Para criar e assinar um novo certificado:


Criando o novo certificado (receita para o Mandriva). Use o comando

sudo  /etc/pki/tls/misc/CA -newca


e forneça as informações solicitadas.

mkdir: cannot create directory `/etc/pki/tls': File exists
mkdir: cannot create directory `/etc/pki/tls/certs': File exists
mkdir: cannot create directory `/etc/pki/tls/crl': File exists  
mkdir: cannot create directory `/etc/pki/tls/newcerts': File exists
mkdir: cannot create directory `/etc/pki/tls/private': File exists 
CA certificate filename (or enter to create)                       

Making CA certificate ...
Generating a 1024 bit RSA private key
.............................................................++++++
................++++++                                             
writing new private key to '/etc/pki/tls/private/./cakey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:BR
State or Province Name (full name) [Berkshire]:Distrito Federal
Locality Name (eg, city) [Newbury]:Brasilia
Organization Name (eg, company) [My Company Ltd]:Universidade de Brasilia
Organizational Unit Name (eg, section) []:Instituto de Fisica
Common Name (eg, your name or your server's hostname) []:zirconium
Email Address []:philbeak@gmail.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:ariola
An optional company name []:
Using configuration from /etc/pki/tls/openssl.cnf
Enter pass phrase for /etc/pki/tls/private/./cakey.pem:
unable to load CA private key
20715:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:461:
20715:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:425:


O certificado foi criado e está armazenado em arquivos no diretório /etc/pki/tls/ . Para assinar o certificado use o seguinte comando:

sudo /etc/pki/tls/misc/CA -sign


Nãio esqueca de fornecer a senha que você escolheu. Neste caso é a a pass phrase

Using configuration from /etc/pki/tls/openssl.cnf
Enter pass phrase for /etc/pki/tls/private/cakey.pem:
unable to load CA private key
20730:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:461:
20730:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:425:
cat: newcert.pem: No such file or directory
Signed certificate is in newcert.pem
There are no comments on this page.
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki