{"id":237,"date":"2012-04-17T17:14:35","date_gmt":"2012-04-17T17:14:35","guid":{"rendered":"539fd53b59e3bb12d203f45a912eeaf2"},"modified":"2012-04-17T17:14:35","modified_gmt":"2012-04-17T17:14:35","slug":"","status":"publish","type":"post","link":"https:\/\/www.xiaobo.li\/notes\/archives\/237","title":{"rendered":"\u57fa\u4e8e OpenSSL \u7684 CA \u5efa\u7acb\u53ca\u8bc1\u4e66\u7b7e\u53d1"},"content":{"rendered":"<h2><b><span style=\"font-family:Arial;\">\u5efa\u7acb CA<\/span> <\/b><\/h2>\n<h3 style=\"font-family:Arial;\">\u5efa\u7acb CA \u76ee\u5f55\u7ed3\u6784<\/h3>\n<p style=\"font-family:Arial;\">\u6309\u7167 OpenSSL \u7684\u9ed8\u8ba4\u914d\u7f6e\u5efa\u7acb CA \uff0c\u9700\u8981\u5728\u6587\u4ef6\u7cfb\u7edf\u4e2d\u5efa\u7acb\u76f8\u5e94\u7684\u76ee\u5f55\u7ed3\u6784\u3002\u76f8\u5173\u7684\u914d\u7f6e\u5185\u5bb9\u4e00\u822c\u4f4d\u4e8e <span style=\"font-family:Courier;\">\/usr\/ssl\/openssl.cnf<\/span> \u5185\uff0c\u8be6\u60c5\u53ef\u53c2\u89c1 config (1) \u3002\u5728\u7ec8\u7aef\u4e2d\u4f7f\u7528\u5982\u4e0b\u547d\u4ee4\u5efa\u7acb\u76ee\u5f55\u7ed3\u6784\uff1a<\/p>\n<blockquote>\n<p><span style=\"font-family:Courier;\">$ mkdir -p .\/demoCA\/{private,newcerts}<br \/>\n$ touch .\/demoCA\/index.txt<br \/>\n$ echo 01 &gt; .\/demoCA\/serial<\/span><\/p>\n<\/blockquote>\n<p style=\"font-family:Arial;\">\u4ea7\u751f\u7684\u76ee\u5f55\u7ed3\u6784\u5982\u4e0b\uff1a<\/p>\n<blockquote>\n<p><span style=\"font-family:Courier;\">.<br \/>\n`-- demoCA\/<br \/>\n&nbsp;&nbsp;&nbsp; |-- index.txt<br \/>\n&nbsp;&nbsp;&nbsp; |-- newcerts\/<br \/>\n&nbsp;&nbsp;&nbsp; |-- private\/<br \/>\n&nbsp;&nbsp;&nbsp; `-- serial<br \/>\n<\/span><\/p>\n<\/blockquote>\n<h3 style=\"font-family:Arial;\">\u751f\u6210 CA \u8bc1\u4e66\u7684 RSA \u5bc6\u94a5\u5bf9<\/h3>\n<p style=\"font-family:Arial;\">\u9996\u5148\uff0c\u6211\u4eec\u8981\u4e3a CA \u5efa\u7acb RSA \u5bc6\u94a5\u5bf9\u3002\u6253\u5f00\u7ec8\u7aef\uff0c\u4f7f\u7528\u5982\u4e0b\u547d\u4ee4\u751f\u6210 RSA \u5bc6\u94a5\u5bf9\uff1a<\/p>\n<blockquote>\n<p><span style=\"font-family:Courier;\">$ openssl genrsa -des3 -out .\/demoCA\/private\/cakey.pem 2048<\/span><\/p>\n<\/blockquote>\n<h4 style=\"font-family:Arial;\"><u>\u53c2\u6570\u89e3\u91ca<\/u><\/h4>\n<blockquote>\n<p><span style=\"font-family:Courier;\">genrsa<\/span><\/p>\n<blockquote style=\"font-family:Arial;\">\n<p>\u7528\u4e8e\u751f\u6210 RSA \u5bc6\u94a5\u5bf9\u7684 OpenSSL \u547d\u4ee4\u3002<\/p>\n<\/blockquote>\n<p><span style=\"font-family:Courier;\">-des3<\/span><\/p>\n<blockquote style=\"font-family:Arial;\">\n<p>\u4f7f\u7528 3-DES \u5bf9\u79f0\u52a0\u5bc6\u7b97\u6cd5\u52a0\u5bc6\u5bc6\u94a5\u5bf9\uff0c\u8be5\u53c2\u6570\u9700\u8981\u7528\u6237\u5728\u5bc6\u94a5\u751f\u6210\u8fc7\u7a0b\u4e2d\u8f93\u5165\u4e00\u4e2a\u53e3\u4ee4\u7528\u4e8e\u52a0\u5bc6\u3002\u4eca\u540e\u4f7f\u7528\u8be5\u5bc6\u94a5\u5bf9\u65f6\uff0c\u9700\u8981\u8f93\u5165\u76f8\u5e94\u7684\u53e3\u4ee4\u3002\u5982\u679c\u4e0d\u52a0\u8be5\u9009\u9879\uff0c\u5219\u4e0d\u5bf9\u5bc6\u94a5\u8fdb\u884c\u52a0\u5bc6\u3002<\/p>\n<\/blockquote>\n<p><span style=\"font-family:Courier;\">-out .\/demoCA\/private\/cakey.pem<\/span><\/p>\n<blockquote style=\"font-family:Arial;\">\n<p>\u4ee4\u751f\u6210\u7684\u5bc6\u94a5\u5bf9\u4fdd\u5b58\u5230\u6587\u4ef6 <span style=\"font-family:Courier;\">.\/demoCA\/private\/cakey.pem<\/span> \u3002<\/p>\n<\/blockquote>\n<p><span style=\"font-family:Courier;\">2048<\/span><\/p>\n<blockquote style=\"font-family:Arial;\">\n<p>RSA \u6a21\u6570\u4f4d\u6570\uff0c\u5728\u4e00\u5b9a\u7a0b\u5ea6\u4e0a\u8868\u5f81\u4e86\u5bc6\u94a5\u5f3a\u5ea6\u3002<\/p>\n<\/blockquote>\n<\/blockquote>\n<p style=\"font-family:Arial;\">\u8be5\u547d\u4ee4\u8f93\u51fa\u5982\u4e0b\uff0c\u7528\u6237\u5e94\u8f93\u5165\u81ea\u5df1\u7684\u5bc6\u94a5\u53e3\u4ee4\u5e76\u786e\u8ba4\uff1a<\/p>\n<blockquote>\n<pre><span style=\"font-family:Courier;\">Generating RSA private key, 2048 bit long modulus\r\n................................................