搭建CA

工具 openCA 、openssl

1、Centos7---搭建CA(将Centos7假设为CA)
      创建所需要的文件;
      # touch /etc/pki/CA/index.txt  生成证书索引数据库文件
      # echo 01 > /etc/pki/CA/serial  指定第一个颁发证书的序列号
      生成私钥;
      #(umask 066;openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048)
      自签名;
      # openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem  -out /etc/pki/CA/cacerrt.pem -days 3650
2、Centos6---创建申请证书(将Centos6假设为客户端)
      创建私钥;
      #(umask 006;openssl genrsa -out /app/service.key 4096)
      生成申请证书;
      # openssl req -new -key /app/service.key -out /app/service.csr
      将申请证书文件发送到CA(Centos7);
      # scp /app/service.csr 192.168.239.131:/etc/pki/CA/
3、CA(Centos7)颁发证书及审核;
      #openssl ca -in /etc/pki/CA/service.csr -out /etc/pki/certs/service.crt -days 100
      将证书发送到Centos6(客户端);
      # scp /etc/pki/CA/certs/service.crt 192.168.239.131:/app/
      

1、搭建CA(centos7.3 假设为CA)

#vim /etc/pki/tls/openssl.cnf查看配置文件
[root@centos7 ~]#vim /etc/pki/tls/openssl.cnf
#unique_subject = no                    # Set to 'no' to allow creation of
                                        # several ctificates with same subject.
new_certs_dir   = $dir/newcerts         # default place for new certs.

certificate     = $dir/cacert.pem       # The CA certificate
serial          = $dir/serial           # The current serial number
crlnumber       = $dir/crlnumber        # the current crl number
                                        # must be commented out to leave a V1 CRL
crl             = $dir/crl.pem          # The current CRL
private_key     = $dir/private/cakey.pem# The private key
RANDFILE        = $dir/private/.rand    # private random number file

x509_extensions = usr_cert              # The extentions to add to the cert

# Comment out the following two lines for the "traditional"
# (and highly broken) format.
name_opt        = ca_default            # Subject Name options
cert_opt        = ca_default            # Certificate field options

# Extension copying option: use with caution.
# copy_extensions = copy

# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crlnumber must also be commented out to leave a V1 CRL.
# crl_extensions        = crl_ext

default_days    = 365                   # how long to certify for
default_crl_days= 30                    # how long before next CRL
default_md      = sha256                # use SHA-256 by default
preserve        = no                    # keep passed DN ordering

# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy          = policy_match

# For the CA policy
[ policy_match ]
countryName             = match
stateOrProvinceName     = match
organizationName        = match
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional

# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName             = optional
stateOrProvinceName     = optional
localityName            = optional
organizationName        = optional
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional
创建所需要的文件;
[root@centos7 ~]#cd /etc/pki/CA/
[root@centos7 CA]#ls
certs  crl  newcerts  private
[root@centos7 CA]#tree
.
├── certs
├── crl
├── newcerts
└── private

4 directories, 0 files
[root@centos7 CA]#touch /etc/pki/CA/index.txt
[root@centos7 CA]#ls
certs  crl  index.txt  newcerts  private
[root@centos7 CA]#echo 01> /etc/pki/CA/serial
[root@centos7 CA]#ls
certs  crl  index.txt  newcerts  private  serial
[root@centos7 CA]#tree
.
├── certs
├── crl
├── index.txt
├── newcerts
├── private
└── serial

4 directories, 2 files
生成私钥:
[root@centos7 CA]#(umask 066;openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus
..................................................+++
...............................................................................................................................................................................................+++
e is 65537 (0x10001)
[root@centos7 CA]#tree
.
├── certs
├── crl
├── index.txt
├── newcerts
├── private
│   └── cakey.pem
└── serial

