ecb\u300d\u8207\u300c\u6191\u8b49\u7121\u6548\u7684\u8b66\u544a\u300d\u3002

\u6309 X.509 \u7684\u898f\u5b9a\uff0c\u6191\u8b49\u53ef\u4ee5\u7528 RSA Key \uff0c\u4e5f\u53ef\u4ee5\u7528 DSA Key \u3002\u4e0d\u904e\u5728 SSL \u901a\u8a0a\u4e2d\uff0c \u4f3a\u670d\u5668\u7684\u6191\u8b49\u56e0\u70ba\u8981\u7528\u4f86\u50b3 Key \uff0c\u800c\u53ea\u6709 RSA \u53ef\u4ee5\u50b3 Key \uff0c\u6240\u4ee5\u53ea\u80fd\u7528 RSA \u3002\u81f3\u65bc\u8a8d\u8b49 \u4e2d\u5fc3\uff0c\u53ea\u662f\u7c3d\u540d\u67e5\u6838\u7528\uff0c\u4e0d\u7528\u50b3 Key \uff0c DSA \u6216 RSA \u90fd\u53ef\u4ee5\uff0c\u4f46\u56e0\u70ba\u9084\u6709\u4e00\u4e9b SSL \u7a0b\u5f0f\u4e0d

\u8a8d\u5f97 DSA[2] \uff0c\u70ba\u76f8\u5bb9\u6027\u8d77\u898b\uff0c\u9019\u88cf\u6211\u5011\u4e5f\u505a\u6210 RSA \u3002

\u8981\u88fd\u4f5c\u6700\u9ad8\u5c64\u8a8d\u8b49\u4e2d\u5fc3\uff0c\u53ef\u4ee5\u4ee5\u4e00\u822c\u4f7f\u7528\u8005\u6b0a\u9650\u4f86\u505a\uff0c\u4e0d\u4e00\u5b9a\u8981\u662fro ot\u3002\u4f46\u5982\u679c\u505a\u51fa \u4f86\u7684\u6700\u9ad8\u5c64\u8a8d\u8b49\u4e2d\u5fc3\uff0c\u662f\u6574\u500b\u7d44\u7e54\u7c3d\u767c\u6191\u8b49\u8981\u7528\u7684\uff0c\u5efa\u8b70\u4ee5ro ot \u7684\u6b0a\u9650\u4f86\u505a\uff0c\u6bd4\u8f03\u5b89\u5168\u3002 \u540c\u7406\uff0c\u88fd\u4f5c\u6191\u8b49\uff0c\u4e5f\u53ef\u4ee5\u4ee5\u4e00\u822c\u4f7f\u7528\u8005\u6b0a\u9650\u4f86\u505a\u3002\u4f46\u5982\u679c\u505a\u51fa\u4f86\u7684\u6191\u8b49\uff0c\u662f\u9019\u500b\u4f3a\u670d\u5668\u8981 \u7528\u7684\uff0c\u70ba\u5b89\u5168\u8d77\u898b\uff0c\u5efa\u8b70\u4ee5ro ot \u7684\u6b0a\u9650\u4f86\u505a\u3002

\u7b2c 2 \u9801\uff0c \u5171 32 \u9801
SSL X.509 \u6191\u8b49\u6559\u5b78
2008/11/30
http://www.study-area.org/tips/certs/certs.html
\u82e5\u59b3\u662froo t \uff0c\u8981\u5b89\u88dd\u7d66\u6574\u500b\u7d44\u7e54\u4f86\u7528\uff1a
\u8a2d\u5b9a OpenSSL \u7684\u74b0\u5883
\u82e5\u59b3\u662f\u7528\u4e0a\u8ff0\u65b9\u6cd5\u5b89\u88dd\uff1a
./config --prefix=/usr --openssldir=/usr/share/ssl

