[root@chen ~]
Generating RSA private key, 2048 bit long modulus
..................+++
.....................+++
e is 65537 (0x10001)
[root@chen ~]
[root@chen private]
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAydNdaHEea6lQpeMOof1bARNbNjerS+CG6bZWxYp3FVIEsqnQ
5dGZ9uvWFcN3XWAb3nTQR0cEjULIkLQS
/RnoQA3t9uy83
+PmL7imXnB6eDhBXOhb
QYXjAyShhR
/Y
+OHBJT6HhDZYxqNPoKIxi7ObJVmG6ovuE8P5SQJl5bX21
/YB
+CmJ
PpoY37WVd4lJagECSK2NjIuMCdMnmIKZIZgCU3XKnw1kDsG8DJXj7ZVuiimxgspM
wyXFI94vHDVxQ7mEJiIBT3F9rn95+Fy35p+fHBcXS4Iw+gJaa4GZeOuYaNxdwI9l
9nLwx9hW69UJ0wcuJQGc8kyN8AFul
/sh2aWExQIDAQABAoIBAQC4snRN6w9CyVzj
oqm2dsv8bQFQ2ZsqQhxU7yfzeWbHHRrtgdiJKMq0nFh77DhlPFnkt5QPVp+EwrQX
MKQb+cSAMf8utLGYVtBFpb6iuF5rfFfctUsl6Ge6baBe2qlOAhMmiVWtGasehT+O
qj+bME9v28FLDalfbz3HoakskdyG
/ptb6MEh/8Z4bAFovyYfI
+IY+P3dzDd018Sv
V6wgj+A11wmhNUyete++DoO
/JJtQJZuh0LeN4eg2W51M9vnnH7hrosyRwHfcYioU
SUoKEWs4Md78zVL7IeFcRwV3mSgm356u9SKl2gs+X9Qpb9Uyt5zs1q2jxGxwoe5s
ige9ERbVAoGBAPBIoELS4Cvdr1McaYbvnU6XfCVuWti0ZFDKcEaK2XUz2xMaCeBV
WPfNHq0PiC52RG8h0f9cqSt6m3rB8
/5HjTuf9fyv2C6rnpUxfzqZ0P3euMBPIMHM
e2nBwr6hOMNeQwxs6YfXILlcRzMub4c4jqxNGESrWoQTogFe4TEINoe
/AoGBANcG
yXsZRwI76lPEm5Z8eyFiHqKAq+QazyZoH1xXW6ByqtDA6toqHGOtuzhUIwR2HfiG
O2I3CWYVnIxWcnBMvdJ4XwIORVzfG9sh6fBqCRbYd2LhD6xTXPqq6dfssT
/qI2ql
Cy5PNc0Q2XDFdar0dpIjbjcYuxGPlPPlDtdwALR7AoGBAJtZKRvrAHn72nVuYh+W
XWrJb783iM6gWlcNeudwr8UhoJrJ8+aw51NWr2WOLCp11irPf9iMjOcKXulP6jLV
Cc+pzLzw52DNHjsxBCPb
/I2V6HaU8gW58XRfjEv5KhzNnaWz6IwlnweYTIQfmoWf
IEbvlSgYbO4FT3F5aThtKew7AoGADojo6adFw4LlThBGLB
/x
+sm1JGrqM5sUUZZM
OGO3T9swbLf9qA2cqag+tYoKa+zIDdqU
/QiXXA0t7daSGcE2O5njYjIwwhxat69N
LvEb+C1dtJNeCdoAuPkAoZXgTV+4USci4Fh+XIQ9DoBqecnYkfxPIO5NBtzbxri/
DhUGFy0CgYB6Q0T2w3e8SkgF6FSgqIe4u5vio6RCsPIVhHuuZacOgeyzAqCEwQJg
b3SDZIexAUyPAnhNtkllnAYSKdFa97fXyGUdLNh0otj74C9Na6yLrUQ8zdEC1o3u
VOJyOO57bfBykghXYi9JN+29sBB0YOj9uDE0nOUImR95eiwKsP5QXg==
-----END RSA PRIVATE KEY-----
[root@chen private]
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter
'.'
, the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:beijing
Locality Name (eg, city) [Default City]:bj
Organization Name (eg, company) [Default Company Ltd]:chen.com
Organizational Unit Name (eg, section) []:alren_1
Common Name (eg, your name or your server's
hostname
) []:www.alren.com
Email Address []:admin@chen.com
Please enter the following
'extra'
attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@chen private]
httpd.csr httpd.key
[root@chen private]
[root@centos6 CA]
[root@centos6 CA]
cacert.pem certs crl httpd.csr index.txt newcerts private serial
[root@centos6 CA]
Using configuration from
/etc/pki/tls/openssl
.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Sep 22 23:43:02 2016 GMT
Not After : Sep 22 23:43:02 2017 GMT
Subject:
countryName = CN
stateOrProvinceName = beijing
organizationName = chen.com
organizationalUnitName = alren_1
commonName = www.alren.com
emailAddress = admin@chen.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
CA:82:B2:CF:4A:A2:49:9B:1D:46:84:04:F8:C6:F6:0D:E0:49:B7:A4
X509v3 Authority Key Identifier:
keyid:26:A2:98:70:1F:8A:3B:A3:A1:05:0E:8B:79:34:C5:66:FA:B9:A6:D9
Certificate is to be certified
until
Sep 22 23:43:02 2017 GMT (365 days)
Sign the certificate? [y
/n
]:y
1 out of 1 certificate requests certified, commit? [y
/n
]y
Write out database with 1 new entries
Data Base Updated
[root@centos6 CA]
cacert.pem crl index.txt index.txt.old private serial.old
certs httpd.csr index.txt.attr newcerts serial
[root@centos6 CA]
unique_subject =
yes
[root@centos6 CA]
V 170922234302Z 01 unknown
/C
=CN
/ST
=beijing
/O
=chen.com
/OU
=alren_1
/CN
=www.alren.com
/emailAddress
=admin@chen.com
[root@centos6 CA]
02
[root@centos6 CA]
[root@centos6 certs]
httpd.crt
[root@centos6 certs]
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=CN, ST=beijing, L=bj, O=chen.com, OU=alren_1, CN=centos6.localdomain
/emailAddress
=alren@163.com
Validity
Not Before: Sep 22 23:43:02 2016 GMT
Not After : Sep 22 23:43:02 2017 GMT
Subject: C=CN, ST=beijing, O=chen.com, OU=alren_1, CN=www.alren.com
/emailAddress
=admin@chen.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c9:d3:5d:68:71:1e:6b:a9:50:a5:e3:0e:a1:fd:
5b:01:13:5b:36:37:ab:4b:e0:86:e9:b6:56:c5:8a:
77:15:52:04:b2:a9:d0:e5:d1:99:f6:eb:d6:15:c3:
77:5d:60:1b:de:74:d0:47:47:04:8d:42:c8:90:b4:
12:fd:19:e8:40:0d:ed:f6:ec:
bc
:
df
:e3:e6:2f:b8:
a6:5e:70:7a:78:38:41:5c:e8:5b:41:85:e3:03:24:
a1:85:1f:d8:f8:e1:c1:25:3e:87:84:36:58:c6:a3:
4f:a0:a2:31:8b:b3:9b:25:59:86:ea:8b:ee:13:c3:
f9:49:02:65:e5:b5:f6:d7:f6:01:f8:29:89:3e:9a:
18:
df
:b5:95:77:89:49:6a:01:02:48:ad:8d:8c:8b:
8c:09:d3:27:98:82:99:21:98:02:53:75:ca:9f:0d:
64:0e:c1:
bc
:0c:95:e3:ed:95:6e:8a:29:b1:82:ca:
4c:c3:25:c5:23:de:2f:1c:35:71:43:b9:84:26:22:
01:4f:71:7d:ae:7f:79:f8:5c:b7:e6:9f:9f:1c:17:
17:4b:82:30:fa:02:5a:6b:81:99:78:eb:98:68:
dc
:
5d:c0:8f:65:f6:72:f0:c7:d8:56:eb:d5:09:d3:07:
2e:25:01:9c:f2:4c:8d:f0:01:6e:97:fb:21:d9:a5:
84:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
CA:82:B2:CF:4A:A2:49:9B:1D:46:84:04:F8:C6:F6:0D:E0:49:B7:A4
X509v3 Authority Key Identifier:
keyid:26:A2:98:70:1F:8A:3B:A3:A1:05:0E:8B:79:34:C5:66:FA:B9:A6:D9
Signature Algorithm: sha1WithRSAEncryption
5f:b8:37:e2:e5:e0:5e:65:99:60:9f:2f:5a:81:7e:55:e7:
dc
:
85:94:
bc
:d0:ae:82:db:c0:
cd
:bb:0c:7c:7d:6e:97:41:35:94:
71:d9:
bc
:a4:3e:76:d1:4e:09:3d:a2:a9:5e:a2:24:9c:98:f3:
ac:7d:ea:f0:f2:ff:17:0d:47:fb:47:04:d6:29:7f:d8:3a:08:
df
:33:45:8c:15:2a:a0:be:03:
dc
:4e:9c:91:ef:a1:99:a8:6d:
f2:4c:10:1d:9c:7b:23:28:0a:17:bd:cf:c4:2d:c6:07:d1:73:
48:2c:f9:a0:0f:2a:21:d0:f7:a4:9c:85:d5:75:02:c0:09:19:
97:b8:aa:1d:e0:e3:8a:39:29:f5:4c:d7:69:01:e8:e6:50:91:
fe:75:8a:3d:75:1c:
df
:94:36:01:32:43:4e:9c:49:f4:4c:f2:
d9:85:9d:45:89:7f:6d:47:a9:48:48:
bc
:b3:8b:ed:06:34:f5:
30:6e:c9:8f:a9:54:f6:6d:e7:2d:ce:03:9d:2f:ea:fa:47:fa:
ee:13:f2:26:3b:a8:7a:e8:fd:66:ae:c6:97:37:03:a7:e8:c7:
ad:c3:d9:e1:b1:b9:b0:61:ba:34:ea:80:6b:42:e4:d9:b7:38:
0d:49:13:b1:89:2f:ca:a0:aa:69:e5:95:c0:c0:e3:ba:af:9f:
68:80:5a:4f
[root@centos6 certs]
[root@centos6 certs]
[root@centos6 certs]
Using configuration from
/etc/pki/tls/openssl
.cnf
Revoking Certificate 01.
Data Base Updated
[root@centos6 certs]
[root@centos6 CA]
cacert.pem crl index.txt index.txt.attr.old newcerts serial
certs httpd.csr index.txt.attr index.txt.old private serial.old
[root@centos6 CA]
R 170922234302Z 160922234706Z 01 unknown
/C
=CN
/ST
=beijing
/O
=chen.com
/OU
=alren_1
/CN
=www.alren.com
/emailAddress
=admin@chen.com
[root@centos6 CA]
[root@centos6 CA]
crl/ crlnumber
[root@centos6 CA]
Using configuration from
/etc/pki/tls/openssl
.cnf
[root@centos6 CA]
-----BEGIN X509 CRL-----
MIIB
/TCB5gIBATANBgkqhkiG9w0BAQUFADCBjTELMAkGA1UEBhMCQ04xEDAOBgNV
BAgMB2JlaWppbmcxCzAJBgNVBAcMAmJqMREwDwYDVQQKDAhjaGVuLmNvbTEQMA4G
A1UECwwHYWxyZW5fMTEcMBoGA1UEAwwTY2VudG9zNi5sb2NhbGRvbWFpbjEcMBoG
CSqGSIb3DQEJARYNYWxyZW5AMTYzLmNvbRcNMTYwOTIyMjM1MDU0WhcNMTYxMDIy
MjM1MDU0WjAUMBICAQEXDTE2MDkyMjIzNDcwNlqgDjAMMAoGA1UdFAQDAgEBMA0G
CSqGSIb3DQEBBQUAA4IBAQADo6PBGbyqpM+noDuaDZxy349jgqcmRLCPDYKRZ4L+
1PyRTVhuIZztSUu2u5x7ZEYx3jyR7rFY8tpHRYT4ZnJe9ol4pTUb8INNx0lIZ4r1
hGlKWKQSDS3WVrQnCswBhWcAccd9wU2+YTj4m7f1drTbu6d5elfaZR1yKsTLnZdV
ESKmr4MXjcD0F80Q8Dc0hpKVKt71JiDwJt0WuHI6XPz90ta8EAN7Ry87Aj8f9
/HD
LDnOWEEA50F7JgUQgFKI72wvekQoZ9Cj
/KeFbOov
+wde7+uCGNqRcPLznnTxVz8a
e0
/e9HGQaDLGKDoN/vxVXCRQ030fZrPzag810yqSxxgZ
-----END X509 CRL-----
[root@centos6 CA]
Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer:
/C
=CN
/ST
=beijing
/L
=bj
/O
=chen.com
/OU
=alren_1
/CN
=centos6.localdomain
/emailAddress
=alren@163.com
Last Update: Sep 22 23:50:54 2016 GMT
Next Update: Oct 22 23:50:54 2016 GMT
CRL extensions:
X509v3 CRL Number:
1
Revoked Certificates:
Serial Number: 01
Revocation Date: Sep 22 23:47:06 2016 GMT
Signature Algorithm: sha1WithRSAEncryption
03:a3:a3:c1:19:
bc
:aa:a4:cf:a7:a0:3b:9a:0d:9c:72:
df
:8f:
63:82:a7:26:44:b0:8f:0d:82:91:67:82:fe:d4:fc:91:4d:58:
6e:21:9c:ed:49:4b:b6:bb:9c:7b:64:46:31:de:3c:91:ee:b1:
58:f2:da:47:45:84:f8:66:72:5e:f6:89:78:a5:35:1b:f0:83:
4d:c7:49:48:67:8a:f5:84:69:4a:58:a4:12:0d:2d:d6:56:b4:
27:0a:cc:01:85:67:00:71:c7:7d:c1:4d:be:61:38:f8:9b:b7:
f5:76:b4:db:bb:a7:79:7a:57:da:65:1d:72:2a:c4:cb:9d:97:
55:11:22:a6:af:83:17:8d:c0:f4:17:
cd
:10:f0:37:34:86:92:
95:2a:de:f5:26:20:f0:26:
dd
:16:b8:72:3a:5c:fc:fd:d2:d6:
bc
:10:03:7b:47:2f:3b:02:3f:1f:f7:f1:c3:2c:39:ce:58:41:
00:e7:41:7b:26:05:10:80:52:88:ef:6c:2f:7a:44:28:67:d0:
a3:fc:a7:85:6c:ea:2f:fb:07:5e:ef:eb:82:18:da:91:70:f2:
f3:9e:74:f1:57:3f:1a:7b:4f:de:f4:71:90:68:32:c6:28:3a:
0d:fe:fc:55:5c:24:50:d3:7d:1f:66:b3:f3:6a:0f:35:d3:2a:
92:c7:18:19
[root@centos6 CA]