PKI Lab$3 Create Single domain SSL Certificate

採用 easyrsa 來建立 PKI CA, 必需要有 Root CA, 可參考 PKI Lab$1 Create Root CA 做建立的動作

Step by Step

• Setting vars for Root CA

  export KEY_SIZE=2048
  export CA_EXPIRE=365
  export KEY_EXPIRE=365
  export KEY_COUNTRY=”TW”
  export KEY_PROVINCE=”Taiwan”
  export KEY_CITY=”HsinChu”
  export KEY_ORG=”Night9 Studios”
  export KEY_EMAIL=”[email protected]“
  export KEY_OU=”www.night9.cc"
  export KEY_NAME=””
  export KEY_CN=”roan.night9.cc”

  • Source
  • 重點在於 KEY_CN, 此設定可以 match roan.night9.cc, 但不能 match night9.cc xxx.night9.cc

• Create Key

  source ./vars
  ./build-key-server roan.night9.cc
  <enter>…<enter>

• Check key and crt

  ls -la ./keys/roan.night9.cc.{key,crt}

• Check roan.night9.cc crt Info

  openssl x509 -in roan.night9.crt -text -noout

• Show

  

Reference

• OpenSSL PKI Tutorial
• How To Setup a CA
• OpenSSL command line Root and Intermediate CA including OCSP, CRL and revocation