+++\r\n.........................+++\r\ne is 65537 (0x10001)\r\nEnter pass phrase for .\/demoCA\/private\/cakey.pem:<b>&lt;enter your pass-phrase&gt;<\/b>Verifying - Enter pass phrase for .\/demoCA\/private\/cakey.pem:<b>&lt;re-enter your pass-phrase&gt;<\/b><\/span><\/pre>\n<\/blockquote>\n<h3 style=\"font-family:Arial;\">\u751f\u6210 CA \u8bc1\u4e66\u8bf7\u6c42<\/h3>\n<p style=\"font-family:Arial;\">\u4e3a\u4e86\u83b7\u53d6\u4e00\u4e2a CA \u6839\u8bc1\u4e66\uff0c\u6211\u4eec\u9700\u8981\u5148\u5236\u4f5c\u4e00\u4efd\u8bc1\u4e66\u8bf7\u6c42\u3002\u5148\u524d\u751f\u6210\u7684 CA \u5bc6\u94a5\u5bf9\u88ab\u7528\u4e8e\u5bf9\u8bc1\u4e66\u8bf7\u6c42\u7b7e\u540d\u3002<\/p>\n<blockquote>\n<p><span style=\"font-family:Courier;\">$ openssl req -new -days 365 -key .\/demoCA\/private\/cakey.pem -out careq.pem<\/span><\/p>\n<\/blockquote>\n<h4><u><span style=\"font-family:Courier;\">\u53c2\u6570\u89e3\u91ca<\/span><\/u><\/h4>\n<blockquote>\n<p><span style=\"font-family:Courier;\">req<\/span><\/p>\n<blockquote style=\"font-family:Arial;\">\n<p>\u7528\u4e8e\u751f\u6210\u8bc1\u4e66\u8bf7\u6c42\u7684 OpenSSL \u547d\u4ee4\u3002<\/p>\n<\/blockquote>\n<p><span style=\"font-family:Courier;\">-new<\/span><\/p>\n<blockquote style=\"font-family:Arial;\">\n<p>\u751f\u6210\u4e00\u4e2a\u65b0\u7684\u8bc1\u4e66\u8bf7\u6c42\u3002\u8be5\u53c2\u6570\u5c06\u4ee4 OpenSSL \u5728\u8bc1\u4e66\u8bf7\u6c42\u751f\u6210\u8fc7\u7a0b\u4e2d\u8981\u6c42\u7528\u6237\u586b\u5199\u4e00\u4e9b\u76f8\u5e94\u7684\u5b57\u6bb5\u3002<\/p>\n<\/blockquote>\n<p><span style=\"font-family:Courier;\">-days 365<\/span><\/p>\n<blockquote style=\"font-family:Arial;\">\n<p>\u4ece\u751f\u6210\u4e4b\u65f6\u7b97\u8d77\uff0c\u8bc1\u4e66\u65f6\u6548\u4e3a 365 \u5929\u3002<\/p>\n<\/blockquote>\n<p><span style=\"font-family:Courier;\">-key .\/demoCA\/private\/cakey.pem<\/span><\/p>\n<blockquote style=\"font-family:Arial;\">\n<p>\u6307\u5b9a <span style=\"font-family:Courier;\">.\/demoCA\/private\/cakey.pem<\/span> \u4e3a\u8bc1\u4e66\u6240\u4f7f\u7528\u7684\u5bc6\u94a5\u5bf9\u6587\u4ef6\u3002<\/p>\n<\/blockquote>\n<p><span style=\"font-family:Courier;\">-out careq.pem<\/span><\/p>\n<blockquote style=\"font-family:Arial;\">\n<p>\u4ee4\u751f\u6210\u7684\u8bc1\u4e66\u8bf7\u6c42\u4fdd\u5b58\u5230\u6587\u4ef6 <span style=\"font-family:Courier;\">careq.pem<\/span> \u3002<\/p>\n<\/blockquote>\n<\/blockquote>\n<p>\u8be5\u547d\u4ee4\u5c06\u63d0\u793a\u7528\u6237\u8f93\u5165\u5bc6\u94a5\u53e3\u4ee4\u5e76\u586b\u5199\u8bc1\u4e66\u76f8\u5173\u4fe1\u606f\u5b57\u6bb5\uff0c\u8f93\u51fa\u5982\u4e0b\uff1a<\/p>\n<blockquote>\n<p><span style=\"font-family:Courier;font-size:x-small;\">Enter pass phrase for .\/demoCA\/private\/cakey.pem:<b>&lt;enter you pass-phrase&gt;<\/b><br \/>\nYou are about to be asked to enter information that will be incorporated<br \/>\ninto your certificate request.<br \/>\nWhat you are about to enter is what is called a Distinguished Name or a DN.<br \/>\nThere are quite a few fields but you can leave some blank<br \/>\nFor some fields there will be a default value,<br \/>\nIf you enter '.', the field will be left blank.<br \/>\n-----<br \/>\nCountry Name (2 letter code) [AU]:<b>CN<\/b><br \/>\nState or Province Name (full name) [Some-State]:<b>ZJ<\/b><br \/>\nLocality Name (eg, city) []:<b>HZ<\/b><br \/>\nOrganization Name (eg, company) [Internet Widgits Pty Ltd]:<b>Some Ltd. Corp.