Bouthors.fr » Linux » OpenSSL
Piste:
Afficher la pageAnciennes révisionsGestionnaire de médias
Derniers changementsIndex

Menu

Index

Différences

Cette page vous donne les différences entre la révision choisie et la version actuelle de la page.

Lien vers cette vue

linux:openssl [2011/01/11 22:34]
matthieu [Générer un certificat auto signé] 		linux:openssl [2011/01/11 22:39] (Version actuelle)
matthieu [Génération d'un ceritificat autosigné]
Ligne 28: Ligne 28:
 Exemple : Exemple :
 <code> <code>
-bender:/etc/ssl/demo# openssl genrsa -out newkey.key 1024+:/etc/ssl/demo# openssl genrsa -out newkey.key 1024
 Generating RSA private key, 1024 bit long modulus Generating RSA private key, 1024 bit long modulus
 .......................++++++ .......................++++++
 .............................................++++++ .............................................++++++
 e is 65537 (0x10001) e is 65537 (0x10001)
-bender:/etc/ssl/demo# chmod 700 newkey.key +:/etc/ssl/demo# chmod 700 newkey.key 
-bender:/etc/ssl/demo# l+:/etc/ssl/demo# l
 total 4 total 4
 -rwx------ 1 root root 891 2007-12-09 22:05 newkey.key -rwx------ 1 root root 891 2007-12-09 22:05 newkey.key
-bender:/etc/ssl/demo#+:/etc/ssl/demo#
 </code> </code>
  
  
-==== Génération d'un ceritificat autosigné ====+==== Génération d'un certificat auto-signé ====
 Commande : Commande :
   openssl req -new -x509 -days 365 -key newkey.key -out newcert.crt   openssl req -new -x509 -days 365 -key newkey.key -out newcert.crt
Ligne 47: Ligne 47:
 Exemple : Exemple :
 <code> <code>
-bender:/etc/ssl/demo# openssl req -new -x509 -days 365 -key newkey.key -out newcert.crt+:/etc/ssl/demo# openssl req -new -x509 -days 365 -key newkey.key -out newcert.crt
 You are about to be asked to enter information that will be incorporated You are about to be asked to enter information that will be incorporated
 into your certificate request. into your certificate request.
Ligne 62: Ligne 62:
 Common Name (eg, YOUR name) []:demo.bouthors.fr Common Name (eg, YOUR name) []:demo.bouthors.fr
 Email Address [matthieu@bouthors.fr]: Email Address [matthieu@bouthors.fr]:
-bender:/etc/ssl/demo#+:/etc/ssl/demo#
 </code> </code>
  
Ligne 76: Ligne 76:
 Exemple : Exemple :
 <code> <code>
-bender:/etc/ssl/demo# openssl genrsa -out newkey.key 1024+:/etc/ssl/demo# openssl genrsa -out newkey.key 1024
 Generating RSA private key, 1024 bit long modulus Generating RSA private key, 1024 bit long modulus
 .......................++++++ .......................++++++
 .............................................++++++ .............................................++++++
 e is 65537 (0x10001) e is 65537 (0x10001)
-bender:/etc/ssl/demo# chmod 700 newkey.key +:/etc/ssl/demo# chmod 700 newkey.key 
-bender:/etc/ssl/demo# l+:/etc/ssl/demo# l
 total 4 total 4
 -rwx------ 1 root root 891 2007-12-09 22:05 newkey.key -rwx------ 1 root root 891 2007-12-09 22:05 newkey.key
-bender:/etc/ssl/demo#+:/etc/ssl/demo#
 </code> </code>
  
Ligne 97: Ligne 97:
 Exemple : Exemple :
 <code> <code>
-bender:/etc/ssl/demo# openssl req -new -key newkey.key -out newcsr.csr+:/etc/ssl/demo# openssl req -new -key newkey.key -out newcsr.csr
 You are about to be asked to enter information that will be incorporated You are about to be asked to enter information that will be incorporated
 into your certificate request. into your certificate request.
Ligne 117: Ligne 117:
 A challenge password []: A challenge password []:
 An optional company name []: An optional company name []:
-bender:/etc/ssl/demo#+:/etc/ssl/demo#
 </code> </code>
  
