s1-secureserver-selfsigned.html

Redhat9中文官方文档, 初学者必备

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>创建自签的证书</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK
REL="HOME"
TITLE="Red Hat Linux 9"
HREF="index.html"><LINK
REL="UP"
TITLE="Apache HTTP 安全服务器配置"
HREF="ch-httpd-secure-server.html"><LINK
REL="PREVIOUS"
TITLE="生成发送给 CA 的证书请求"
HREF="s1-secureserver-generatingcsr.html"><LINK
REL="NEXT"
TITLE="测试证书"
HREF="s1-secureserver-installcert.html"><LINK
REL="STYLESHEET"
TYPE="text/css"
HREF="rhdocs-man.css"><META
HTTP-EQUIV="Content-Type"
CONTENT="text/html; charset=gb2312"></HEAD
><BODY
CLASS="SECT1"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>Red Hat Linux 9: Red Hat Linux 定制指南</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="s1-secureserver-generatingcsr.html"
ACCESSKEY="P"
>后退</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>20. Apache HTTP 安全服务器配置</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="s1-secureserver-installcert.html"
ACCESSKEY="N"
>前进</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="S1-SECURESERVER-SELFSIGNED"
></A
>20.8. 创建自签的证书</H1
><P
>	你可以创建自签的证书。请注意，自签的证书将不会提供由
	CA 签发的证书所提供的安全担保。关于证书的详细信息，请参阅<A
HREF="s1-secureserver-certs.html"
>第 20.5 节</A
>。
      </P
><P
>	如果你想制作自签的证书，你首先需要按照
	<A
HREF="s1-secureserver-generatingkey.html"
>第 20.6 节</A
>中提供的指示来创建随机钥匙。一旦创建了钥匙，请确定你位于 <TT
CLASS="FILENAME"
>/usr/share/ssl/certs</TT
>
	目录中，再键入下面的命令：
      </P
><TABLE
CLASS="SCREEN"
BGCOLOR="#DCDCDC"
WIDTH="100%"
><TR
><TD
><PRE
CLASS="SCREEN"
><TT
CLASS="COMMAND"
>make testcert</TT
></PRE
></TD
></TR
></TABLE
><P
>	你将会看到以下输出，你会被提示输入口令句（除非你生成了无口令的钥匙）：
      </P
><TABLE
CLASS="SCREEN"
BGCOLOR="#DCDCDC"
WIDTH="100%"
><TR
><TD
><PRE
CLASS="SCREEN"
><TT
CLASS="COMPUTEROUTPUT"
>umask 77 ; \
/usr/bin/openssl req -new -key /etc/httpd/conf/ssl.key/server.key 
-x509 -days 365 -out /etc/httpd/conf/ssl.crt/server.crt
Using configuration from /usr/share/ssl/openssl.cnf
Enter PEM pass phrase:</TT
></PRE
></TD
></TR
></TABLE
><P
>	输入口令句后（如果你创建了无口令的钥匙则没有提示），你会被要求输入更多信息。计算机的输出以及一组示例输入与以下的显示相仿（你需要为你的主机和机构提供正确的信息）：
      </P
><TABLE
CLASS="SCREEN"
BGCOLOR="#DCDCDC"
WIDTH="100%"
><TR
><TD
><PRE
CLASS="SCREEN"
><TT
CLASS="COMPUTEROUTPUT"
>You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a
DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:</TT
><TT
CLASS="USERINPUT"
><B
>US</B
></TT
>      
<TT
CLASS="COMPUTEROUTPUT"
>State or Province Name (full name) [Berkshire]:</TT
><TT
CLASS="USERINPUT"
><B
>North Carolina</B
></TT
>
<TT
CLASS="COMPUTEROUTPUT"
>Locality Name (eg, city) [Newbury]:</TT
><TT
CLASS="USERINPUT"
><B
>Raleigh</B
></TT
>
<TT
CLASS="COMPUTEROUTPUT"
>Organization Name (eg, company) [My Company Ltd]:</TT
><TT
CLASS="USERINPUT"
><B
>My Company, Inc.</B
></TT
>
<TT
CLASS="COMPUTEROUTPUT"
>Organizational Unit Name (eg, section) []:</TT
><TT
CLASS="USERINPUT"
><B
>Documentation</B
></TT
>
<TT
CLASS="COMPUTEROUTPUT"
>Common Name (your name or server's hostname) []:</TT
><TT
CLASS="USERINPUT"
><B
>myhost.example.com</B
></TT
>
<TT
CLASS="COMPUTEROUTPUT"
>Email Address []:</TT
><TT
CLASS="USERINPUT"
><B
>myemail@example.com</B
></TT
></PRE
></TD
></TR
></TABLE
><P
>	提供了正确信息后，自签的证书就会在
	<TT
CLASS="FILENAME"
>/etc/httpd/conf/ssl.crt/server.crt</TT
> 中被创建。生成证书后，你需要使用以下命令来重新启动安全服务器：
      </P
><TABLE
CLASS="SCREEN"
BGCOLOR="#DCDCDC"
WIDTH="100%"
><TR
><TD
><PRE
CLASS="SCREEN"
><TT
CLASS="COMMAND"
>/sbin/service httpd restart</TT
></PRE
></TD
></TR
></TABLE
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="s1-secureserver-generatingcsr.html"
ACCESSKEY="P"
>后退</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>起点</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="s1-secureserver-installcert.html"
ACCESSKEY="N"
>前进</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>生成发送给 CA 的证书请求</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="ch-httpd-secure-server.html"
ACCESSKEY="U"
>上级</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>测试证书</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>