2012/09/12

OpenSSL CA

Настраиваем CA

Скачиваем Makefile и openssl.cnf, кладём их в один каталог :)

Генерируем сертификат Certificate Authority (CA)

$ make init

Создание сертификата

1. Генерируем приватный RSA-ключ
$ openssl genrsa -des3 -out host.key 1024

2. Генерируем CSR (Certificate Signing Request) и снимаем пароль

$ openssl req -new -key host.key -out host.csr
$ cp host.key host.key.orig
$ openssl rsa -in host.key.orig -out host.key
$ rm host.key.orig
$ chmod 400 host.key

Common Name должен быть в fdqn-формате :)

3. Отправляем host.csr какому-то конкретному CA на подпись или подписываем своим CA

$ make
Если речь идёт о self-signed SSL-сертификате, то достаточно:
openssl x509 -req -days 365 -in host.csr -signkey host.key -out host.crt

Отзыв сертификата

$ make revoke cert=host.cert

Проверка сертификата

$ openssl s_client -connect mail.example.org:110 -starttls pop3 -showcerts

Дополнительно

Apache:
AddType application/x-x509-ca-cert .crt .cert
Fingerprint:
$ openssl x509 -noout -fingerprint -text < host.cert > host.info

Комментариев нет:

Ярлыки

perl (30) infosec (26) links (21) freebsd (16) url (16) zabbix (14) ipv6 (13) linux (11) mojo (10) monitoring (10) snmp (10) asterisk (9) fun (8) security (7) bgbilling (6) cisco (6) mysql (6) ubuntu (6) blogs (5) crypto (4) dlink (4) exploits (4) ipv4 (4) js (4) kannel (4) law (4) mikrotik (4) mojolicious (4) openssl (4) postfix (4) radio (4) tools (4) utf-8 (4) windows (4) android (3) apache (3) books (3) debug (3) dns (3) google (3) hp (3) java (3) json (3) latex (3) microsoft (3) oracle (3) performance (3) rhel (3) ripe ncc (3) syslog (3) ubnt (3) vim (3) vm (3) vmware (3) agi (2) atlassian (2) backup (2) bgp (2) centos (2) console (2) cpan (2) cpanmin (2) css (2) ctf (2) edge-core (2) editors (2) elasticsearch (2) git (2) gns3 (2) graphite (2) hack (2) hdd (2) hyper-v (2) isp (2) mac (2) management (2) mibs (2) movie (2) msa (2) ntp (2) pentest (2) puppet (2) qa tests (2) quotes (2) reverse engeenering (2) shell (2) smpp (2) social engineering (2) ssl (2) statistic (2) storage (2) switches (2) tcp/ip (2) tex (2) usb (2) websec (2) xsrf (2) yandex (2) ПДн (2) электронное правительство (2) #snmp #cisco (1) Xorg (1) amavis (1) amazon s3 (1) analyze (1) anonymous (1) ansible (1) applications (1) as (1) ascii (1) autofs (1) balancer (1) bandwidth (1) bem (1) bind (1) bl (1) certificate (1) chef (1) chief (1) cluster (1) cnupm (1) cnupmsave (1) confluence (1) cpu (1) cvs (1) dbi (1) ddos (1) devices (1) dhcp (1) dht (1) diet (1) diskarray (1) docker (1) dummynet (1) dynax60 (1) epub (1) equipment (1) esx (1) esxi (1) fax (1) firmware (1) fitness (1) form (1) fs (1) fsb (1) ftp (1) golf (1) gprs (1) graphics (1) gsm (1) honeypot (1) hpe ilo manager (1) html (1) iops (1) ios (1) ipn (1) ipsec (1) iptv (1) iso (1) itil (1) itsm (1) jabber (1) jira (1) joke (1) jsonp (1) kafka (1) logstash (1) mem (1) metasploit (1) microscope (1) mindmap (1) mobile (1) modem (1) mp3 (1) music (1) nano (1) nas (1) netbox (1) noc (1) ocfs2 (1) ocs2 (1) openbsd (1) openfire (1) openvpn (1) oscm (1) ospf (1) packet tracer (1) parsing (1) pass-the-hash (1) pgu.mos.ru (1) phd (1) php (1) poe (1) ports (1) postfixadmin (1) ppp (1) presentation (1) profiler (1) protobuf (1) rabbitmq (1) radmin (1) raid (1) repo (1) rest (1) riemann (1) rrd (1) rs-232 (1) rss (1) rtp (1) ruby (1) scanners (1) serialization (1) sip (1) skype (1) sms (1) snmptranslate (1) soap (1) spam (1) spamcop (1) spf (1) sql (1) ssrf (1) standarts (1) sudoers (1) svn (1) syslog-ng (1) tde200 (1) tftp (1) tomcat (1) tuning (1) uce (1) underground (1) ups (1) video (1) voip (1) vpn (1) wds (1) web (1) websockets (1) wifi (1) wireless (1) wsl (1) x-plane (1) xml (1) xss (1) верстка (1) гибдд (1) гипервизоры (1) здоровье (1) панчеры (1)

Subscribe in a reader

Web Analytics