4 directories, 3 files
查看权限
[root@centos7 CA]#ll /etc/pki/CA/private/cakey.pem 
-rw-------. 1 root root 1675 Jul 17 20:37 /etc/pki/CA/private/cakey.pem
自签名
[root@centos7 CA]#openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem  -out /etc/pki/CA/cacert.pem -days 3650
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:henan
Locality Name (eg, city) [Default City]:zhengzhou       
Organization Name (eg, company) [Default Company Ltd]:magedu
Organizational Unit Name (eg, section) []:m24        
Common Name (eg, your name or your server's hostname) []:ca.magedu.com
Email Address []:
[root@centos7 CA]#tree
.
├── cacert.pem
├── certs
├── crl
├── index.txt
├── newcerts
├── private
│   └── cakey.pem
└── serial

4 directories, 4 files
查看自签名证书
[root@centos7 CA]#openssl x509 -in /etc/pki/CA/cacert.pem  -noout -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 10081393424590182561 (0x8be84de7f9a818a1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=CN, ST=henan, L=zhengzhou, O=magedu, OU=m24, CN=ca.magedu.com
        Validity
            Not Before: Jul 17 12:54:38 2017 GMT
            Not After : Jul 15 12:54:38 2027 GMT
        Subject: C=CN, ST=henan, L=zhengzhou, O=magedu, OU=m24, CN=ca.magedu.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:e3:ad:25:86:7a:47:c1:33:38:2b:a4:51:3c:70:
                    11:3d:3d:e8:0b:58:0f:ad:5e:80:bf:c9:d4:07:ef:
                    9c:33:f2:b8:26:a3:d5:86:4b:3f:74:43:b6:06:75:
                    49:6c:4f:74:04:49:9c:53:7a:ce:44:a8:79:9a:a0:
                    00:82:9d:32:9c:50:38:16:98:a9:e5:78:47:21:06:
                    9b:fc:05:c4:10:49:d6:03:3f:b5:eb:31:20:55:98:
                    7c:dd:fb:fe:96:9c:22:fa:81:94:1b:e1:47:93:3d:
                    fa:4e:03:24:48:94:56:81:75:a1:8d:65:41:66:94:
                    3e:f7:03:97:55:4d:45:80:ff:e5:98:a2:10:38:79:
                    dc:ee:df:44:14:8b:2b:6e:f8:a3:a9:1a:e7:53:28:
                    d8:87:76:1a:7c:e9:8e:15:6c:7f:b2:66:65:ed:58:
                    db:17:c4:f1:36:69:d5:57:d9:8f:49:55:6d:13:91:
                    01:e1:3c:1b:a0:8b:03:b1:97:fb:08:c8:a2:6b:61:
                    4c:45:36:f2:ac:b1:19:8b:41:18:11:63:ce:b6:90:
                    34:ad:f6:4a:b0:e0:01:2e:d8:56:80:6a:12:1e:94:
                    ee:a6:c5:5d:6e:d7:37:f2:e6:5a:5d:14:64:cd:8b:
                    42:5b:38:18:72:9e:62:4c:72:9e:df:fc:90:c5:2f:
                    bd:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                DC:FC:21:C7:A1:2F:F8:1F:F7:94:9A:A7:13:53:81:48:D5:0F:69:59
            X509v3 Authority Key Identifier: 
                keyid:DC:FC:21:C7:A1:2F:F8:1F:F7:94:9A:A7:13:53:81:48:D5:0F:69:59

            X509v3 Basic Constraints: 
                CA:TRUE
    Signature Algorithm: sha256WithRSAEncryption
         c8:cb:9e:75:33:d7:18:27:f5:c6:d7:aa:c2:c2:bf:ff:0f:5f:
         1a:71:01:ab:6b:d7:7a:43:0c:c0:26:bd:8e:0d:bc:d1:14:f1:
         d0:8d:fa:db:5c:b8:e7:c5:2c:4e:7f:41:c4:45:c6:de:66:f7:
         27:b8:b8:75:a7:b7:a7:3d:40:27:6e:2e:69:82:d2:4a:b3:40:
         7c:b2:e3:ba:7a:a8:62:f6:04:85:7c:4d:e4:71:45:c5:24:d7:
         0e:34:f7:49:f8:60:77:6f:6e:41:78:ba:c2:a9:2b:de:f9:fb:
         45:31:8b:de:d9:11:8d:a6:c9:58:1f:9b:2d:55:01:a2:db:02:
         eb:b7:be:3d:42:9c:bf:76:3b:b4:3c:b2:58:64:89:97:e2:c1:
         05:87:65:ab:61:61:8f:23:e5:07:93:6c:9a:d1:79:90:2d:dd:
         c1:e2:f4:c9:3c:fb:89:80:96:f6:4f:6e:94:24:59:2b:65:b2:
         02:ac:be:58:c3:5f:97:7e:86:d3:39:41:af:32:1f:d8:8d:cc:
         14:df:1a:8f:be:9c:d7:23:da:b8:01:e9:4a:d5:d8:0a:0f:1c:
         04:fe:7f:c0:a1:73:51:89:a0:5d:51:10:b7:07:1f:2f:df:59:
         2a:ea:b7:4d:b0:41:d6:79:11:d0:e8:ec:69:78:e3:ba:d4:4c:
         dc:14:20:a6