\u6216\u88dd Red Hat \u7684 RPM \uff0c OpenSSL \u7684\u8a2d\u5b9a\u6a94\u76ee\u9304\u6703\u5728/usr /s hare /s sl \u3002\u82e5\u59b3\u662f\u5b89\u88dd
Mandrake \u7684 RPM \uff0c\u8a2d\u5b9a\u6a94\u76ee\u9304\u6703\u5728/usr /l ib/s sl \u3002\u9019\u5169\u500b\u4f4d\u7f6e\u90fd\u4e0d\u7b26\u5408 FHS \u7684\u8981\u6c42\uff0c\u8cc7
\u6599\u5099\u4efd\u8d77\u4f86\u4e5f\u4e0d\u65b9\u4fbf\u3002\u8a2d\u5b9a\u6a94\u61c9\u8a72\u653e\u5728/etc /s sl \u4e0b\u3002\u82e5\u59b3\u662f\u5b89\u88dd Debian \u7684 apt \uff0c\u8a2d\u5b9a\u6a94\u76ee
\u9304\u6703\u5728/etc /s sl \u4e0b\uff0c\u4e0d\u6703\u6709\u554f\u984c\u3002

# \u8a2d\u5b9a\u76f8\u95dc\u7684\u76ee\u9304
mkdir -p /etc/ssl
mkdir -p /etc/ssl/private
chmod og-rwx /etc/ssl/private
mkdir -p /etc/ssl/certs
mkdir -p /etc/ssl/crl
mkdir -p /etc/ssl/newcerts

# \u8a2d\u5b9a OpenSSL \u8a2d\u5b9a\u6a94[3]
mv /usr/share/ssl/openssl.cnf /etc/ssl
ln -s /etc/ssl/openssl.cnf /usr/share/ssl/openssl.cnf

# \u8a2d\u5b9a OpenSSL \u8a2d\u5b9a\u6a94\u7684\u4f4d\u7f6e[4]
export OPENSSL_CONF="/etc/ssl/openssl.cnf"

# \u628a OpenSSL \u8a2d\u5b9a\u6a94\u7684\u4f4d\u7f6e\u52a0\u9032 .bashrc \u4e2d[5]
echo "# OpenSSL \u8a2d\u5b9a\u6a94\u7684\u4f4d\u7f6e" >> ~/.bashrc
echo "export OPENSSL_CONF=\"/etc/ssl/openssl.cnf\"" >> ~/.bashrc

# \u88fd\u4f5c\u4e82\u6578\u6a94[6]
openssl rand -out /etc/ssl/private/.rand 1024
chmod og-rwx /etc/ssl/private/.rand

\u7136\u5f8c\u4fee\u6539/etc/ssl/openssl.cnf \uff0c\u628a\u9019\u4e00\u884c
dir
= ./demoCA
# Where everything is kept
\u6539\u6210\u9019\u6a23
dir
= /etc/ssl
# Where everything is kept
\u88fd\u4f5c\u6700\u9ad8\u5c64\u8a8d\u8b49\u4e2d\u5fc3 (Root CA)

\u82e5\u59b3\u4e4b\u524d\u505a\u904e\u6700\u9ad8\u5c64\u8a8d\u8b49\u4e2d\u5fc3\uff0c\u4e0d\u8981\u91cd\u505a\uff0c\u4e0d\u7136\u539f\u4f86\u7c3d\u767c\u7684\u6191\u8b49\uff0c\u90fd\u6703\u5931\u6548\uff0c\u90fd\u8981\u91cd \u7c3d\u3002\u9664\u975e\u6700\u9ad8\u5c64\u8a8d\u8b49\u4e2d\u5fc3\u81ea\u5df1\u904e\u671f\u3001\u6a94\u6848\u907a\u5931\u3001 Private Key \u5916\u6d29\uff0c\u5426\u5247\u7d55\u5c0d\u4e0d\u8981\u91cd\u505a\u6700\u9ad8 \u5c64\u8a8d\u8b49\u4e2d\u5fc3\u3002

\u5047\u8a2d\u59b3\u8981\u505a\u7684\u6700\u9ad8\u5c64\u8a8d\u8b49\u4e2d\u5fc3\u53eb\u505amyrootca \u3002
1. \u88fd\u4f5c Private Key \uff08\u53ca Public Key \uff09
\u9019\u88cf\u6211\u5011\u505a\u4e00\u652f\u65b0\u7684 Private Key \u3002 Public Key \u53ef\u7531 Private Key \u63a8\u5f97\uff0c\u6240\u4ee5\u4e0d\u7528\u7279\u5225\u53bb
\u505a\u3002
\u7b2c 3 \u9801\uff0c \u5171 32 \u9801
SSL X.509 \u6191\u8b49\u6559\u5b78
2008/11/30
http://www.study-area.org/tips/certs/certs.html

Activity (3)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads
Sean Chang liked this

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->