Ligne 130: Ligne 130:
 Exemple : Exemple :
 <code> <code>
-bender:/etc/ssl/demo# openssl x509 -req -days 3653 -in newcsr.csr -CA demoCA.crt -CAkey demoCA.key -CAserial caserial.srl -CAcreateserial -out newcrt.crt+:/etc/ssl/demo# openssl x509 -req -days 3653 -in newcsr.csr -CA demoCA.crt -CAkey demoCA.key -CAserial caserial.srl -CAcreateserial -out newcrt.crt
 Signature ok Signature ok
 subject=/C=FR/ST=France/O=Matthieu Bouthors/CN=demo.bouthors.fr/emailAddress=matthieu@bouthors.fr subject=/C=FR/ST=France/O=Matthieu Bouthors/CN=demo.bouthors.fr/emailAddress=matthieu@bouthors.fr
 Getting CA Private Key Getting CA Private Key
-bender:/etc/ssl/demo# openssl x509 -in newcrt.crt -text -noout+:/etc/ssl/demo# openssl x509 -in newcrt.crt -text -noout
 Certificate: Certificate:
     Data:     Data:
Ligne 169: Ligne 169:
         d0:a0:bb:23:ea:a6:71:79:3f:49:32:6f:00:b8:c8:8a:47:88:         d0:a0:bb:23:ea:a6:71:79:3f:49:32:6f:00:b8:c8:8a:47:88:
         25:43         25:43
-bender:/etc/ssl/demo#+:/etc/ssl/demo#
 </code> </code>
  
Ligne 183: Ligne 183:
 Exemple de résultat : Exemple de résultat :
 <code> <code>
-bender:/etc/ssl/demo# openssl x509 -in newcert.crt -text -noout+:/etc/ssl/demo# openssl x509 -in newcert.crt -text -noout
 Certificate: Certificate:
     Data:     Data:
Ligne 228: Ligne 228:
         54:16:84:9b:0b:ba:1e:4f:6c:3a:46:2d:e7:50:77:b4:41:d6:         54:16:84:9b:0b:ba:1e:4f:6c:3a:46:2d:e7:50:77:b4:41:d6:
         c3:9d         c3:9d
-bender:/etc/ssl/demo#+:/etc/ssl/demo#
 </code> </code>
  
Ligne 238: Ligne 238:
 Exemple : Exemple :
 <code> <code>
-bender:/etc/ssl/ca_bouthors.fr/csr# openssl req -in www.bouthors.fr.csr -text -noout+:/etc/ssl/ca_bouthors.fr/csr# openssl req -in www.bouthors.fr.csr -text -noout
 Certificate Request: Certificate Request:
     Data:     Data:
Ligne 268: Ligne 268:
         9b:ae:22:f4:6a:24:3f:4d:c2:ff:f3:57:15:89:6d:2d:ee:7f:         9b:ae:22:f4:6a:24:3f:4d:c2:ff:f3:57:15:89:6d:2d:ee:7f:
         f8:b5         f8:b5
-bender:/etc/ssl/ca_bouthors.fr/csr#+:/etc/ssl/ca_bouthors.fr/csr#
 </code> </code>
  
Ligne 500: Ligne 500:
  
 <code> <code>
-bender:/etc/ssl# mkdir ca_bouthors.fr +:/etc/ssl# mkdir ca_bouthors.fr 
-bender:/etc/ssl# cd ca_bouthors.fr +:/etc/ssl# cd ca_bouthors.fr 
-bender:/etc/ssl/ca_bouthors.fr# mkdir certs +:/etc/ssl/ca_bouthors.fr# mkdir certs 
-bender:/etc/ssl/ca_bouthors.fr# mkdir crl +:/etc/ssl/ca_bouthors.fr# mkdir crl 
-bender:/etc/ssl/ca_bouthors.fr# touch index.txt +:/etc/ssl/ca_bouthors.fr# touch index.txt 
-bender:/etc/ssl/ca_bouthors.fr# mkdir newcerts +:/etc/ssl/ca_bouthors.fr# mkdir newcerts 
-bender:/etc/ssl/ca_bouthors.fr# echo "01" > serial +:/etc/ssl/ca_bouthors.fr# echo "01" > serial 
-bender:/etc/ssl/ca_bouthors.fr# echo "01" > crlnumber +:/etc/ssl/ca_bouthors.fr# echo "01" > crlnumber 
-bender:/etc/ssl/ca_bouthors.fr# mkdir private +:/etc/ssl/ca_bouthors.fr# mkdir private 
-bender:/etc/ssl/ca_bouthors.fr# chmod 700 private/ +:/etc/ssl/ca_bouthors.fr# chmod 700 private/ 
-bender:/etc/ssl/ca_bouthors.fr# l+:/etc/ssl/ca_bouthors.fr# l
 total 24 total 24
 drwxr-xr-x 2 root root 4096 2007-12-09 21:54 certs drwxr-xr-x 2 root root 4096 2007-12-09 21:54 certs
Ligne 519: Ligne 519:
 drwx------ 2 root root 4096 2007-12-09 21:55 private drwx------ 2 root root 4096 2007-12-09 21:55 private
 -rw-r--r-- 1 root root    3 2007-12-09 21:55 serial -rw-r--r-- 1 root root    3 2007-12-09 21:55 serial
-bender:/etc/ssl/ca_bouthors.fr#+:/etc/ssl/ca_bouthors.fr#
 </code> </code>
  
