Apache-ssl Web Server 申请证书流程

SHECA 数字证书--网络因此更真实Apache-ssl Web Server 申请证书流程一 生成key 文件随机选硬盘上三个文件randfile1-----randfile3ssleay ge

SHECA 数字证书--网络因此更真实

Apache-ssl Web Server 申请证书流程一 生成key 文件

随机选硬盘上三个文件randfile1-----randfile3

ssleay genrsa –des3 –rand randfile1:randfile2:randfile3 1024 > servername.key这将生成1024 bit RSA key pair 并存入文件servername.key(servername 你要申请证书的服务器名) 请牢记生成时的密码并备份servername.key, 将其放在安全的地方如果忘记密码或文件丢失您要重新申请证书

二 生成请求文件CSR

ssleay req –new –key servername.key –out servername.csr生成时请正确填入如下信息

Country code:

例如CN

State or province: 例如shanghai

Locality: 例如pudong

Organization:

例如sheca

Organizational unit: 例如operate

Common name: 例如 (与申请的服务器域名相同) 系统将生成请求文件servername.csr

-----BEGIN NEW CERTIFICATE REQUEST-----

MIIBJjCB0QIBADBsMQswCQYDVQQGEwJDSDELMAkGA1UECBMCc2gxCzAJBgNV BAcTAnNoMRcwFQYDVQQKHg5OCm13ThxluXU1icZT8DERMA8GA1UECx4IThyJxo 0ifs8xFzAVBgNVBAMTDmRvbmdzaGljYWlqaW5nMFwwDQYJKoZIhvcNAQEBBQAD SwAwSAJBAKax43NaCNTZk5dmgkgUne5IMpOVc/eZdvv6IOtNcWVx9umt7TQUJanFHKnLQEZdlBFPVemnckUcZ5eRq/SeEm0CAwEAAaAAMA0GCSqGSIb3DQEBBAUAA0EAfHcY8kAY51knSBuXn2kZ2NxeHp6wZGWp3jkHVXSO24XIvAWSrZzTFYd2kbrT86tY KANeCpUo2GX5gNJ04iwpsQ==

-----END NEW CERTIFICATE REQUEST-----

用notepad 将其存为servername.txt, 静候CA 的审批通过

三 安装证书

CA 审核通过后将一个包含root 和cert 证书的文件发送给申请人

This is Your Web Server Cert Pem Code

-----BEGIN CERTIFICATE-----

MIICNzCCAaCgAwIBAgICFiUwDQYJKoZIhvcNAQEEBQAwUTELMAkGA1UEBhMC Q04xMjAwBgNVBAoTKVNoYW5naGFpIEVsZWN0cm9uaWMgQ2VydGlmaWNhdGUg QXV0aG9yaXR5MQ4wDAYDVQQDEwVTSEVDQTAeFw05OTExMTIwMDAwMDBaF w0wMDAzMTEwODI3MDhaMIGFMQswCQYDVQQGEwJDTjEOMAwGA1UEChMFc2hlY2ExEjAQBgNVBAsTCW9wZXJhdGlvbjERMA8GA1UECBMIc2hhbmdoYWkxDjAM BgNVBAMTBXhpbnlpMQ8wDQYDVQQHEwZwdWRvbmcxHjAcBgkqhkiG9w0BCQEW D3hpbnlpQHNoZWNhLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCpBD5V al3K6hDwC4K7RZ5BvHNFi9n4smiTNlP5AiquSp/wgWTMTVHDOKUkjZnlg1G5ph9ifbgBu6U1/rSO0/DNAgMBAAGjLTArMAsGA1UdDwQEAwIFoDAJBgNVHRMEAjAAMBE中国协卡认证体系

SHECA 数字证书--网络因此更真实

GCWCGSAGG EIBAQQEAwIFYDANBgkqhkiG9w0BAQQFAAOBgQCTIbQsGmWmZcmBV IPEqZtAL3UXSiRTFkx0MtbwKAWxxwV4edpgmCHMrXjG39kbUcxyThCE M PRNBsScySaI3riS2LaqVMOIIVmNNtNbm9U2OwbIKLPC0hPt2iZrouIJEfSq1dsr3uBD siSI0X/7CRDOgsINMqAqLXaoS4wZWg==

-----END CERTIFICATE-----

This is Root Cert Pem Code

-----BEGIN CERTIFICATE-----

MIICNTCCAZ6gAwIBAgIBATANBgkqhkiG9w0BAQQFADBRMQswCQYDVQQGEwJD TjEyMDAGA1UEChMpU2hhbmdoYWkgRWxlY3Ryb25pYyBDZXJ0aWZpY2F0ZSBBdX Rob3JpdHkxDjAMBgNVBAMTBVNIRUNBMB4XDTk5MDEwMTAwMDAwMFoXDTAz MTIzMTIzNTk1OV owUTELMAkGA1UEBhMCQ04xMjAwBgNVBAoTKVNoYW5naGFp IEVsZWN0cm9uaWMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MQ4wDAYDVQQDEwV TSEVDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsEPg6J1OhvURYjTpk3n/E0pzjpPTAThyWSwY L wAlpSqKTQPMG6ADbFLvNJYDutnN3ikHRLf09g TIfCiYVcrbRakoIR4YbTZByVMMtiI4zPNiWuQhvWuEXgioMkpnv0fCeIRe0DuMZCptz3dtX1 /1wK dGYWCOPoMsZp pCMCAwEAAaMdMBswCwYDVR0PBAQDAgEGMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEACqHA LLwEuq3OfCHEW966a2QLfuN7KdC96d/JZXbp1sieoVMZHSrwPKgbdU0/hfl8Ldinbqme3a/UTiTXXF/RJqq9q/nEMfCMX9L58MKAfrfKKJUz1AUwBP dEfpmE6d4SJAm9oPZnIHxERv iwrURflsIdbGgphmntBLIBaIxo=

-----END CERTIFICATE-----

备份此文件将上部分用notepad 存为cert.txt (包含-----BEGIN CERTIFICATE-----到-----END CERTIFICATE-----)

将下部分用notepad 存为root.txt (包含-----BEGIN CERTIFICATE-----到-----END CERTIFICATE-----)

cp cert.txt /usr/local/ssl/certs/cert.txt

cp root.txt /usr/local/ssl/certs/root.txt

cp servername.key /usr/local/ssl/certs/servername.key

修改httpsd 文件

SSLCertificatekeyFile /usr/local/ssl/certs/servername.key

SSLCACertificateFile /usr/local/ssl/certs/root.txt

SSLCertificateFile /usr/local/ssl/certs/cert.txt

四 重起server

想了解更多的server 配置请访问 http://www.apache-ssl.org

中国协卡认证体系