Chinaunix首页 | 论坛 | 博客
  • 博客访问: 1798442
  • 博文数量: 184
  • 博客积分: 10122
  • 博客等级: 上将
  • 技术积分: 5566
  • 用 户 组: 普通用户
  • 注册时间: 2005-12-08 12:32
文章存档

2011年(1)

2008年(183)

我的朋友

分类: LINUX

2008-03-08 12:31:08

[root@dhcp demoCA]# openssl ca -gencrl -keyfile private/cakey.pem
Using configuration from /usr/share/ssl/openssl.cnf
Enter pass phrase for private/cakey.pem:
Error opening CA certificate ./demoCA/cacert.pem
3806:error:02001002:system library:fopen:No such file or directory:bss_file.c:259:fopen('./demoCA/cacert.pem','r')
3806:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:
unable to load certificate
[root@dhcp demoCA]#
 
发现是路径错误,必须进入 demoCA/ 的上一层
 
所以 ca 子命令必须在 demoCA/ 目录的上级目录执行
 
[root@dhcp conf]# pwd
/etc/httpd/conf
[root@dhcp conf]#
 
[root@dhcp conf]# openssl ca -gencrl -keyfile demoCA/private/cakey.pem  -out demoCA/crl/local-crl.pem
Using configuration from /usr/share/ssl/openssl.cnf
Enter pass phrase for demoCA/private/cakey.pem:
[root@dhcp conf]#
 

[root@dhcp conf]# ll demoCA/
total 32
-rw-r--r--  1 root root 1224 Feb 23 10:25 cacert.pem
drwxr-xr-x  2 root root 4096 Feb 23 10:24 certs
drwxr-xr-x  2 root root 4096 Feb 23 10:44 crl
-rw-r--r--  1 root root  116 Feb 23 10:38 index.txt
-rw-r--r--  1 root root    0 Feb 23 10:24 index.txt.old  # 注释 :CA -signkey 时备份的
drwxr-xr-x  2 root root 4096 Feb 23 10:38 newcerts
drwxr-xr-x  2 root root 4096 Feb 23 10:24 private
-rw-r--r--  1 root root    3 Feb 23 10:38 serial
-rw-r--r--  1 root root    3 Feb 23 10:24 serial.old      # 注释 :同上
[root@dhcp conf]#
 

[root@dhcp conf]# ll demoCA/crl/local-crl.pem
-rw-r--r--  1 root root 499 Feb 23 10:44 demoCA/crl/local-crl.pem
[root@dhcp conf]#
 
[root@dhcp conf]# openssl crl -text -in demoCA/crl/local-crl.pem    
Certificate Revocation List (CRL):
        Version 1 (0x0)
        Signature Algorithm: md5WithRSAEncryption
        Issuer:

        Last Update: Feb 23 02:44:31 2008 GMT                    # 注释 :这个 CRL 是 2008-02-23 10:44:31 生成的
        Next Update: Mar 24 02:44:31 2008 GMT                    # 注释 :下次更新的时间是1个月后,也就是 2008-03-24 10:44:31

No Revoked Certificates.                                                  # 注释:目前没有被收回的证书
    Signature Algorithm: md5WithRSAEncryption
        ba:83:b5:a4:15:cc:ba:e8:44:14:c6:5f:03:18:f2:74:3f:71:
        3a:4a:d7:8a:5c:b7:48:73:ab:8b:21:61:59:82:94:04:6c:57:
        32:6a:79:3d:5d:d1:19:61:12:e3:71:5b:66:fb:62:23:d4:d7:
        29:34:bd:a0:a4:39:63:42:14:e6:98:c8:14:83:a2:a5:08:d6:
        c8:21:e8:71:f9:94:11:8a:b8:38:bf:b6:73:49:e7:b9:1d:11:
        d2:c0:74:e9:92:a5:3f:f5:ca:3a:ed:1a:9c:91:52:0a:33:14:
        ea:43:9b:17:bb:7c:f9:70:80:05:8d:55:10:da:2c:f6:9a:e0:
        cf:d7
-----BEGIN X509 CRL-----
MIIBRzCBsTANBgkqhkiG9w0BAQQFADCBgTELMAkGA1UEBhMCQ04xCzAJBgNVBAgT
AkdEMQswCQYDVQQHEwJHWjEOMAwGA1UEChMFR1pOQVAxFDASBgNVBAsTC01haW50
ZW5hbmNlMRUwEwYDVQQDEwxtYWlsLmJvYi5jb20xGzAZBgkqhkiG9w0BCQEWDGFp
bG1zQHFxLmNvbRcNMDgwMjIzMDI0NDMxWhcNMDgwMzI0MDI0NDMxWjANBgkqhkiG
9w0BAQQFAAOBgQC6g7WkFcy66EQUxl8DGPJ0P3E6SteKXLdIc6uLIWFZgpQEbFcy
ank9XdEZYRLjcVtm+2Ij1NcpNL2gpDljQhTmmMgUg6KlCNbIIehx+ZQRirg4v7Zz
See5HRHSwHTpkqU/9co67RqckVIKMxTqQ5sXu3z5cIAFjVUQ2iz2muDP1w==
-----END X509 CRL-----
[root@dhcp conf]#
 

 
阅读(2698) | 评论(0) | 转发(1) |
给主人留下些什么吧!~~