<\/b><br \/>\nOrganizational Unit Name (eg, section) []:<b>Some Unit<\/b><br \/>\nCommon Name (eg, YOUR name) []:<b>Someone<\/b><br \/>\nEmail Address []:<b>some@email.com<\/b><\/p>\n<p>Please enter the following 'extra' attributes<br \/>\nto be sent with your certificate request<br \/>\nA challenge password []:<br \/>\nAn optional company name []:<\/span><\/p>\n<\/blockquote>\n<h3 style=\"font-family:Arial;\">\u5bf9 CA \u8bc1\u4e66\u8bf7\u6c42\u8fdb\u884c\u7b7e\u540d<\/h3>\n<p style=\"font-family:Arial;\">\u5728\u5b9e\u9645\u5e94\u7528\u4e2d\uff0c\u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u5411\u77e5\u540d CA \u9012\u4ea4\u8bc1\u4e66\u8bf7\u6c42\u6765\u7533\u8bf7\u8bc1\u4e66\u3002\u4f46\u662f\u5728\u8fd9\u91cc\uff0c\u6211\u4eec\u9700\u8981\u5efa\u7acb\u7684\u662f\u4e00\u4e2a\u6839 CA \uff0c\u53ea\u80fd\u7531\u6211\u4eec\u81ea\u5df1\u6765\u5bf9\u8bc1\u4e66\u8bf7\u6c42\u8fdb\u884c\u7b7e\u540d\u3002\u6240\u4ee5\u6211\u4eec\u8ba9 OpenSSL \u4f7f\u7528\u8bc1\u4e66\u8bf7\u6c42\u4e2d\u9644\u5e26\u7684\u5bc6\u94a5\u5bf9\u5bf9\u8be5\u8bf7\u6c42\u8fdb\u884c\u7b7e\u540d\uff0c\u4e5f\u5c31\u662f\u6240\u8c13\u7684\u201c self sign \u201d\uff1a<\/p>\n<blockquote>\n<p><span style=\"font-family:Courier;\">$ openssl ca -selfsign -in careq.pem -out cacert.pem<\/span><\/p>\n<\/blockquote>\n<h4><u><span style=\"font-family:Courier;\">\u53c2\u6570\u89e3\u91ca<\/span><\/u><\/h4>\n<blockquote>\n<p><span style=\"font-family:Courier;\">ca<\/span><\/p>\n<blockquote style=\"font-family:Arial;\">\n<p>\u7528\u4e8e\u6267\u884c CA \u76f8\u5173\u64cd\u4f5c\u7684 OpenSSL \u547d\u4ee4\u3002<\/p>\n<\/blockquote>\n<p><span style=\"font-family:Courier;\">-selfsign<\/span><\/p>\n<blockquote style=\"font-family:Arial;\">\n<p>\u4f7f\u7528\u5bf9\u8bc1\u4e66\u8bf7\u6c42\u8fdb\u884c\u7b7e\u540d\u7684\u5bc6\u94a5\u5bf9\u6765\u7b7e\u53d1\u8bc1\u4e66\u3002<\/p>\n<\/blockquote>\n<p><span style=\"font-family:Courier;\">-in careq.pem<\/span><\/p>\n<blockquote style=\"font-family:Arial;\">\n<p>\u6307\u5b9a <span style=\"font-family:Courier;\">careq.pem<\/span> \u4e3a\u8bc1\u4e66\u8bf7\u6c42\u6587\u4ef6\u3002<\/p>\n<\/blockquote>\n<p><span style=\"font-family:Courier;\">-out .\/demoCA\/cacert.pem<\/span><\/p>\n<blockquote style=\"font-family:Arial;\">\n<p>\u6307\u5b9a <span style=\"font-family:Courier;\">.\/demoCA\/cacert.pem<\/span> \u4e3a\u8f93\u51fa\u7684\u8bc1\u4e66\u3002<\/p>\n<\/blockquote>\n<\/blockquote>\n<p style=\"font-family:Arial;\">\u8be5\u547d\u4ee4\u8981\u6c42\u7528\u6237\u8f93\u5165\u5bc6\u94a5\u53e3\u4ee4\u5e76\u8f93\u51fa\u76f8\u5173\u8bc1\u4e66\u4fe1\u606f\uff0c\u8bf7\u6c42\u7528\u6237\u786e\u8ba4\uff1a<\/p>\n<blockquote>\n<p><span style=\"font-family:Courier;font-size:x-small;\">Using configuration from \/usr\/lib\/ssl\/openssl.cnf<br \/>\nEnter pass phrase for .\/demoCA\/private\/cakey.pem:<b>&lt;enter your pass-phrase&gt;<\/b><br \/>\nCheck that the request matches the signature<br \/>\nSignature ok<br \/>\nCertificate Details:<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Serial Number: 2 (0x2)<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Validity<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Not Before: Jan 16 13:05:09 2008 GMT<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Not After : Jan 15 13:05:09 2009 GMT<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Subject:<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; countryName = CN<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; stateOrProvinceName = ZJ<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; organizationName = Some Ltd. Corp.<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; organizationalUnitName = Some Unit<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; commonName = Someone<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; emailAddress = some@email.com<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; X509v3 extensions:<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; X509v3 Basic Constraints:<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; CA:FALSE<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Netscape Comment:<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; OpenSSL Generated Certificate<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; X509v3 Subject Key Identifier:<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 