本文发表在 rolia.net 枫下论坛Redhat Enterprise Linux 4, sunone/iplanet6.1, (1)(2)(3)都通过了,(2)verify self-CA的结果在最后,但(4)出错,谢谢指点
(1) create a self-CA
cd /usr/sunwebsvr/alias
/usr/sunwebsvr/bin/https/admin/bin/certutil -S -s "CN=selfca" -n selfca -x -t "C,C,C" -1 -2 -5 -m 1234 -d /usr/sunwebsvr/alias -P https-rhel4a-rhel4a-
(2) verify self-CA
bash-3.00$ /usr/sunwebsvr/bin/https/admin/bin/certutil -L -n selfca -d /usr/sunwebsvr/alias -P https-rhel4a-rhel4a-
(3) create a CSR
/usr/sunwebsvr/bin/https/admin/bin/certutil -R -s "CN=sunone" -o sunone.req -d /usr/sunwebsvr/alias -P https-rhel4a-rhel4a-
(4) self-CA issue sign above CSR
/usr/sunwebsvr/bin/https/admin/bin/certutil -C -m 2345 -i sunone.req -o sunone.crt -c selfca -d /usr/sunwebsvr/alias -P https-rhel4a-rhel4a-
出错
certutil: unable to find issuer with nickname selfca: Certificate extension notfound.
(2)的结果
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1234 (0x4d2)
Signature Algorithm: PKCS #1 MD5 With RSA Encryption
Issuer: CN=selfca
Validity:
Not Before: Thu May 07 18:38:49 2009
Not After: Fri Aug 07 18:38:49 2009
Subject: CN=selfca
Subject Public Key Info:
Public Key Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
00:c1:32:36:0a:f3:1c:79:5a:69:3d:6e:c0:9b:d5:
d6:c0:47:5e:d6:d1:a6:ce:2b:ea:f7:8e:51:36:5f:
dc:59:7c:02:a5:df:cc:0c:83:d8:34:7e:53:9f:e2:
ce:02:69:3c:33:32:ab:8e:fc:a1:7e:0b:71:97:27:
78:4a:d5:81:79:05:1c:04:66:f3:22:f7:a7:8b:cd:
d6:62:56:72:f5:8d:d5:c8:4c:bb:6c:01:e7:48:92:
a4:dc:ad:1a:2f:04:54:f8:c5:27:3a:54:d0:d7:6f:
97:79:7a:a3:f4:1b:d4:8d:8d:2c:5f:b2:3d:99:b8:
1f:f2:ae:e0:0f:08:87:82:7f
Exponent: 65537 (0x10001)
Signed Extensions:
Name:
Certificate Type
Critical:
True
Data: none
Name:
Certificate Basic Constraints
Critical:
True
Data: Is a CA with a maximum path length of -2.
Name:
Certificate Key Usage
Critical:
True
Data:
03:02:02:04
Fingerprint (MD5):
D4:1D:8C:D9:8F:00:B2:04:E9:80:09:98:EC:F8:42:7E
Fingerprint (SHA1):
DA:39:A3:EE:5E:6B:4B:0D:32:55:BF:EF:95:60:18:90:AF:D8:07:09
Signature Algorithm: PKCS #1 MD5 With RSA Encryption
Signature:
22:83:df:94:a2:4e:91:e0:3d:80:64:9e:84:10:fd:35:60:25:
42:9e:69:8f:a9:34:ad:30:1b:a0:48:07:28:63:29:03:a7:c3:
8d:ad:bf:a5:31:ad:e5:2b:e7:1d:e2:99:de:92:92:76:c2:d3:
80:b4:4e:64:98:63:e8:fd:b4:9d:71:e8:ea:23:a9:0a:c3:fd:
c8:9b:2b:e7:41:38:22:71:45:4f:4c:d6:72:03:d1:bd:28:f9:
71:ed:4b:35:97:90:9a:9f:a4:65:09:5c:04:cb:95:f0:51:70:
32:a3:a9:b2:fc:13:10:f0:a4:d1:bb:9e:63:6a:0f:2f:1d:53:
e3:8d
Certificate Trust Flags:
SSL Flags:
Valid CA
Trusted CA
Email Flags:
Valid CA
Trusted CA
Object Signing Flags:
Valid CA
Trusted CA更多精彩文章及讨论,请光临枫下论坛 rolia.net
(1) create a self-CA
cd /usr/sunwebsvr/alias
/usr/sunwebsvr/bin/https/admin/bin/certutil -S -s "CN=selfca" -n selfca -x -t "C,C,C" -1 -2 -5 -m 1234 -d /usr/sunwebsvr/alias -P https-rhel4a-rhel4a-
(2) verify self-CA
bash-3.00$ /usr/sunwebsvr/bin/https/admin/bin/certutil -L -n selfca -d /usr/sunwebsvr/alias -P https-rhel4a-rhel4a-
(3) create a CSR
/usr/sunwebsvr/bin/https/admin/bin/certutil -R -s "CN=sunone" -o sunone.req -d /usr/sunwebsvr/alias -P https-rhel4a-rhel4a-
(4) self-CA issue sign above CSR
/usr/sunwebsvr/bin/https/admin/bin/certutil -C -m 2345 -i sunone.req -o sunone.crt -c selfca -d /usr/sunwebsvr/alias -P https-rhel4a-rhel4a-
出错
certutil: unable to find issuer with nickname selfca: Certificate extension notfound.
