概述
下载相关文件
wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64
mv cfssl-certinfo_linux-amd64 cfssl-certinfo
mv cfssljson_linux-amd64 cfssljson
mv cfssl_linux-amd64 cfssl
chmod +x cfssl-certinfo cfssljson cfssl
cfssl print-defaults config > ca-config.json
cfssl print-defaults csr > ca-csr.json
ca-config.json
{
"signing": {
"default": {
"expiry": "87600h"
},
"profiles": {
"server": {
"expiry": "87600h",
"usages": [
"signing",
"key encipherment",
"server auth"
]
},
"client": {
"expiry": "87600h",
"usages": [
"signing",
"key encipherment",
"client auth"
]
}
}
}
}
ca-csr.json
{
"CN": "example.net",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "SC",
"ST": "Chengdu",
"OU": "PE"
}
]
}
生成CA证书和私钥.
./cfssl gencert -initca ca-csr.json | ./cfssljson -bare ca -
ca-config.json ca.csr ca-csr.json ca-key.pem ca.pem cfssl cfssl-certinfo cfssljson
签发Server证书
./cfssl print-defaults csr > fullchain-csr.json
cat fullchain-csr.json
{
"CN": "Server",
"hosts": [
"172.16.0.72"
],
"key": {
"algo": "ecdsa",
"size": 256
},
"names": [
{
"C": "CN",
"L": "SC",
"ST": "Chengdu",
"OU": "PE"
}
]
}
生成服务端证书和私钥
./cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=server fullchain-csr.json | ./cfssljson -bare fullchain
fullchain.csr fullchain-csr.json fullchain-key.pem fullchain.pem
生成客客户端证书和私钥
./cfssl print-defaults csr > private.json
./cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=client private.json | ./cfssljson -bare privkey
`
最后
以上就是鲤鱼紫菜为你收集整理的Ubuntu18.04 制作pem证书的全部内容,希望文章能够帮你解决Ubuntu18.04 制作pem证书所遇到的程序开发问题。
如果觉得靠谱客网站的内容还不错,欢迎将靠谱客网站推荐给程序员好友。
本图文内容来源于网友提供,作为学习参考使用,或来自网络收集整理,版权属于原作者所有。
发表评论 取消回复