[root@dhcp demoCA]# openssl ca -gencrl
-keyfile private/cakey.pem
Using configuration from
/usr/share/ssl/openssl.cnf
Enter pass phrase for private/cakey.pem:
Error
opening CA certificate ./demoCA/cacert.pem
3806:error:02001002:system
library:fopen:No such file or
directory:bss_file.c:259:fopen('./demoCA/cacert.pem','r')
3806:error:20074002:BIO
routines:FILE_CTRL:system lib:bss_file.c:261:
unable to load
certificate
[root@dhcp demoCA]#
发现是路径错误,必须进入 demoCA/ 的上一层
所以 ca 子命令必须在 demoCA/ 目录的上级目录执行
[root@dhcp conf]#
pwd
/etc/httpd/conf
[root@dhcp conf]#
[root@dhcp conf]# openssl ca -gencrl
-keyfile demoCA/private/cakey.pem -out
demoCA/crl/local-crl.pem
Using configuration from
/usr/share/ssl/openssl.cnf
Enter pass phrase for
demoCA/private/cakey.pem:
[root@dhcp conf]#
[root@dhcp conf]# ll
demoCA/
total 32
-rw-r--r-- 1 root root 1224 Feb 23 10:25
cacert.pem
drwxr-xr-x 2 root root 4096 Feb 23 10:24 certs
drwxr-xr-x 2
root root 4096 Feb 23 10:44 crl
-rw-r--r-- 1 root root 116 Feb 23 10:38
index.txt
-rw-r--r-- 1 root root 0 Feb 23 10:24 index.txt.old # 注释 :CA -signkey 时备份的
drwxr-xr-x 2 root root 4096 Feb
23 10:38 newcerts
drwxr-xr-x 2 root root 4096 Feb 23 10:24
private
-rw-r--r-- 1 root root 3 Feb 23 10:38 serial
-rw-r--r-- 1
root root 3 Feb 23 10:24 serial.old # 注释
:同上
[root@dhcp conf]#
[root@dhcp conf]# ll
demoCA/crl/local-crl.pem
-rw-r--r-- 1 root root 499 Feb 23 10:44
demoCA/crl/local-crl.pem
[root@dhcp conf]#
[root@dhcp conf]# openssl crl -text -in
demoCA/crl/local-crl.pem
Certificate Revocation List
(CRL):
Version 1 (0x0)
Signature Algorithm:
md5WithRSAEncryption
Issuer:
Last Update: Feb 23 02:44:31
2008 GMT # 注释 :这个 CRL 是 2008-02-23 10:44:31 生成的
Next Update: Mar 24 02:44:31 2008 GMT # 注释 :下次更新的时间是1个月后,也就是
2008-03-24 10:44:31
No Revoked
Certificates. # 注释:目前没有被收回的证书
Signature Algorithm:
md5WithRSAEncryption
ba:83:b5:a4:15:cc:ba:e8:44:14:c6:5f:03:18:f2:74:3f:71:
3a:4a:d7:8a:5c:b7:48:73:ab:8b:21:61:59:82:94:04:6c:57:
32:6a:79:3d:5d:d1:19:61:12:e3:71:5b:66:fb:62:23:d4:d7:
29:34:bd:a0:a4:39:63:42:14:e6:98:c8:14:83:a2:a5:08:d6:
c8:21:e8:71:f9:94:11:8a:b8:38:bf:b6:73:49:e7:b9:1d:11:
d2:c0:74:e9:92:a5:3f:f5:ca:3a:ed:1a:9c:91:52:0a:33:14:
ea:43:9b:17:bb:7c:f9:70:80:05:8d:55:10:da:2c:f6:9a:e0:
cf:d7
-----BEGIN X509
CRL-----
MIIBRzCBsTANBgkqhkiG9w0BAQQFADCBgTELMAkGA1UEBhMCQ04xCzAJBgNVBAgT
AkdEMQswCQYDVQQHEwJHWjEOMAwGA1UEChMFR1pOQVAxFDASBgNVBAsTC01haW50
ZW5hbmNlMRUwEwYDVQQDEwxtYWlsLmJvYi5jb20xGzAZBgkqhkiG9w0BCQEWDGFp
bG1zQHFxLmNvbRcNMDgwMjIzMDI0NDMxWhcNMDgwMzI0MDI0NDMxWjANBgkqhkiG
9w0BAQQFAAOBgQC6g7WkFcy66EQUxl8DGPJ0P3E6SteKXLdIc6uLIWFZgpQEbFcy
ank9XdEZYRLjcVtm+2Ij1NcpNL2gpDljQhTmmMgUg6KlCNbIIehx+ZQRirg4v7Zz
See5HRHSwHTpkqU/9co67RqckVIKMxTqQ5sXu3z5cIAFjVUQ2iz2muDP1w==
-----END
X509 CRL-----
[root@dhcp conf]#
阅读(2698) | 评论(0) | 转发(1) |