Centos6创建申请证书

创建私钥;
[root@centos6 ~]#(umask 066;openssl genrsa -out /app/service.key 4096)
Generating RSA private key, 4096 bit long modulus
..............++
.....................................................................................................................................++
e is 65537 (0x10001)
[root@centos6 ~]#ll /app/service.key 
-rw-------. 1 root root 3247 Jul 16 13:29 /app/service.key
生成申请证书文件;
[root@centos6 ~]#openssl req -new -key /app/service.key  -out /app/service.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:henan
Locality Name (eg, city) [Default City]:zhengzhou
Organization Name (eg, company) [Default Company Ltd]:magedu
Organizational Unit Name (eg, section) []:beiguo
Common Name (eg, your name or your server's hostname) []:*.magedu.com          
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

[root@centos6 ~]#cat /app/service.csr
-----BEGIN CERTIFICATE REQUEST-----
MIIErzCCApcCAQAwajELMAkGA1UEBhMCQ04xDjAMBgNVBAgMBWhlbmFuMRIwEAYD
VQQHDAl6aGVuZ3pob3UxDzANBgNVBAoMBm1hZ2VkdTEPMA0GA1UECwwGYmVpZ3Vv
MRUwEwYDVQQDDAwqLm1hZ2VkdS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
ggIKAoICAQDABpF263GHabqAJLUdVC+wV1JD+aIJ91jyjAw2RnicPv8SpJ6dVsDY
+V+5hV5c93VwOKC5Xe3ZjSnRfo41OY7dXaOau6rD/oShiWCpyr3LOqM5sLRnQ9qb
v44ivrT/yvABvCZuis/IXvHZmmrH0QCABkmW70A6xoz4hBf3XX9/Y8AZFePplMQ1
3SKdCTzzX6sXrECkquDY9vcAgP4vbJ87/n3awU3ljhM/yd5TQ2kskzm9tWITL5Ae
gnd2FdPBHLYL7Op3qDHI1yRqAfkL/CNAEnuB5JbgDCcOq2fa8yKrRpQAYtCUC6Ze
1AKhCdfYbhsFKcfj9xAkb9EQZVs1HNhyzUrMHQM1+hSx1K30mwFMdKPsDCzTnjh0
Yx6GeZ8xbU7VqHH18kARVXfvNlHd809CK0TZJ+zWnPkZpFCyhdQS1McEs1q6+OTd
aAISvZTwvYQAZbUPJ9GnmZtcBTUtHmb8Qf6cLolYzS1I42X01TFmnHj9N1TP19CV
AR0XanIlFMq4IMXkWBuvLqIliAFnCupC2/yuyg3NUlzPsMiqD/5N1IcPceXiyHHj
wZCFjycVBcKcw39aqq6Yz7erTUR81q5sraBZjVWuA52Jb8LEA8/Oe3W6q23hyB2J
01AZcFe5ah7PWkz687z9X03z4O+BKTJRFkySWkR+Ue3FKkwVD4TrfwIDAQABoAAw
DQYJKoZIhvcNAQEFBQADggIBALy3aIT/eMytX5OoLWt+qFlovEL8WovmqmuVOdiI
hoku+4RJKdeRUQdjs0IY1fWR3U+iulHi8H7EZJb0j6EbAI7CfKGDUi0Y3JAtDkFV
ruCf3e/bXiizSvl07UpclmQLmTkfAVMUUFfvaKbdoLzeRlABt7dc144B3oXfatvX
ftYdg1n47zs+26UrZyXVyHF5/elJcd35reQQZrHaXzyhWPx3FqqZK/mxeR9i3tQY
EtV8JipROolp9d0ae8NHqfmdF2fPbQPfvYiFC+WRwlEHX/Rc590bVvagzgtpp5LP
EgFHMtIuVRMZQlK4WHIp5CUpMFBOq5W9q51VbBoZwS/peIixXUm75+2xLm2oe+pG
iAXUophja0wl/9S6dYBsiuFkVF41V8CzG1dJruKbr+OtZKL3x3bkb9nlYxcOAh+t
KMQb3+GKyprLXEhYaDWAdGbhwKev7uXQ9i3WuZHTgwFnqmz+iwQSWZMHr9AMhzX1
V/Ds6cpUqTZOXoIdTMxipkT5pPygYTnnvHwsqz6GgT0CcLM7Tod8c+RdXlMXFnFa
nt5Oj0qKojswdvWtiU5Si9gmi/drmamgV0gBy/o/NrPbS6izAmTKTuwTgL/dxPTO
djBMxM8frF5ZLMD6pZDzvdoDZgdxue++o7Yu16p+IW8TGW/WhMxB6e1ptbxc9hjT
pt01
-----END CERTIFICATE REQUEST-----
传送到Centos7;
[root@centos6 ~]#scp /app/service.csr   192.168.239.131:/etc/pki/CA/
root@192.168.239.131's password: 
Permission denied, please try again.
root@192.168.239.131's password: 
Permission denied, please try again.
root@192.168.239.131's password: 
service.csr                                                                            100% 1700     1.7KB/s   00:00  