Ligne 527: Ligne 527:
  
 <code> <code>
-bender:/etc/ssl/ca_bouthors.fr# cd private/ +:/etc/ssl/ca_bouthors.fr# cd private/ 
-bender:/etc/ssl/ca_bouthors.fr/private# openssl genrsa -out cakey.pem 1024+:/etc/ssl/ca_bouthors.fr/private# openssl genrsa -out cakey.pem 1024
 Generating RSA private key, 1024 bit long modulus Generating RSA private key, 1024 bit long modulus
 .......................................................++++++ .......................................................++++++
 ........++++++ ........++++++
 e is 65537 (0x10001) e is 65537 (0x10001)
-bender:/etc/ssl/ca_bouthors.fr/private# cd .. +:/etc/ssl/ca_bouthors.fr/private# cd .. 
-bender:/etc/ssl/ca_bouthors.fr# openssl req -new -x509 -days 3653 -key private/cakey.pem -out cacert.pem+:/etc/ssl/ca_bouthors.fr# openssl req -new -x509 -days 3653 -key private/cakey.pem -out cacert.pem
 You are about to be asked to enter information that will be incorporated You are about to be asked to enter information that will be incorporated
 into your certificate request. into your certificate request.
Ligne 549: Ligne 549:
 Common Name (eg, YOUR name) []: Common Name (eg, YOUR name) []:
 Email Address [matthieu@bouthors.fr]: Email Address [matthieu@bouthors.fr]:
-bender:/etc/ssl/ca_bouthors.fr# openssl x509 -in cacert.pem -noout -text+:/etc/ssl/ca_bouthors.fr# openssl x509 -in cacert.pem -noout -text
 Certificate: Certificate:
     Data:     Data:
Ligne 594: Ligne 594:
         a3:4a:6f:41:8d:5d:1d:e0:c0:bd:34:e1:45:de:cd:a6:83:74:         a3:4a:6f:41:8d:5d:1d:e0:c0:bd:34:e1:45:de:cd:a6:83:74:
         ba:6a         ba:6a
-bender:/etc/ssl/ca_bouthors.fr#+:/etc/ssl/ca_bouthors.fr#
 </code> </code>
  
Ligne 606: Ligne 606:
 Exemple : Exemple :
 <code> <code>
-bender:/etc/ssl/ca_bouthors.fr/private#  openssl genrsa -out www.bouthors.fr.key 1024+:/etc/ssl/ca_bouthors.fr/private#  openssl genrsa -out www.bouthors.fr.key 1024
 Generating RSA private key, 1024 bit long modulus Generating RSA private key, 1024 bit long modulus
 ..................++++++ ..................++++++
 ......++++++ ......++++++
 e is 65537 (0x10001) e is 65537 (0x10001)
-bender:/etc/ssl/ca_bouthors.fr/private# cd .. +:/etc/ssl/ca_bouthors.fr/private# cd .. 
-bender:/etc/ssl/ca_bouthors.fr# mkdir csr +:/etc/ssl/ca_bouthors.fr# mkdir csr 
-bender:/etc/ssl/ca_bouthors.fr# cd csr/ +:/etc/ssl/ca_bouthors.fr# cd csr/ 
-bender:/etc/ssl/ca_bouthors.fr/csr# openssl req -new -key ../private/www.bouthors.fr.key -out www.bouthors.fr.csr+:/etc/ssl/ca_bouthors.fr/csr# openssl req -new -key ../private/www.bouthors.fr.key -out www.bouthors.fr.csr
 You are about to be asked to enter information that will be incorporated You are about to be asked to enter information that will be incorporated
 into your certificate request. into your certificate request.
Ligne 634: Ligne 634:
 A challenge password []: A challenge password []:
 An optional company name []: An optional company name []:
-bender:/etc/ssl/ca_bouthors.fr/csr#+:/etc/ssl/ca_bouthors.fr/csr#
 </code> </code>
  
