vsftp的ssl配置
时间:2016-09-25 12:05 来源:潇湘夜雨 作者:华嵩阳 点击:次
1.配置颁发证书的根机构
[root@localhost ~]# cd /etc/pki
[root@localhost pki]# ls
CA ca-trust java nssdb rpm-gpg rsyslog tls
[root@localhost pki]# vim tls/openssl.cnf
dir = /etc/pki/CA ##查看证书路径,避免生产证书时找不到文件
[root@localhost pki]# cd CA/
[root@localhost CA]# ls #创建如下目录,一般都已创建
certs crl newcerts private
[root@localhost CA]# ls certs/
[root@localhost CA]# touch index.txt serial
[root@localhost CA]# ls
certs crl index.txt newcerts private serial
[root@localhost CA]# echo '01' >serial ##证书的序列号从1开始
[root@localhost CA]# open
open open_init_pty openssl openvt
[root@localhost CA]# openssl genrsa 1024 > private/cakey.pem ##产生私钥
Generating RSA private key, 1024 bit long modulus
...........++++++
...................................++++++
e is 65537 (0x10001)
[root@localhost CA]# chmod 600 private/* ##更改权限
[root@localhost CA]# openssl req -new -key private/cakey.pem -x509 -out cacert.pem -days 3650 ##产生证书
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:sichuan
Locality Name (eg, city) [Default City]:chendu
Organization Name (eg, company) [Default Company Ltd]:liangzonghua.com.cn
Organizational Unit Name (eg, section) []:lzh
Common Name (eg, your name or your server's hostname) []:liangzonghua #一般输入ca服务器的主机名
Email Address []:2606380155@qq.com #可省略
2.为ftp申请证书
[root@localhost CA]# mkdir /etc/vsftpd/certs #创建存放私有钥匙,证书等信息的目录
[root@localhost CA]# cd /etc/vsftpd/certs/
[root@localhost certs]# openssl genrsa 1024 >vsftpd.key #产生钥匙
[root@localhost certsopenssl req -new -key vsftpd.key -out vsftpd.csr #向根机构请求证书
[root@localhost certs]# openssl req -new -key vsftpd.key -out vsftpd.csr
[root@localhost certs]# openssl req -new -key vsftpd.key -out vsftpd.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:sichuan
Locality Name (eg, city) [Default City]:chendu
Organization Name (eg, company) [Default Company Ltd]:liangzonghua.com.cn
Organizational Unit Name (eg, section) []:lzh #前面的选项和根证书一致
Common Name (eg, your name or your server's hostname) []:ftp.liangzonghua #主机名自定义
Email Address []: #不填
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: (责任编辑:liangzh) |