Centos7颁发证书及审核;

[root@centos7 CA]#ls
cacert.pem  certs  crl  index.txt  newcerts  private  serial  service.csr  -text
[root@centos7 CA]#mkdir csr ----------创建文件夹,审核文件集中放置;
[root@centos7 CA]#mv service.csr ./csr
[root@centos7 CA]#ls
cacert.pem  crl  index.txt  private  -text
certs       csr  newcerts   serial
[root@centos7 CA]#tree
.
├── cacert.pem
├── certs
├── crl
├── csr
│   └── service.csr
├── index.txt
├── newcerts
├── private
│   └── cakey.pem
├── serial
[root@centos7 CA]#openssl ca -in /etc/pki/CA/csr/service.csr  -out /etc/pki/CA/certs/service.crt -days 100
Using configuration from /etc/pki/tls/openssl.cnf
unable to load number from /etc/pki/CA/serial
error while loading serial number
140193415731104:error:0D066096:asn1 encoding routines:a2i_ASN1_INTEGER:short line:f_int.c:215:
[root@centos7 CA]#cat /etc/pki/CA/serial
[root@centos7 CA]#echo 01 > /etc/pki/CA/serial
----/etc/pki/CA/serial 编号为二位数;
[root@centos7 CA]#openssl ca -in /etc/pki/CA/csr/service.csr  -out /etc/pki/CA/certs/service.crt -days 100
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Jul 17 13:37:38 2017 GMT
            Not After : Oct 25 13:37:38 2017 GMT
        Subject:
            countryName               = CN
            stateOrProvinceName       = henan
            organizationName          = magedu
            organizationalUnitName    = beiguo
            commonName                = *.magedu.com
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                76:03:DB:66:CA:C2:F7:36:0A:A8:CA:8E:EA:06:EB:CE:50:23:C9:15
            X509v3 Authority Key Identifier: 
                keyid:DC:FC:21:C7:A1:2F:F8:1F:F7:94:9A:A7:13:53:81:48:D5:0F:69:59