Ligne 644: Ligne 644:
 Exemple : Exemple :
 <code> <code>
-bender:/etc/ssl/ca_bouthors.fr# openssl ca -in csr/www.bouthors.fr.csr -out certs/www.bouthors.fr.pem+:/etc/ssl/ca_bouthors.fr# openssl ca -in csr/www.bouthors.fr.csr -out certs/www.bouthors.fr.pem
 Using configuration from /usr/lib/ssl/openssl.cnf Using configuration from /usr/lib/ssl/openssl.cnf
 Check that the request matches the signature Check that the request matches the signature
Ligne 683: Ligne 683:
 Write out database with 1 new entries Write out database with 1 new entries
 Data Base Updated Data Base Updated
-bender:/etc/ssl/ca_bouthors.fr#+:/etc/ssl/ca_bouthors.fr#
 </code> </code>
  
Ligne 693: Ligne 693:
 Exemple : Exemple :
 <code> <code>
-bender:/etc/ssl/ca_bouthors.fr# openssl ca -gencrl -out crl.pem+:/etc/ssl/ca_bouthors.fr# openssl ca -gencrl -out crl.pem
 Using configuration from /usr/lib/ssl/openssl.cnf Using configuration from /usr/lib/ssl/openssl.cnf
-bender:/etc/ssl/ca_bouthors.fr# openssl crl -in crl.pem -text -noout+:/etc/ssl/ca_bouthors.fr# openssl crl -in crl.pem -text -noout
 Certificate Revocation List (CRL): Certificate Revocation List (CRL):
         Version 2 (0x1)         Version 2 (0x1)
Ligne 715: Ligne 715:
         f1:30:1d:80:19:c8:9e:dd:4e:2d:17:7e:bb:fc:04:c8:a8:ac:         f1:30:1d:80:19:c8:9e:dd:4e:2d:17:7e:bb:fc:04:c8:a8:ac:
         62:5a         62:5a
-bender:/etc/ssl/ca_bouthors.fr#+:/etc/ssl/ca_bouthors.fr#
 </code> </code>
  
Ligne 727: Ligne 727:
 Exemple : Exemple :
 <code> <code>
-bender:/etc/ssl/ca_bouthors.fr# openssl ca -revoke newcerts/01.pem+:/etc/ssl/ca_bouthors.fr# openssl ca -revoke newcerts/01.pem
 Using configuration from /usr/lib/ssl/openssl.cnf Using configuration from /usr/lib/ssl/openssl.cnf
 Revoking Certificate 01. Revoking Certificate 01.
 Data Base Updated Data Base Updated
-bender:/etc/ssl/ca_bouthors.fr# +:/etc/ssl/ca_bouthors.fr# 
 </code> </code>
  
Ligne 738: Ligne 738:
 ender:/etc/ssl/ca_bouthors.fr# openssl ca -gencrl -out crl.pem ender:/etc/ssl/ca_bouthors.fr# openssl ca -gencrl -out crl.pem
 Using configuration from /usr/lib/ssl/openssl.cnf Using configuration from /usr/lib/ssl/openssl.cnf
-bender:/etc/ssl/ca_bouthors.fr# openssl crl -in crl.pem -text -noout+:/etc/ssl/ca_bouthors.fr# openssl crl -in crl.pem -text -noout
 Certificate Revocation List (CRL): Certificate Revocation List (CRL):
         Version 2 (0x1)         Version 2 (0x1)
Ligne 760: Ligne 760:
         c3:67:9e:de:0e:15:00:c5:99:d0:10:1e:0d:d9:d6:0a:d6:b7:         c3:67:9e:de:0e:15:00:c5:99:d0:10:1e:0d:d9:d6:0a:d6:b7:
         99:64         99:64
-bender:/etc/ssl/ca_bouthors.fr#+:/etc/ssl/ca_bouthors.fr#
 </code> </code>
  
Ligne 772: Ligne 772:
  
 <code> <code>
-bender:/etc/ssl/ca_bouthors.fr# cp crl.pem /var/http/ca/ca_bouthors.fr.crl +:/etc/ssl/ca_bouthors.fr# cp crl.pem /var/http/ca/ca_bouthors.fr.crl 
-bender:/etc/ssl/ca_bouthors.fr# cp cacert.pem /var/http/ca/ca_bouthors.fr.crt+:/etc/ssl/ca_bouthors.fr# cp cacert.pem /var/http/ca/ca_bouthors.fr.crt
 </code> </code>
  
linux/openssl.1294781645.txt.gz · Dernière modification: 2011/01/11 22:34 par matthieu
Afficher la pageAnciennes révisions
Liens vers cette pageHaut de page
Recent changes RSS feed Debian Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki