PKI Lab$3 Create Single domain SSL Certificate
採用 easyrsa
來建立 PKI CA, 必需要有 Root CA, 可參考 PKI Lab$1 Create Root CA 做建立的動作
Step by Step
Setting vars for Root CA
export KEY_SIZE=2048
export CA_EXPIRE=365
export KEY_EXPIRE=365
export KEY_COUNTRY=”TW”
export KEY_PROVINCE=”Taiwan”
export KEY_CITY=”HsinChu”
export KEY_ORG=”Night9 Studios”
export KEY_EMAIL=”[email protected]“
export KEY_OU=”www.night9.cc"
export KEY_NAME=””
export KEY_CN=”roan.night9.cc”- Source
- 重點在於
KEY_CN
, 此設定可以 matchroan.night9.cc
, 但不能 matchnight9.cc
xxx.night9.cc
Create Key
source ./vars
./build-key-server roan.night9.cc
<enter>…<enter>Check key and crt
ls -la ./keys/roan.night9.cc.{key,crt}
Check roan.night9.cc crt Info
openssl x509 -in roan.night9.crt -text -noout
Show