Certificate is to be certified until Oct 25 13:37:38 2017 GMT (100 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@centos7 CA]#tree
.
├── cacert.pem
├── certs
│   └── service.crt
├── crl
├── csr
│   └── service.csr
├── index.txt
├── index.txt.attr
├── index.txt.old
├── newcerts
│   └── 01.pem
├── private
│   └── cakey.pem
├── serial
├── serial.old
[root@centos7 CA]#ll certs/service.crt newcerts/01.pem
-rw-r--r--. 1 root root 5928 Jul 17 21:37 certs/service.crt
-rw-r--r--. 1 root root 5928 Jul 17 21:37 newcerts/01.pem
[root@centos7 CA]#cat serial
02
[root@centos7 CA]#cat index.txt
V       171025133738Z           01      unknown /C=CN/ST=henan/O=magedu/OU=beiguo/CN=*.magedu.com

查看审核完成后生成的证书;
#openssl x509 -in certs/service.crt -noout -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=CN, ST=henan, L=zhengzhou, O=magedu, OU=m24, CN=ca.magedu.com
        Validity
            Not Before: Jul 17 13:37:38 2017 GMT
            Not After : Oct 25 13:37:38 2017 GMT
        Subject: C=CN, ST=henan, O=magedu, OU=beiguo, CN=*.magedu.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:c0:06:91:76:eb:71:87:69:ba:80:24:b5:1d:54:
                    2f:b0:57:52:43:f9:a2:09:f7:58:f2:8c:0c:36:46:
                    78:9c:3e:ff:12:a4:9e:9d:56:c0:d8:f9:5f:b9:85:
                    5e:5c:f7:75:70:38:a0:b9:5d:ed:d9:8d:29:d1:7e:
                    8e:35:39:8e:dd:5d:a3:9a:bb:aa:c3:fe:84:a1:89:
                    60:a9:ca:bd:cb:3a:a3:39:b0:b4:67:43:da:9b:bf:
                    8e:22:be:b4:ff:ca:f0:01:bc:26:6e:8a:cf:c8:5e:
                    f1:d9:9a:6a:c7:d1:00:80:06:49:96:ef:40:3a:c6:
                    8c:f8:84:17:f7:5d:7f:7f:63:c0:19:15:e3:e9:94:
                    c4:35:dd:22:9d:09:3c:f3:5f:ab:17:ac:40:a4:aa:
                    e0:d8:f6:f7:00:80:fe:2f:6c:9f:3b:fe:7d:da:c1:
                    4d:e5:8e:13:3f:c9:de:53:43:69:2c:93:39:bd:b5:
                    62:13:2f:90:1e:82:77:76:15:d3:c1:1c:b6:0b:ec:
                    ea:77:a8:31:c8:d7:24:6a:01:f9:0b:fc:23:40:12:
                    7b:81:e4:96:e0:0c:27:0e:ab:67:da:f3:22:ab:46:
                    94:00:62:d0:94:0b:a6:5e:d4:02:a1:09:d7:d8:6e:
                    1b:05:29:c7:e3:f7:10:24:6f:d1:10:65:5b:35:1c:
                    d8:72:cd:4a:cc:1d:03:35:fa:14:b1:d4:ad:f4:9b:
                    01:4c:74:a3:ec:0c:2c:d3:9e:38:74:63:1e:86:79:
                    9f:31:6d:4e:d5:a8:71:f5:f2:40:11:55:77:ef:36:
                    51:dd:f3:4f:42:2b:44:d9:27:ec:d6:9c:f9:19:a4:
                    50:b2:85:d4:12:d4:c7:04:b3:5a:ba:f8:e4:dd:68:
                    02:12:bd:94:f0:bd:84:00:65:b5:0f:27:d1:a7:99:
                    9b:5c:05:35:2d:1e:66:fc:41:fe:9c:2e:89:58:cd:
                    2d:48:e3:65:f4:d5:31:66:9c:78:fd:37:54:cf:d7:
                    d0:95:01:1d:17:6a:72:25:14:ca:b8:20:c5:e4:58:
                    1b:af:2e:a2:25:88:01:67:0a:ea:42:db:fc:ae:ca:
                    0d:cd:52:5c:cf:b0:c8:aa:0f:fe:4d:d4:87:0f:71:
                    e5:e2:c8:71:e3:c1:90:85:8f:27:15:05:c2:9c:c3:
                    7f:5a:aa:ae:98:cf:b7:ab:4d:44:7c:d6:ae:6c:ad:
                    a0:59:8d:55:ae:03:9d:89:6f:c2:c4:03:cf:ce:7b:
                    75:ba:ab:6d:e1:c8:1d:89:d3:50:19:70:57:b9:6a:
                    1e:cf:5a:4c:fa:f3:bc:fd:5f:4d:f3:e0:ef:81:29:
                    32:51:16:4c:92:5a:44:7e:51:ed:c5:2a:4c:15:0f:
                    84:eb:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                76:03:DB:66:CA:C2:F7:36:0A:A8:CA:8E:EA:06:EB:CE:50:23:C9:15
            X509v3 Authority Key Identifier: 
                keyid:DC:FC:21:C7:A1:2F:F8:1F:F7:94:9A:A7:13:53:81:48:D5:0F:69:59