75:F5:3C:CC:C1:5E:6D:C3:8B:46:A8:08:E6:EA:29:E8:22:7E:70:03<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; X509v3 Authority Key Identifier:<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; keyid:75:F5:3C:CC:C1:5E:6D:C3:8B:46:A8:08:E6:EA:29:E8:22:7E:70:03<\/p>\n<p>Certificate is to be certified until Jan 15 13:05:09 2009 GMT (365 days)<br \/>\nSign the certificate? [y\/n]:<b>y<\/b><\/p>\n<p>\n1 out of 1 certificate requests certified, commit? [y\/n]<b>y<\/b><br \/>\nWrite out database with 1 new entries<br \/>\nData Base Updated<\/span><\/p>\n<\/blockquote>\n<h3 style=\"font-family:Arial;\">\u4e00\u6b65\u5b8c\u6210 CA \u8bc1\u4e66\u8bf7\u6c42\u751f\u6210\u53ca\u7b7e\u540d<\/h3>\n<p style=\"font-family:Arial;\">\u4ee5\u4e0a\u4e24\u4e2a\u6b65\u9aa4\u53ef\u4ee5\u5408\u4e8c\u4e3a\u4e00\u3002\u5229\u7528 ca \u547d\u4ee4\u7684 <span style=\"font-family:Courier;\">-x509 <\/span>\u53c2\u6570\uff0c\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u540c\u65f6\u5b8c\u6210\u8bc1\u4e66\u8bf7\u6c42\u751f\u6210\u548c\u7b7e\u540d\u4ece\u800c\u751f\u6210 CA \u6839\u8bc1\u4e66\uff1a<\/p>\n<blockquote>\n<p><span style=\"font-family:Courier;\">$ openssl req -new -x509 -days 365 -key .\/demoCA\/private\/cakey.pem -out .\/demoCA\/cacert.pem<\/span><\/p>\n<\/blockquote>\n<h4 style=\"font-family:Arial;\"><u>\u53c2\u6570\u89e3\u91ca<\/u><\/h4>\n<blockquote>\n<p><span style=\"font-family:Courier;\">req<\/span><\/p>\n<blockquote style=\"font-family:Arial;\">\n<p>\u7528\u4e8e\u751f\u6210\u8bc1\u4e66\u8bf7\u6c42\u7684 OpenSSL \u547d\u4ee4\u3002<\/p>\n<\/blockquote>\n<p><span style=\"font-family:Courier;\">-new<\/span><\/p>\n<blockquote style=\"font-family:Arial;\">\n<p>\u751f\u6210\u4e00\u4e2a\u65b0\u7684\u8bc1\u4e66\u8bf7\u6c42\u3002\u8be5\u53c2\u6570\u5c06\u4ee4 OpenSSL \u5728\u8bc1\u4e66\u8bf7\u6c42\u751f\u6210\u8fc7\u7a0b\u4e2d\u8981\u6c42\u7528\u6237\u586b\u5199\u4e00\u4e9b\u76f8\u5e94\u7684\u5b57\u6bb5\u3002<\/p>\n<\/blockquote>\n<p><span style=\"font-family:Courier;\">-x509<\/span><\/p>\n<blockquote style=\"font-family:Arial;\">\n<p>\u751f\u6210\u4e00\u4efd X.509 \u8bc1\u4e66\u3002<\/p>\n<\/blockquote>\n<p><span style=\"font-family:Courier;\">-days 365<\/span><\/p>\n<blockquote style=\"font-family:Arial;\">\n<p>\u4ece\u751f\u6210\u4e4b\u65f6\u7b97\u8d77\uff0c\u8bc1\u4e66\u65f6\u6548\u4e3a 365 \u5929\u3002<\/p>\n<\/blockquote>\n<p><span style=\"font-family:Courier;\">-key .\/demoCA\/private\/cakey.pem<\/span><\/p>\n<blockquote style=\"font-family:Arial;\">\n<p>\u6307\u5b9a <span style=\"font-family:Courier;\">cakey.pem<\/span> \u4e3a\u8bc1\u4e66\u6240\u4f7f\u7528\u7684\u5bc6\u94a5\u5bf9\u6587\u4ef6\u3002<\/p>\n<\/blockquote>\n<p><span style=\"font-family:Courier;\">-out .\/demoCA\/cacert.pem<\/span><\/p>\n<blockquote style=\"font-family:Arial;\">\n<p>\u4ee4\u751f\u6210\u7684\u8bc1\u4e66\u4fdd\u5b58\u5230\u6587\u4ef6 <span style=\"font-family:Courier;\">.\/demoCA\/cacert.pem<\/span> \u3002<\/p>\n<\/blockquote>\n<\/blockquote>\n<p>\u8be5\u547d\u4ee4\u8f93\u51fa\u5982\u4e0b\uff0c\u7528\u6237\u5e94\u8f93\u5165\u76f8\u5e94\u7684\u5b57\u6bb5\uff1a<\/p>\n<blockquote>\n<p><span style=\"font-family:Courier;font-size:x-small;\">Enter pass phrase for .\/demoCA\/private\/cakey.pem:<br \/>\nYou are about to be asked to enter information that will be incorporated<br \/>\ninto your certificate request.<br \/>\nWhat you are about to enter is what is called a Distinguished Name or a DN.<br \/>\nThere are quite a few fields but you can leave some blank<br \/>\nFor some fields there will be a default value,<br \/>\nIf you enter '.', the field will be left blank.<br \/>\n-----<br \/>\nCountry Name (2 letter code) [AU]:<b>CN<\/b><br \/>\nState or Province Name (full name) [Some-State]:<b>ZJ<\/b><br \/>\nLocality Name (eg, city) []:<b>HZ<\/b><br \/>\nOrganization Name (eg, company) [Internet Widgits Pty Ltd]:<b>Some Ltd. Corp.<\/b><br \/>\nOrganizational Unit Name (eg, section) []:<b>Some Unit<\/b><br \/>\nCommon Name (eg, YOUR name) []:<b>Someone<\/b><br \/>\nEmail Address []:<b>some@email.com<\/b><\/span><\/p>\n<\/blockquote>\n<p style=\"font-family:Arial;\">\u81f3\u6b64\uff0c\u6211\u4eec\u4fbf\u5df2\u6210\u529f\u5efa\u7acb\u4e86\u4e00\u4e2a\u79c1\u6709\u6839 CA \u3002\u5728\u8fd9\u4e2a\u8fc7\u7a0b\u4e2d\uff0c\u6211\u4eec\u83b7\u5f97\u4e86\u4e00\u4efd CA \u5bc6\u94a5\u5bf9\u6587\u4ef6 <span style=\"font-family:Courier;\">.\/demoCA\/private\/cakey.pem<\/span> \u4ee5\u53ca\u4e00\u4efd\u7531\u6b64\u5bc6\u94a5\u5bf9\u7b7e\u540d\u7684 CA \u6839\u8bc1\u4e66\u6587\u4ef6 <span style=\"font-family:Courier;\">.\/demoCA\/cacert.pem<\/span> \uff0c\u5f97\u5230\u7684 CA \u76ee\u5f55\u7ed3\u6784\u5982\u4e0b\uff1a<\/p>\n<p style=\"margin-left:40px;\"><span style=\"font-family:\u5b8b\u4f53;\"><span style=\"font-family:Courier;\">.<\/span><br style=\"font-family:Courier;\" \/><br \/>\n<span style=\"font-family:Courier;\">|-- careq.pem<\/span><br style=\"font-family:Courier;\" \/><br \/>\n<span style=\"font-family:Courier;\">`-- demoCA\/<\/span><br style=\"font-family:Courier;\" \/><br \/>\n<span style=\"font-family:Courier;\">&nbsp;&nbsp;&nbsp; |-- cacert.pem<br \/>\n&nbsp;&nbsp;&nbsp; |-- index.txt<\/span><br style=\"font-family:Courier;\" \/><br \/>\n<span style=\"font-family:Courier;\">&nbsp;&nbsp;&nbsp; |-- index.txt.attr<\/span><br style=\"font-family:Courier;\" \/><br \/>\n<span style=\"font-family:Courier;\">&nbsp;&nbsp;&nbsp; |-- index.txt.old<\/span><br style=\"font-family:Courier;\" \/><br \/>\n<span style=\"font-family:Courier;\">&nbsp;&nbsp;&nbsp; |-- newcerts\/<\/span><br style=\"font-family:Courier;\" \/><br \/>\n<span style=\"font-family:Courier;\">&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp; `-- 01.pem<\/span><br style=\"font-family:Courier;\" \/><br \/>\n<span style=\"font-family:Courier;\">&nbsp;&nbsp;&nbsp; |-- private\/<\/span><br style=\"font-family:Courier;\" \/><br \/>\n<span style=\"font-family:Courier;\">&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp; `-- cakey.pem<\/span><br style=\"font-family:Courier;\" \/><br \/>\n<span style=\"font-family:Courier;\">&nbsp;&nbsp;&nbsp; |-- serial<\/span><br style=\"font-family:Courier;\" \/><br \/>\n<span style=\"font-family:Courier;\">&nbsp;&nbsp;&nbsp; `-- serial.old<\/span><\/span><\/p>\n<p style=\"font-family:Arial;\">\u6ce8\uff1a\u5982\u679c\u5728 CA \u5efa\u7acb\u8fc7\u7a0b\u4e2d\u8df3\u8fc7\u8bc1\u4e66\u8bf7\u6c42\u751f\u6210\u7684\u6b65\u9aa4\uff0c\u5219\u4e0d\u4f1a\u4ea7\u751f <span style=\"font-family:Courier;\">careq.pem<\/span> \u6587\u4ef6\u3002<\/p>\n<h2 style=\"font-family:Arial;\">\u7b7e\u53d1\u8bc1\u4e66<\/h2>\n<p style=\"font-family:Arial;\">\u4e0b\u9762\u6211\u4eec\u5c31\u53ef\u4ee5\u5229\u7528\u5efa\u7acb\u8d77\u6765\u7684 CA \u8fdb\u884c\u8bc1\u4e66\u7b7e\u53d1\u4e86\u3002<\/p>\n<h3 style=\"font-family:Arial;\">\u751f\u6210\u7528\u6237\u8bc1\u4e66 RSA \u5bc6\u94a5\u5bf9<\/h3>\n<p style=\"font-family:Arial;\">\u53c2\u7167 CA \u7684 RSA \u5bc6\u94a5\u5bf9\u751f\u6210\u8fc7\u7a0b\uff0c\u4f7f\u7528\u5982\u4e0b\u547d\u4ee4\u751f\u6210\u65b0\u7684\u5bc6\u94a5\u5bf9\uff1a<\/p>\n<blockquote>\n<p><span style=\"font-family:Courier;font-size:x-small;\">$ openssl genrsa -des3 -out userkey.pem<br \/>\nGenerating RSA private key, 512 bit long modulus<br \/>\n....++++++++++++<br \/>\n...++++++++++++<br \/>\ne is 65537 (0x10001)<br \/>\nEnter pass phrase for userkey.pem:<b>&lt;enter your pass-phrase&gt;<\/b><br \/>\nVerifying - Enter pass phrase for userkey.pem:<b>&lt;re-enter your pass-phrase&gt;<\/b><\/span><\/p>\n<\/blockquote>\n<h3 style=\"font-family:Arial;\">\u751f\u6210\u7528\u6237\u8bc1\u4e66\u8bf7\u6c42<\/h3>\n<p style=\"font-family:Arial;\">\u53c2\u7167 CA \u7684\u8bc1\u4e66\u8bf7\u6c42\u751f\u6210\u8fc7\u7a0b\uff0c\u4f7f\u7528\u5982\u4e0b\u547d\u4ee4\u751f\u6210\u65b0\u7684\u8bc1\u4e66\u8bf7\u6c42\uff1a<\/p>\n<blockquote>\n<p><span style=\"font-family:Courier;font-size:x-small;\">$ openssl req -new -days 365 -key userkey.pem -out userreq.pem<br \/>\nEnter pass phrase for userkey.pem:<span style=\"font-weight:bold;\">&lt;enter your pass-phrase&gt;<\/span><br \/>\nYou are about to be asked to enter information that will be incorporated<br \/>\ninto your certificate request.