PKI Lab$2 Create Multiple domain (UCC) SSL Certificate
採用 easyrsa
來建立 PKI CA, 必需要有 Root CA, 可參考 PKI Lab$1 Create Root CA 做建立的動作
Step by Step
Setting vars for Root CA
export KEY_SIZE=2048
export CA_EXPIRE=365
export KEY_EXPIRE=365
export KEY_COUNTRY=”TW”
export KEY_PROVINCE=”Taiwan”
export KEY_CITY=”HsinChu”
export KEY_ORG=”Night9 Studios”
export KEY_EMAIL=”[email protected]“
export KEY_OU=”www.night9.cc"
export KEY_NAME=””
export KEY_CN=”*.night9.cc”- Source
- 重點在於
KEY_CN
, 此設定可以 matchwww.night9.cc
roan.night9.cc
, 但不能 matchnight9.cc
Create UCC Key
source ./vars
./build-key-server *.night9.cc
<enter>…<enter>Check Root CA key and crt
ls -la ./keys/*.night9.cc.{key,crt}
- 建議將
*.night9.cc
做個改名的動作
- 建議將
Check *.night9.cc crt Info
openssl x509 -in *.night9.crt -text -noout
Show