    Signature Algorithm: sha256WithRSAEncryption
         ca:19:1e:c3:71:9e:c2:22:5d:c9:65:7b:92:d5:c8:d9:5f:56:
         64:74:5c:b5:e4:c7:ec:23:9a:1f:2a:92:20:e7:ca:39:80:f1:
         cd:fc:5a:00:f2:79:75:49:a4:0a:fd:ec:82:36:b6:60:63:69:
         9b:ac:5b:71:39:d3:88:8f:ae:73:de:ff:59:25:7b:89:ee:30:
         76:90:46:64:62:67:d5:38:25:9a:08:df:67:e9:53:55:3a:e5:
         8b:28:c5:97:44:c1:11:6d:cb:c6:39:2d:27:6c:75:f5:d4:cc:
         db:26:a9:df:38:34:0f:ab:c1:c9:15:08:e9:22:e0:cc:de:33:
         ac:03:42:f7:2e:fe:b5:64:11:d5:45:c7:11:d5:ae:a6:86:6e:
         be:a9:bb:82:2e:fb:f0:16:e6:82:36:5e:8a:99:e6:ce:53:f0:
         8b:9f:d3:9a:44:75:e6:a9:2a:04:2e:3a:3a:a6:eb:2e:a1:b8:
         a7:44:69:1c:1d:f8:59:46:e3:85:7a:2a:0c:fc:9f:39:83:89:
         44:62:f8:b1:76:36:7f:73:d9:ae:9f:96:ab:4a:6d:a9:68:19:
         fe:e1:47:cf:2d:f3:74:21:97:0e:52:d1:fd:e1:4b:61:35:96:
         59:2e:09:8c:ac:e5:3f:f1:15:90:66:4f:0a:16:87:06:53:62:
         ef:5d:8a:bb
 将证书发送到Centos6;
[root@centos7 CA]#scp certs/service.crt   192.168.239.141:/app
root@192.168.239.141's password: 
service.crt           100% 5928     5.8KB/s   00:00 
最后编辑于
©著作权归作者所有,转载或内容合作请联系作者
  • 序言:七十年代末,一起剥皮案震惊了整个滨河市,随后出现的几起案子,更是在滨河造成了极大的恐慌,老刑警刘岩,带你破解...
    沈念sama阅读 201,468评论 5 473
  • 序言:滨河连续发生了三起死亡事件,死亡现场离奇诡异,居然都是意外死亡,警方通过查阅死者的电脑和手机,发现死者居然都...
    沈念sama阅读 84,620评论 2 377
  • 文/潘晓璐 我一进店门,熙熙楼的掌柜王于贵愁眉苦脸地迎上来,“玉大人,你说我怎么就摊上这事。” “怎么了?”我有些...
    开封第一讲书人阅读 148,427评论 0 334
  • 文/不坏的土叔 我叫张陵,是天一观的道长。 经常有香客问我,道长,这世上最难降的妖魔是什么? 我笑而不...
    开封第一讲书人阅读 54,160评论 1 272
  • 正文 为了忘掉前任,我火速办了婚礼,结果婚礼上,老公的妹妹穿的比我还像新娘。我一直安慰自己,他们只是感情好,可当我...
    茶点故事阅读 63,197评论 5 363
  • 文/花漫 我一把揭开白布。 她就那样静静地躺着,像睡着了一般。 火红的嫁衣衬着肌肤如雪。 梳的纹丝不乱的头发上,一...
    开封第一讲书人阅读 48,334评论 1 281
  • 那天,我揣着相机与录音,去河边找鬼。 笑死,一个胖子当着我的面吹牛,可吹牛的内容都是我干的。 我是一名探鬼主播,决...
    沈念sama阅读 37,775评论 3 393
  • 文/苍兰香墨 我猛地睁开眼,长吁一口气:“原来是场噩梦啊……” “哼!你这毒妇竟也来了?” 一声冷哼从身侧响起,我...
    开封第一讲书人阅读 36,444评论 0 256
  • 序言:老挝万荣一对情侣失踪,失踪者是张志新(化名)和其女友刘颖,没想到半个月后,有当地人在树林里发现了一具尸体,经...
    沈念sama阅读 40,628评论 1 295
  • 正文 独居荒郊野岭守林人离奇死亡,尸身上长有42处带血的脓包…… 初始之章·张勋 以下内容为张勋视角 年9月15日...
    茶点故事阅读 35,459评论 2 317
  • 正文 我和宋清朗相恋三年,在试婚纱的时候发现自己被绿了。 大学时的朋友给我发了我未婚夫和他白月光在一起吃饭的照片。...
    茶点故事阅读 37,508评论 1 329
  • 序言:一个原本活蹦乱跳的男人离奇死亡,死状恐怖,灵堂内的尸体忽然破棺而出,到底是诈尸还是另有隐情,我是刑警宁泽,带...
    沈念sama阅读 33,210评论 3 318
  • 正文 年R本政府宣布,位于F岛的核电站,受9级特大地震影响,放射性物质发生泄漏。R本人自食恶果不足惜,却给世界环境...
    茶点故事阅读 38,767评论 3 303
  • 文/蒙蒙 一、第九天 我趴在偏房一处隐蔽的房顶上张望。 院中可真热闹,春花似锦、人声如沸。这庄子的主人今日做“春日...
    开封第一讲书人阅读 29,850评论 0 19
  • 文/苍兰香墨 我抬头看了看天上的太阳。三九已至,却和暖如春,着一层夹袄步出监牢的瞬间,已是汗流浃背。 一阵脚步声响...
    开封第一讲书人阅读 31,076评论 1 258
  • 我被黑心中介骗来泰国打工, 没想到刚下飞机就差点儿被人妖公主榨干…… 1. 我叫王不留,地道东北人。 一个月前我还...
    沈念sama阅读 42,627评论 2 348
  • 正文 我出身青楼,却偏偏与公主长得像,于是被迫代替她去往敌国和亲。 传闻我的和亲对象是个残疾皇子,可洞房花烛夜当晚...
    茶点故事阅读 42,196评论 2 341

推荐阅读更多精彩内容

  • 搭建CA和申请证书 相关参考配置文件:/etc/pki/tls/openssl.cnf 需要用到的参考目录 注意事...
    素瑾汐阅读 321评论 0 1
  • 创建私有CA 步骤一:配置openssl的文件:/etc/pki/tls/openssl.cnf,有三种策略:匹配...
    lijincheng阅读 1,603评论 0 0
  • 1 概述 本文之所以称之为半自动化,是因为证书的申请并非日常工作,只是一段时间才需要申请,同时,在创建证书和办法证...
    ghbsunny阅读 2,130评论 0 1
  • 静静地想了想这几天看过的电影,杂乱,今天就说一说看的《人类消除计划3》吧~唠唠嗑~ 这个系列讲述的是每年的7.18...
    情怀卷毛阅读 252评论 0 0
  • 定义 顾名思义,指针函数即返回指针的函数。其一般定义形式如下: 其中,后缀运算符括号“()”表示这是一个函数,其前...
    金约21依代阅读 435评论 0 1