<br \/>\nWhat you are about to enter is what is called a Distinguished Name or a DN.<br \/>\nThere are quite a few fields but you can leave some blank<br \/>\nFor some fields there will be a default value,<br \/>\nIf you enter '.', the field will be left blank.<br \/>\n-----<br \/>\nCountry Name (2 letter code) [AU]:<span style=\"font-weight:bold;\">CN<\/span><br \/>\nState or Province Name (full name) [Some-State]:<span style=\"font-weight:bold;\">ZJ<\/span><br \/>\nLocality Name (eg, city) []:<span style=\"font-weight:bold;\">HZ<\/span><br \/>\nOrganization Name (eg, company) [Internet Widgits Pty Ltd]:<span style=\"font-weight:bold;\">Some Ltd. Corp.<\/span><br \/>\nOrganizational Unit Name (eg, section) []:<span style=\"font-weight:bold;\">Some Other Unit<\/span><br \/>\nCommon Name (eg, YOUR name) []:<span style=\"font-weight:bold;\">Another<\/span><br \/>\nEmail Address []:<span style=\"font-weight:bold;\">another@email.com<\/span><\/p>\n<p>Please enter the following 'extra' attributes<br \/>\nto be sent with your certificate request<br \/>\nA challenge password []:<br \/>\nAn optional company name []:<\/span><\/p>\n<\/blockquote>\n<h3 style=\"font-family:Arial;\">\u7b7e\u53d1\u7528\u6237\u8bc1\u4e66<\/h3>\n<p style=\"font-family:Arial;\">\u73b0\u5728\uff0c\u6211\u4eec\u53ef\u4ee5\u7528\u5148\u524d\u5efa\u7acb\u7684 CA \u6765\u5bf9\u7528\u6237\u7684\u8bc1\u4e66\u8bf7\u6c42\u8fdb\u884c\u7b7e\u540d\u6765\u4e3a\u7528\u6237\u7b7e\u53d1\u8bc1\u4e66\u4e86\u3002\u4f7f\u7528\u5982\u4e0b\u547d\u4ee4\uff1a<\/p>\n<p style=\"font-family:Courier;margin-left:40px;\">$ openssl ca -<span lang=\"en-us\">in userreq.pem -out usercert.pem<\/span><\/p>\n<h4 style=\"font-family:Arial;\"><u>\u53c2\u6570\u89e3\u91ca<\/u><\/h4>\n<p><span style=\"font-family:Courier;\">ca<\/span><\/p>\n<blockquote style=\"font-family:Arial;\">\n<p>\u7528\u4e8e\u6267\u884c CA \u76f8\u5173\u64cd\u4f5c\u7684 OpenSSL \u547d\u4ee4\u3002<\/p>\n<\/blockquote>\n<p><span style=\"font-family:Courier;\">-in userreq.pem<\/span><\/p>\n<blockquote style=\"font-family:Arial;\">\n<p>\u6307\u5b9a\u7528\u6237\u8bc1\u4e66\u8bf7\u6c42\u6587\u4ef6\u4e3a <span style=\"font-family:Courier;\">userreq.pem<\/span> \u3002<\/p>\n<\/blockquote>\n<p><span style=\"font-family:Courier;\">-out usercert.pem<\/span><\/p>\n<blockquote style=\"font-family:Arial;\">\n<p>\u6307\u5b9a\u8f93\u51fa\u7684\u7528\u6237\u8bc1\u4e66\u6587\u4ef6\u4e3a <span style=\"font-family:Courier;\">usercert.pem<\/span> \u3002<\/p>\n<\/blockquote>\n<p style=\"font-family:Arial;\">\u8be5\u547d\u4ee4\u8981\u6c42\u7528\u6237\u8f93\u5165\u5bc6\u94a5\u53e3\u4ee4\u5e76\u8f93\u51fa\u76f8\u5173\u8bc1\u4e66\u4fe1\u606f\uff0c\u8bf7\u6c42\u7528\u6237\u786e\u8ba4\uff1a<\/p>\n<p style=\"font-family:Courier;margin-left:40px;\"><span lang=\"en-us\"><span style=\"font-size:x-small;\">Using configuration from \/usr\/lib\/ssl\/openssl.cnf<br \/>\nEnter pass phrase for .\/demoCA\/private\/cakey.pem:<span style=\"font-weight:bold;\">&lt;enter your pass-phrase&gt;<\/span><br \/>\nCheck that the request matches the signature<br \/>\nSignature ok<br \/>\nCertificate Details:<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Serial Number: 2 (0x2)<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Validity<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Not Before: Jan 16 14:50:22 2008 GMT<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Not After : Jan 15 14:50:22 2009 GMT<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Subject:<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; countryName&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; = CN<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; stateOrProvinceName&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; = ZJ<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; organizationName&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; = Some Ltd. Corp.