In order for the web browser to successfully autheticate the web server,we need to create a valid web server certificate,which should contain:
・*the public key of the web server
・validity dates(Start Expiration)
・supported cipher algorithms
・*the distinguish name (DN),which must contain fully qualified domain name of the web server known as the Common name (CN)...
・the serial number of the certificate
・name and signature of trusted Certified Authority (CA)
・X.509 extension attributes and more.
■kCreating the Web Server Certificate
in general,there are three types of certificates that we can use:
・A self-signed certificate
・*A certificate signed by a local CA(in intranet environment)
・A certificate signed by trust CA(in internet environment)
server.key~the private key of server
server.crt~include web server's public key
・Self-signed certificate(for test purpose only)
$openssl req -new -x509 -days 365 -sha1 -nodes -newkey rsa:1024 -keyout server.key -out server.crt -sbuj'XXXXX'
・certificate signed by a local CA
#mkdir ca
#mkdir certs
#mkdir certs
阅读(750) | 评论(0) | 转发(0) |
