安装服务
root@debian:/etc/chrony
配置文件
root@debian:/etc/chrony
root@debian:/etc/ssl
certs openssl.cnf private
root@debian:/etc/ssl
创建目录
root@debian:/etc/ssl
root@debian:/etc/ssl/CA
total 0
root@debian:/etc/ssl/CA
root@debian:/etc/ssl/CA
root@debian:/etc/ssl/CA
root@debian:/etc/ssl/CA
root@debian:/etc/ssl/CA
root@debian:/etc/ssl/CA
total 16
drwxr-xr-x 2 root root 4096 Apr 30 02:55 certs
drwxr-xr-x 2 root root 4096 Apr 30 02:56 crl
-rw-r--r-- 1 root root 0 Apr 30 02:57 index.txt
drwxr-xr-x 2 root root 4096 Apr 30 02:57 newcerts
-rw-r--r-- 1 root root 3 Apr 30 02:58 serial
root@debian:/etc/ssl/CA
root@debian:/etc/ssl/CA
Generating RSA private key, 2048 bit long modulus (2 primes)
...........................+++++
....+++++
e is 65537 (0x010001)
root@debian:/etc/ssl/CA
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:ca.jnds.com
Email Address []:
在客户端操作
root@debian:~
root@debian:/etc/apache2/ssl
Generating RSA private key, 2048 bit long modulus (2 primes)
........+++++
...............+++++
e is 65537 (0x010001)
e is 65537 (0x010001)
root@debian:/etc/apache2/ssl
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:www.jnds.com
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
root@debian:/etc/apache2/ssl
总用量 8
-rw-r--r-- 1 root root 989 4月 30 15:45 www.csr
-rw------- 1 root root 1675 4月 30 15:43 www.key
root@debian:/etc/apache2/ssl
回到服务器
root@debian:~
Using configuration from /usr/lib/ssl/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Apr 30 07:48:01 2021 GMT
Not After : Apr 30 07:48:01 2022 GMT
Subject:
countryName = CN
stateOrProvinceName = Some-State
organizationName = Internet Widgits Pty Ltd
commonName = www.jnds.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
DA:18:CB:41:4C:0B:68:8A:1A:1C:B6:23:90:72:34:8C:AC:DC:54:C1
X509v3 Authority Key Identifier:
keyid:48:AB:7C:46:74:D2:36:B9:AC:CC:20:07:7C:BD:10:09:AF:8F:65:71
Certificate is to be certified until Apr 30 07:48:01 2022 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
root@debian:~
进入客户端
root@debian:~
root@debian:~
root@debian:/etc/apache2/ssl
root@debian:/etc/apache2/ssl
总用量 12
-rw-r--r-- 1 root root 4465 4月 30 15:49 www.crt
-rw------- 1 root root 1675 4月 30 15:43 www.key
root@debian:/etc/apache2
如果出现以下情况就重启Apache2
root@debian:/etc/apache2
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Enabling module socache_shmcb.
Enabling module ssl.
See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.
To activate the new configuration, you need to run:
systemctl restart apache2
root@debian:/etc/apache2
root@debian:/etc/apache2
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Module socache_shmcb already enabled
Module ssl already enabled
root@debian:/etc/apache2
root@debian:/etc/apache2/sites-available
总用量 12
-rw-r--r-- 1 root root 1332 8月 8 2020 000-default.conf
-rw-r--r-- 1 root root 6338 8月 8 2020 default-ssl.conf
root@debian:/etc/apache2/sites-available
root@debian:/etc/apache2/sites-available
root@debian:/etc/apache2
root@debian:/etc/apache2# vim sites-available/default-ssl.conf
重启
root@debian:/etc/apache2/sites-available
root@debian:/etc/apache2/sites-available
root@debian:/etc/apache2/sites-available
root@debian:/etc/apache2
root@debian:/etc/apache2
进入服务器安装
root@debian:/etc/ssl/CA
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)