<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; organizationalUnitName&nbsp;&nbsp;&nbsp; = Some Other Unit<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; commonName&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; = Another<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; emailAddress&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; = another@email.com<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; X509v3 extensions:<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; X509v3 Basic Constraints:<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; CA:FALSE<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Netscape Comment:<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; OpenSSL Generated Certificate<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; X509v3 Subject Key Identifier:<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 97:E7:8E:84:B1:45:27:83:94:A0:DC:24:79:7B:83:97:99:0B:36:A9<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; X509v3 Authority Key Identifier:<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; keyid:D9:87:12:94:B2:20:C7:22:AB:D4:D5:DF:33:DB:84:F3:B0:4A:EC:A2<\/p>\n<p>Certificate is to be certified until Jan 15 14:50:22 2009 GMT (365 days)<br \/>\nSign the certificate? [y\/n]:<span style=\"font-weight:bold;\">y<\/span><\/p>\n<p>\n1 out of 1 certificate requests certified, commit? [y\/n]<span style=\"font-weight:bold;\">y<\/span><br \/>\nWrite out database with 1 new entries<br \/>\nData Base Updated<\/span><\/span><\/p>\n<p><span style=\"font-family:Arial;\"><span lang=\"en-us\">\u81f3\u6b64\uff0c\u6211\u4eec\u4fbf\u5b8c\u6210\u4e86 CA \u7684\u5efa\u7acb\u53ca\u7528\u6237\u8bc1\u4e66\u7b7e\u53d1\u7684\u5168\u90e8\u5de5\u4f5c\u3002<\/span>\u4e0d\u59a8\u628a\u6240\u6709 shell \u547d\u4ee4\u653e\u5230\u4e00\u8d77\u7eb5\u89c8\u4e00\u4e0b\uff1a<\/span> <\/p>\n<blockquote>\n<p><span style=\"font-family:Courier;font-size:x-small;\"># \u5efa\u7acb CA \u76ee\u5f55\u7ed3\u6784<br \/>\nmkdir -p .\/demoCA\/{private,newcerts}<br \/>\ntouch .\/demoCA\/index.txt<br \/>\necho 01 &gt; .\/demoCA\/serial<\/p>\n<p># \u751f\u6210 CA \u7684 RSA \u5bc6\u94a5\u5bf9<br \/>\nopenssl genrsa -des3 -out .\/demoCA\/private\/cakey.pem 2048<\/p>\n<p># \u751f\u6210 CA \u8bc1\u4e66\u8bf7\u6c42<br \/>\nopenssl req -new -days 365 -key .\/demoCA\/private\/cakey.pem -out careq.pem<\/p>\n<p># \u81ea\u7b7e\u53d1 CA \u8bc1\u4e66<br \/>\nopenssl ca -selfsign -in careq.pem -out .\/demoCA\/cacert.pem<\/p>\n<p># \u4ee5\u4e0a\u4e24\u6b65\u53ef\u4ee5\u5408\u4e8c\u4e3a\u4e00<br \/>\nopenssl req -new -x509 -days 365 -key .\/demoCA\/private\/cakey.pem -out .\/demoCA\/cacert.pem<\/p>\n<p># \u751f\u6210\u7528\u6237\u7684 RSA \u5bc6\u94a5\u5bf9<br \/>\nopenssl genrsa -des3 -out userkey.pem<\/p>\n<p># \u751f\u6210\u7528\u6237\u8bc1\u4e66\u8bf7\u6c42<br \/>\nopenssl req -new -days 365 -key userkey.pem -out userreq.pem<\/p>\n<p># \u4f7f\u7528 CA \u7b7e\u53d1\u7528\u6237\u8bc1\u4e66<br \/>\nopenssl ca -in userreq.pem -out usercert.pem<\/span><\/p>\n<p><span style=\"font-family:Courier;font-size:x-small;\"># \u540a\u9500\u8bc1\u4e66\uff0c \u5176\u4e2dcrlexts \u6307\u5b9a\u662f\u5426\u5728\u540a\u9500\u8bc1\u4e66\u4e2d\u663e\u793a\u66f4\u65b0\u70b9<\/span><span style=\"font-family:Courier;font-size:x-small;\"><br \/>\nopenssl ca -gencrl -crldays 365 -crlexts crl_ext -out %CRL_PATH% -config %DIR%openssl.cnf<\/span><\/p>\n<\/blockquote>\n<p style=\"font-family:Arial;\">\u4e86\u89e3\u4e86\u8fd9\u4e9b\u57fa\u7840\u6b65\u9aa4\u4e4b\u540e\uff0c\u5c31\u53ef\u4ee5\u901a\u8fc7\u811a\u672c\u751a\u81f3 makefile \u7684\u65b9\u5f0f\u6765\u5c06\u8fd9\u4e9b\u5de5\u4f5c\u81ea\u52a8\u5316\u3002 <span style=\"font-family:Courier;\">CA.pl<\/span> \u548c <span style=\"font-family:Courier;\">CA.sh<\/span> \u4fbf\u662f\u5bf9 OpenSSL \u7684 CA \u76f8\u5173\u529f\u80fd\u7684\u7b80\u5355\u5c01\u88c5\uff0c\u5728 Debian \u7cfb\u7edf\u4e2d\uff0c\u5b89\u88c5\u4e86 OpenSSL \u540e\uff0c\u53ef\u4ee5\u5728 <span style=\"font-family:Courier;\">\/usr\/lib\/ssl\/misc\/<\/span> \u76ee\u5f55\u4e0b\u627e\u5230\u8fd9\u4e24\u4e2a\u6587\u4ef6\u3002\u800c makefile \u7684\u89e3\u51b3\u65b9\u6848\u5219\u53ef\u4ee5\u53c2\u8003<a href=\"http:\/\/sial.org\/howto\/openssl\/ca\/\" rel=\"nofollow\">\u8fd9\u91cc<\/a>\u3002<\/p>\n<h2 style=\"font-family:Arial;\">\u53c2\u8003\u6587\u732e<\/h2>\n<ul style=\"font-family:Arial;\">\n<li>The Open\u2013source PKI Book: A guide to PKIs and Open\u2013source Implementations, Initialisation of the Certification Authority<br \/>\n<a href=\"http:\/\/ospkibook.sourceforge.net\/docs\/OSPKI-2.4.7\/OSPKI-html\/initialisation.htm\" rel=\"nofollow\" target=\"_blank\">http:\/\/ospkibook.sourceforge.net\/docs\/OSPKI-2.4.7\/OSPKI-html\/initialisation.htm<\/a><\/li>\n<li>OpenSSL: Documents, OpenSSL(1)<br \/>\n<a href=\"http:\/\/www.openssl.org\/docs\/apps\/openssl.html\" rel=\"nofollow\" target=\"_blank\">http:\/\/www.openssl.org\/docs\/apps\/openssl.html<\/a><\/li>\n<li>OpenSSL Certificate Authority Setup<br \/>\n<a href=\"http:\/\/sial.org\/howto\/openssl\/ca\/\" rel=\"nofollow\">http:\/\/sial.org\/howto\/openssl\/ca\/<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<h2><b><span style=\"font-family:Arial;\">\u5efa\u7acb CA<\/span><\/b><\/h2>\n<h3 style=\"font-family:Arial;\">\u5efa\u7acb CA \u76ee\u5f55\u7ed3\u6784<\/h3>\n<p style=\"font-family:Arial;\">\u6309\u7167 OpenSSL \u7684\u9ed8\u8ba4\u914d\u7f6e\u5efa\u7acb CA \uff0c\u9700\u8981\u5728\u6587\u4ef6\u7cfb\u7edf\u4e2d\u5efa\u7acb\u76f8\u5e94\u7684\u76ee\u5f55\u7ed3\u6784\u3002\u76f8\u5173\u7684\u914d\u7f6e\u5185\u5bb9\u4e00\u822c\u4f4d\u4e8e <span style=\"font-family:Courier;\">\/usr\/ssl\/openssl.cnf<\/span> \u5185\uff0c\u8be6\u60c5\u53ef\u53c2\u89c1 config (1) \u3002\u5728\u7ec8\u7aef\u4e2d\u4f7f\u7528\u5982\u4e0b\u547d\u4ee4\u5efa\u7acb\u76ee\u5f55\u7ed3\u6784\uff1a<\/p>\n<blockquote>\n<p><span style=\"font-family:Courier;\">$ mkdir -p .\/demoCA\/{private,newcerts}<br \/>\n$ touch .\/demoCA\/index.txt<br \/>\n$ echo 01 &gt; .\/demoCA\/serial<\/span><\/p>\n<\/blockquote>\n<p style=\"font-family:Arial;\">\u4ea7\u751f\u7684\u76ee\u5f55\u7ed3\u6784\u5982\u4e0b\uff1a<\/p>\n<blockquote>\n<p><span style=\"font-family:Courier;\">.<br \/>\n`-- demoCA\/<br \/>\n&nbsp;&nbsp;&nbsp; |-- index.txt<br \/>\n&nbsp;&nbsp;&amp;nbs...<\/span><\/p>\n<\/blockquote>\n<p> <a href=\"https:\/\/www.xiaobo.li\/notes\/archives\/237\">\u7ee7\u7eed\u9605\u8bfb <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[273],"tags":[77,78],"class_list":["post-237","post","type-post","status-publish","format-standard","hentry","category-article","tag-ca","tag-ssl"],"_links":{"self":[{"href":"https:\/\/www.xiaobo.li\/notes\/wp-json\/wp\/v2\/posts\/237","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.xiaobo.li\/notes\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.xiaobo.li\/notes\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.xiaobo.li\/notes\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.xiaobo.li\/notes\/wp-json\/wp\/v2\/comments?post=237"}],"version-history":[{"count":0,"href":"https:\/\/www.xiaobo.li\/notes\/wp-json\/wp\/v2\/posts\/237\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.xiaobo.li\/notes\/wp-json\/wp\/v2\/media?parent=237"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.xiaobo.li\/notes\/wp-json\/wp\/v2\/categories?post=237"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.xiaobo.li\/notes\/wp-json\/wp\/v2\/tags?post=237"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}