(2)的结果
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1234 (0x4d2)
Signature Algorithm: PKCS #1 MD5 With RSA Encryption
Issuer: CN=selfca
Validity:
Not Before: Thu May 07 18:38:49 2009
Not After: Fri Aug 07 18:38:49 2009
Subject: CN=selfca
Subject Public Key Info:
Public Key Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
00:c1:32:36:0a:f3:1c:79:5a:69:3d:6e:c0:9b:d5:
d6:c0:47:5e:d6:d1:a6:ce:2b:ea:f7:8e:51:36:5f:
dc:59:7c:02:a5:df:cc:0c:83:d8:34:7e:53:9f:e2:
ce:02:69:3c:33:32:ab:8e:fc:a1:7e:0b:71:97:27:
78:4a:d5:81:79:05:1c:04:66:f3:22:f7:a7:8b:cd:
d6:62:56:72:f5:8d:d5:c8:4c:bb:6c:01:e7:48:92:
a4:dc:ad:1a:2f:04:54:f8:c5:27:3a:54:d0:d7:6f:
97:79:7a:a3:f4:1b:d4:8d:8d:2c:5f:b2:3d:99:b8:
1f:f2:ae:e0:0f:08:87:82:7f
Exponent: 65537 (0x10001)
Signed Extensions:
Name:
Certificate Type
Critical:
True
Data: none
Name:
Certificate Basic Constraints
Critical:
True
Data: Is a CA with a maximum path length of -2.
Name:
Certificate Key Usage
Critical:
True
Data:
03:02:02:04
Fingerprint (MD5):
D4:1D:8C:D9:8F:00:B2:04:E9:80:09:98:EC:F8:42:7E
Fingerprint (SHA1):
DA:39:A3:EE:5E:6B:4B:0D:32:55:BF:EF:95:60:18:90:AF:D8:07:09
Signature Algorithm: PKCS #1 MD5 With RSA Encryption
Signature:
22:83:df:94:a2:4e:91:e0:3d:80:64:9e:84:10:fd:35:60:25:
42:9e:69:8f:a9:34:ad:30:1b:a0:48:07:28:63:29:03:a7:c3:
8d:ad:bf:a5:31:ad:e5:2b:e7:1d:e2:99:de:92:92:76:c2:d3:
80:b4:4e:64:98:63:e8:fd:b4:9d:71:e8:ea:23:a9:0a:c3:fd:
c8:9b:2b:e7:41:38:22:71:45:4f:4c:d6:72:03:d1:bd:28:f9:
71:ed:4b:35:97:90:9a:9f:a4:65:09:5c:04:cb:95:f0:51:70:
32:a3:a9:b2:fc:13:10:f0:a4:d1:bb:9e:63:6a:0f:2f:1d:53:
e3:8d
Certificate Trust Flags:
SSL Flags:
Valid CA
Trusted CA
Email Flags:
Valid CA
Trusted CA
Object Signing Flags:
Valid CA
Trusted CA更多精彩文章及讨论,请光临枫下论坛 rolia.net