ca子命令使用事前准备的CSR文件,可通过-selfsign选项指定私钥生成自签名证书。使用req子命令也可以生成自签名证书,自签名证书在实际的使用中用处一般是用来创建ca证书的,上篇文章介绍了如何使用x509子命令结合自签名的ca证书对其他证书签名请求CSR文件进行签名,这篇文章介绍一下使用ca子命令的方式。
可以分别使用genrsa子命令和req -new来分别准备私钥和CSR文件,也可以直接使用req -newkey一次直接生成。
[root@liumiaocn ca]# openssl req -newkey rsa:2048 -keyout ca.key -nodes -out request.csr -subj "/C=CN/ST=LiaoNing/L=DaLian/O=devops/OU=unicorn/CN=devops.com" Generating a RSA private key ...........................+++++ .........+++++ writing new private key to 'ca.key' ----- [root@liumiaocn ca]# ls ca.key request.csr [root@liumiaocn ca]#
确认私钥和CSR内容
[root@liumiaocn ca]# openssl req -text -noout -verify -in request.csr
verify OK
Certificate Request:
Data:
Version: 1 (0x0)
Subject: C = CN, ST = LiaoNing, L = DaLian, O = devops, OU = unicorn, CN = devops.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:18:76:96:e8:29:f6:f0:e7:ad:39:38:31:92:
23:7e:3d:f8:88:5f:8f:5f:27:c7:9c:07:6e:b1:3d:
13:05:85:37:44:a1:1c:e9:d2:05:40:a7:99:e7:92:
0b:6a:2e:4b:1c:54:b6:5f:ea:4e:db:0c:78:64:74:
e8:33:35:bd:f9:6e:65:58:5e:e7:a6:93:c5:32:99:
27:df:e3:34:01:a7:b8:32:18:b3:d1:2d:54:df:ec:
65:99:88:55:12:45:9b:6f:d5:f8:6f:6c:10:fd:85:
c0:f4:ab:38:a9:41:6b:91:42:6f:fd:f3:5c:c9:ec:
e0:f6:5e:81:9d:e1:10:56:ad:16:b9:26:e9:93:23:
20:f0:a3:3c:86:f8:bc:a3:2e:4e:0d:b0:3f:33:9c:
79:c1:0e:8d:37:66:8c:97:d8:78:4a:a8:5f:5a:f9:
1b:d7:b7:cc:8e:c9:24:a3:d6:1b:b0:7e:c4:a8:74:
dc:fb:b5:81:6c:97:69:92:92:39:69:e5:f3:26:12:
aa:af:33:05:31:41:9e:65:90:f0:b7:94:44:9d:41:
7e:b8:04:97:00:b4:2a:50:54:79:bf:35:09:8a:29:
27:39:06:e7:b3:23:c2:cf:43:d1:ec:69:8d:db:5a:
c7:e3:7f:55:09:4f:e4:e0:52:d6:98:fb:b7:1d:38:
4b:c3
Exponent: 65537 (0x10001)
Attributes:
a0:00
Signature Algorithm: sha256WithRSAEncryption
6f:bd:e4:40:de:3f:0b:d1:37:03:74:e3:d6:e3:81:12:d8:bb:
9e:e0:f0:d6:f3:7a:90:80:09:78:c1:8e:2f:22:d3:5e:06:89:
01:10:2f:b3:46:dd:91:95:c9:28:4f:cc:71:fe:cc:a4:70:37:
e7:3d:fb:73:5d:9c:6a:40:b8:7a:bd:93:61:a5:53:7f:ba:59:
b3:c4:47:25:2b:d1:4b:f5:cd:99:df:64:1b:85:19:88:37:5a:
b2:6a:00:26:b0:8e:5e:d4:29:f8:09:eb:bb:75:9b:38:d8:6d:
35:e5:79:b6:fc:fb:e0:f5:1e:03:eb:1e:34:74:f9:f7:e0:f4:
4e:a4:03:ac:17:8a:39:86:82:b4:0c:ed:b1:94:a3:ed:c8:e6:
f2:f7:ef:12:5b:32:50:e4:f2:b0:e4:42:e3:22:84:f1:86:5e:
77:d8:c9:b1:19:df:f1:0d:88:38:1f:2f:af:ad:63:3a:b8:a3:
bf:aa:35:c1:de:84:ff:d3:4a:85:6d:e4:fd:56:a3:f7:72:99:
e0:29:35:35:d3:9b:48:ac:0c:f3:5e:45:7f:a6:21:19:a9:40:
b3:ab:a7:ac:80:4b:e8:84:a0:e7:77:1e:b6:ff:e1:f6:bf:51:
1d:d9:d6:85:6c:7a:ce:c2:00:9a:4e:c3:9c:6b:51:59:a3:ce:
a6:d6:66:43
[root@liumiaocn ca]#
步骤2: 使用CA对CSR文件签名
执行命令:openssl ca -selfsign -keyfile ca.key -in request.csr -out test-cert.crt -config openssl.cnf -days 365 -batch
配置文件设定示例结合前面对配置文件选项的说明,此处使用如下示例配置文件,此配置文件为最小程度所需要配置的内容
[root@liumiaocn ca]# vi openssl.cnf [root@liumiaocn ca]# mkdir newcerts [root@liumiaocn ca]# touch index.txt [root@liumiaocn ca]# echo "01" > serial [root@liumiaocn ca]# cat serial 01 [root@liumiaocn ca]# cat openssl.cnf [ ca ] default_ca = CA_default # The default ca section [ CA_default ] dir = . new_certs_dir = $dir/newcerts # default place for new certs. database = $dir/index.txt # database index file. default_md = sha256 # use SHA-256 by default policy = policy_match serial = $dir/serial # The current serial number [ policy_match ] countryName = match stateOrProvinceName = match organizationName = match organizationalUnitName = optional commonName = supplied emailAddress = optional [root@liumiaocn ca]#
配置说明:配合上述设定内容,所以设定了newcerts目录用于存放新生成的证书存放路径,同时使用设定serial用于存放当前序列号字符串
创建自签名证书[root@liumiaocn ca]# openssl ca -selfsign -keyfile ca.key -in request.csr -out test-cert.crt -config openssl.cnf -days 365 -batch Using configuration from openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'CN' stateOrProvinceName :ASN.1 12:'LiaoNing' localityName :ASN.1 12:'DaLian' organizationName :ASN.1 12:'devops' organizationalUnitName:ASN.1 12:'unicorn' commonName :ASN.1 12:'devops.com' Certificate is to be certified until Dec 14 03:07:57 2020 GMT (365 days) Write out database with 1 new entries Data Base Updated [root@liumiaocn ca]#结果确认
[root@liumiaocn ca]# tree . . ├── ca.key ├── index.txt ├── index.txt.attr ├── index.txt.old ├── newcerts │ └── 01.pem ├── openssl.cnf ├── request.csr ├── serial ├── serial.old └── test-cert.crt 1 directory, 10 files [root@liumiaocn ca]#使用x509子命令进行签名 步骤1: 生成证书签名请求CSR文件
签名的动作是需要求前提的,CSR文件就是这个前提,而实际向各个CA机构进行收费的证书申请也是需要提供CSR文件,只是可能会以另外一种格式出现,最终CA机构也是类似的需要生成类似的CSR文件。
执行示例文件:openssl req -new -out request-dev.csr -nodes -subj “/C=CN/ST=LiaoNing/L=DaLian/O=devops/OU=dev/CN=dev.com”
比如这里生成如下的CSR文件:
[root@liumiaocn ca]# openssl req -new -out request-dev.csr -nodes -subj "/C=CN/ST=LiaoNing/L=DaLian/O=devops/OU=dev/CN=dev.com" Generating a RSA private key ..........................+++++ ........................................................................................................................................................................................................................................................................................+++++ writing new private key to 'privkey.pem' ----- [root@liumiaocn ca]# ls ca.key index.txt.attr newcerts privkey.pem request-dev.csr serial.old index.txt index.txt.old openssl.cnf request.csr serial test-cert.crt [root@liumiaocn ca]#步骤2: 使用x509子命令和ca证书进行签名
使用CA和CAkey指定CA的私钥和证书文件,然后对CSR文件进行签名,得到签名之后的证书文件02.pem
证书签名命令示例:openssl ca -in request-dev.csr -keyfile ca.key -cert newcerts/01.pem -config openssl.cnf -days 90 -batch
[root@liumiaocn ca]# openssl ca -in request-dev.csr -keyfile ca.key -cert newcerts/01.pem -config openssl.cnf -days 90 -batch
Using configuration from openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'CN'
stateOrProvinceName :ASN.1 12:'LiaoNing'
localityName :ASN.1 12:'DaLian'
organizationName :ASN.1 12:'devops'
organizationalUnitName:ASN.1 12:'dev'
commonName :ASN.1 12:'dev.com'
Certificate is to be certified until Mar 14 03:10:23 2020 GMT (90 days)
Write out database with 1 new entries
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=CN, ST=LiaoNing, O=devops, OU=unicorn, CN=devops.com
Validity
Not Before: Dec 15 03:10:23 2019 GMT
Not After : Mar 14 03:10:23 2020 GMT
Subject: C=CN, ST=LiaoNing, O=devops, OU=dev, CN=dev.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:3c:66:ee:17:f0:60:9c:5c:3c:cb:82:72:57:
5e:a2:1a:c7:36:39:53:e9:96:76:ea:b0:60:9a:6f:
74:0a:fb:88:ae:16:bf:94:a1:9d:e9:f9:93:9b:13:
6d:48:af:29:b4:ab:4c:8d:77:59:05:5d:cf:86:14:
db:f8:4c:63:c0:bf:2c:8d:46:b7:19:4a:91:3f:a0:
70:41:d0:5f:e8:cd:6a:60:08:da:96:31:74:6c:4d:
18:b4:1e:d7:af:0d:db:0a:f2:87:8b:be:a9:6c:48:
c7:3d:55:76:5e:15:a6:86:1f:b8:58:ec:70:1d:4d:
fb:ab:9e:9e:66:66:f1:43:e0:22:b6:ea:65:5f:35:
75:35:8d:41:a2:1e:af:21:b5:53:ac:3e:7b:3f:c2:
83:f2:af:cd:d1:63:9f:83:d2:16:19:13:30:f1:a3:
93:05:16:93:fb:3c:1a:5b:8d:c5:82:7a:70:cb:78:
95:58:be:94:6a:bb:8e:86:1f:59:24:d2:43:cd:39:
36:22:b9:3b:1e:d4:a4:4b:23:36:43:a3:44:2d:be:
89:56:e3:de:04:a1:68:6f:9a:d0:a2:ea:4a:ff:f3:
e6:31:95:c4:3d:f1:a5:52:cb:08:44:67:8e:f0:f0:
36:43:2d:67:77:a2:32:01:9d:45:51:0b:bf:6b:4f:
b1:f5
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
81:99:be:7b:c8:b4:f0:b5:5f:5c:a2:39:bc:47:bb:b0:e1:46:
b9:63:54:33:c0:89:d2:4b:f1:16:b2:08:ef:63:a9:7d:26:45:
95:08:62:a6:11:d1:45:c3:78:db:cd:05:95:77:a1:30:cd:b5:
59:70:2b:35:11:23:c7:92:48:d1:19:b2:d0:e6:de:53:47:59:
bd:c7:c2:d7:b1:19:54:8c:66:86:34:4c:26:14:90:43:63:35:
19:44:79:cf:f0:b9:e3:04:74:6b:c0:ee:5d:58:db:c4:a8:18:
fa:b6:43:71:ee:41:b9:f0:cb:0c:b9:0c:a5:09:49:11:72:7b:
d3:cb:f0:25:99:e2:61:74:c2:20:3c:d8:06:f8:b4:fe:70:f1:
c4:c9:1c:fb:c4:89:87:16:34:39:f0:de:03:da:a3:b7:f5:5f:
16:cf:58:68:2c:fc:a0:86:49:20:49:a6:1e:09:bf:6d:6b:2f:
0c:af:df:df:8c:42:6f:95:69:ed:26:90:07:35:66:3b:e1:9a:
b8:18:6c:14:91:0c:10:3c:25:0a:ff:97:fe:e9:ca:13:61:22:
c0:7e:16:63:92:c5:a5:88:f2:38:e8:e9:fb:a0:62:54:e6:e2:
fb:3d:71:e7:9f:b3:3b:f1:0d:2b:a4:d0:18:13:0f:25:b5:77:
76:b4:21:b8
-----BEGIN CERTIFICATE-----
MIIDHTCCAgUCAQIwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCQ04xETAPBgNV
BAgMCExpYW9OaW5nMQ8wDQYDVQQKDAZkZXZvcHMxEDAOBgNVBAsMB3VuaWNvcm4x
EzARBgNVBAMMCmRldm9wcy5jb20wHhcNMTkxMjE1MDMxMDIzWhcNMjAwMzE0MDMx
MDIzWjBRMQswCQYDVQQGEwJDTjERMA8GA1UECAwITGlhb05pbmcxDzANBgNVBAoM
BmRldm9wczEMMAoGA1UECwwDZGV2MRAwDgYDVQQDDAdkZXYuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDxm7hfwYJxcPMuCcldeohrHNjlT6ZZ2
6rBgmm90CvuIrha/lKGd6fmTmxNtSK8ptKtMjXdZBV3PhhTb+ExjwL8sjUa3GUqR
P6BwQdBf6M1qYAjaljF0bE0YtB7Xrw3bCvKHi76pbEjHPVV2XhWmhh+4WOxwHU37
q56eZmbxQ+AituplXzV1NY1Boh6vIbVTrD57P8KD8q/N0WOfg9IWGRMw8aOTBRaT
+zwaW43Fgnpwy3iVWL6UaruOhh9ZJNJDzTk2Irk7HtSkSyM2Q6NELb6JVuPeBKFo
b5rQoupK//PmMZXEPfGlUssIRGeO8PA2Qy1nd6IyAZ1FUQu/a0+x9QIDAQABMA0G
CSqGSIb3DQEBCwUAA4IBAQCBmb57yLTwtV9cojm8R7uw4Ua5Y1QzwInSS/EWsgjv
Y6l9JkWVCGKmEdFFw3jbzQWVd6EwzbVZcCs1ESPHkkjRGbLQ5t5TR1m9x8LXsRlU
jGaGNEwmFJBDYzUZRHnP8LnjBHRrwO5dWNvEqBj6tkNx7kG58MsMuQylCUkRcnvT
y/AlmeJhdMIgPNgG+LT+cPHEyRz7xImHFjQ58N4D2qO39V8Wz1hoLPyghkkgSaYe
Cb9tay8Mr9/fjEJvlWntJpAHNWY74Zq4GGwUkQwQPCUK/5f+6coTYSLAfhZjksWl
iPI46On7oGJU5uL7PXHnn7M78Q0rpNAYEw8ltXd2tCG4
-----END CERTIFICATE-----
Data Base Updated
[root@liumiaocn ca]#
结果确认如下所示
[root@liumiaocn ca]# tree . . ├── ca.key ├── index.txt ├── index.txt.attr ├── index.txt.attr.old ├── index.txt.old ├── newcerts │ ├── 01.pem │ └── 02.pem ├── openssl.cnf ├── privkey.pem ├── request.csr ├── request-dev.csr ├── serial ├── serial.old └── test-cert.crt 1 directory, 14 files [root@liumiaocn ca]# [root@liumiaocn ca]# openssl x509 -noout -in newcerts/02.pem -issuer -subject -dates issuer=C = CN, ST = LiaoNing, O = devops, OU = unicorn, CN = devops.com subject=C = CN, ST = LiaoNing, O = devops, OU = dev, CN = dev.com notBefore=Dec 15 03:10:23 2019 GMT notAfter=Mar 14 03:10:23 2020 GMT [root@liumiaocn ca]#简化证书签名
因为ca子命令使用配置文件,所以可以通过设定配置文件减少证书签名时所需要输入的参数,修改证书配置如下:
[root@liumiaocn ca]# cat openssl.cnf [ ca ] default_ca = CA_default # The default ca section [ CA_default ] dir = . new_certs_dir = $dir/newcerts # default place for new certs. database = $dir/index.txt # database index file. default_md = sha256 # use SHA-256 by default policy = policy_match serial = $dir/serial # The current serial number private_key = $dir/private/ca.key # The private key certificate = $dir/ca.crt # The CA certificate default_days = 90 # how long to certify for [ policy_match ] countryName = match stateOrProvinceName = match organizationName = match organizationalUnitName = optional commonName = supplied emailAddress = optional [root@liumiaocn ca]#
然后根据设定,做如下准备
[root@liumiaocn ca]# cp newcerts/01.pem ca.crt [root@liumiaocn ca]# mkdir private [root@liumiaocn ca]# cp ca.key private/ca.key [root@liumiaocn ca]# tree . . ├── ca.crt ├── ca.key ├── index.txt ├── index.txt.attr ├── index.txt.attr.old ├── index.txt.old ├── newcerts │ ├── 01.pem │ └── 02.pem ├── openssl.cnf ├── private │ └── ca.key ├── privkey.pem ├── request.csr ├── request-dev.csr ├── serial ├── serial.old └── test-cert.crt 2 directories, 16 files [root@liumiaocn ca]#
生成CSR命令示例:openssl req -new -out request-test.csr -nodes -subj “/C=CN/ST=LiaoNing/L=DaLian/O=devops/OU=test/CN=test.com”
[root@liumiaocn ca]# openssl req -new -out request-test.csr -nodes -subj "/C=CN/ST=LiaoNing/L=DaLian/O=devops/OU=test/CN=test.com" Generating a RSA private key .........+++++ ....................................................................................+++++ writing new private key to 'privkey.pem' ----- [root@liumiaocn ca]#
证书签名命令示例:openssl ca -config openssl.cnf -batch -in request-test.csr
[root@liumiaocn ca]# openssl ca -config openssl.cnf -batch -in request-test.csr
Using configuration from openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'CN'
stateOrProvinceName :ASN.1 12:'LiaoNing'
localityName :ASN.1 12:'DaLian'
organizationName :ASN.1 12:'devops'
organizationalUnitName:ASN.1 12:'test'
commonName :ASN.1 12:'test.com'
Certificate is to be certified until Mar 14 05:07:14 2020 GMT (90 days)
Write out database with 1 new entries
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 3 (0x3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=CN, ST=LiaoNing, O=devops, OU=unicorn, CN=devops.com
Validity
Not Before: Dec 15 05:07:14 2019 GMT
Not After : Mar 14 05:07:14 2020 GMT
Subject: C=CN, ST=LiaoNing, O=devops, OU=test, CN=test.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:28:1e:a6:1b:2c:67:69:6d:7d:bf:ec:a5:df:
d7:87:f1:b6:42:3c:48:87:39:36:08:13:29:1e:48:
ab:dd:45:33:77:44:81:00:6f:95:63:1a:3f:58:d7:
6d:70:ff:f7:d8:3c:c7:50:9d:e5:d9:d2:49:16:cb:
92:dc:20:11:46:96:67:d6:16:ba:cd:c2:67:d1:6b:
a2:c4:a7:aa:d0:cf:34:2a:b8:98:8d:30:b1:c0:86:
d2:a8:77:85:de:29:11:7f:6a:cf:83:b2:c9:c3:a4:
4f:f2:4b:c2:51:14:7e:cc:db:d4:a9:e5:65:50:a4:
a1:95:f8:d0:a0:c6:71:85:3b:c1:89:69:8b:e8:60:
c8:d2:b4:ee:85:35:56:a1:5a:db:b4:d6:66:ff:16:
cd:55:fe:7d:61:d6:51:7f:3e:30:ff:63:9c:0d:5f:
af:24:7a:c6:21:ee:57:80:d2:a3:d8:1d:10:42:54:
b0:27:cd:dc:7c:da:8a:8e:3a:68:89:09:5d:4b:7e:
04:d0:5e:ec:a4:ea:2e:a5:ea:06:52:8a:8e:f4:72:
8e:b8:ff:e6:1b:36:11:a9:1e:f0:02:25:c2:8f:05:
f8:0e:e2:43:18:a2:43:4b:6f:23:f4:3f:96:54:3e:
68:de:6c:9e:98:a7:44:5e:6a:17:ac:2a:70:01:cb:
d5:1f
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
0c:6e:41:38:29:ad:a4:5d:0b:05:1c:f7:fb:1b:d7:14:29:8c:
70:fe:61:78:5c:d7:3f:ab:b9:da:e9:44:ca:c0:9c:8f:2a:1c:
75:4a:7d:c3:29:fe:9a:8f:8f:60:e7:54:cc:f1:7c:36:05:d9:
9a:11:e8:c5:d2:44:78:65:2e:24:21:84:22:41:09:50:9c:72:
82:4f:b0:54:4b:a9:55:cc:fc:87:b7:9b:de:af:98:34:b0:3d:
1f:fb:cc:ad:c3:c3:b7:47:0a:e2:05:47:70:2c:25:92:48:3f:
38:8e:df:24:69:80:6d:99:f3:6e:db:ac:57:1e:9b:88:44:dd:
e8:12:03:ac:03:8c:07:a4:49:6f:00:96:6a:70:e3:a7:55:1b:
78:82:a2:89:14:eb:3a:d9:d7:e7:2c:62:79:65:11:e1:8a:51:
f2:3e:aa:98:d7:fe:c8:89:5a:05:1b:1e:b4:65:c5:a4:b0:ba:
e9:25:58:07:14:02:6e:54:6a:58:75:af:05:5a:5e:01:c8:3f:
b6:37:76:e2:4e:a0:ff:5f:c5:f9:c3:15:d3:27:7f:5d:fa:a5:
64:f5:2b:c5:14:01:5c:12:ec:1f:c7:a2:86:31:c2:7c:9e:cf:
44:8f:da:96:ae:a9:dd:aa:18:78:02:6d:1b:b1:4c:2a:76:cb:
f1:0b:1d:79
-----BEGIN CERTIFICATE-----
MIIDHzCCAgcCAQMwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCQ04xETAPBgNV
BAgMCExpYW9OaW5nMQ8wDQYDVQQKDAZkZXZvcHMxEDAOBgNVBAsMB3VuaWNvcm4x
EzARBgNVBAMMCmRldm9wcy5jb20wHhcNMTkxMjE1MDUwNzE0WhcNMjAwMzE0MDUw
NzE0WjBTMQswCQYDVQQGEwJDTjERMA8GA1UECAwITGlhb05pbmcxDzANBgNVBAoM
BmRldm9wczENMAsGA1UECwwEdGVzdDERMA8GA1UEAwwIdGVzdC5jb20wggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyKB6mGyxnaW19v+yl39eH8bZCPEiH
OTYIEykeSKvdRTN3RIEAb5VjGj9Y121w//fYPMdQneXZ0kkWy5LcIBFGlmfWFrrN
wmfRa6LEp6rQzzQquJiNMLHAhtKod4XeKRF/as+DssnDpE/yS8JRFH7M29Sp5WVQ
pKGV+NCgxnGFO8GJaYvoYMjStO6FNVahWtu01mb/Fs1V/n1h1lF/PjD/Y5wNX68k
esYh7leA0qPYHRBCVLAnzdx82oqOOmiJCV1LfgTQXuyk6i6l6gZSio70co64/+Yb
NhGpHvACJcKPBfgO4kMYokNLbyP0P5ZUPmjebJ6Yp0ReahesKnABy9UfAgMBAAEw
DQYJKoZIhvcNAQELBQADggEBAAxuQTgpraRdCwUc9/sb1xQpjHD+YXhc1z+rudrp
RMrAnI8qHHVKfcMp/pqPj2DnVMzxfDYF2ZoR6MXSRHhlLiQhhCJBCVCccoJPsFRL
qVXM/Ie3m96vmDSwPR/7zK3Dw7dHCuIFR3AsJZJIPziO3yRpgG2Z827brFcem4hE
3egSA6wDjAekSW8Almpw46dVG3iCookU6zrZ1+csYnllEeGKUfI+qpjX/siJWgUb
HrRlxaSwuuklWAcUAm5Ualh1rwVaXgHIP7Y3duJOoP9fxfnDFdMnf136pWT1K8UU
AVwS7B/HooYxwnyez0SP2pauqd2qGHgCbRuxTCp2y/ELHXk=
-----END CERTIFICATE-----
Data Base Updated
[root@liumiaocn ca]#
生成的03.pem即是生成的证书文件
[root@liumiaocn ca]# tree . . ├── ca.crt ├── ca.key ├── index.txt ├── index.txt.attr ├── index.txt.attr.old ├── index.txt.old ├── newcerts │ ├── 01.pem │ ├── 02.pem │ └── 03.pem ├── openssl.cnf ├── private │ └── ca.key ├── privkey.pem ├── request.csr ├── request-dev.csr ├── request-test.csr ├── serial ├── serial.old └── test-cert.crt 2 directories, 18 files [root@liumiaocn ca]# openssl x509 -in newcerts/03.pem -noout -issuer -subject -dates issuer=C = CN, ST = LiaoNing, O = devops, OU = unicorn, CN = devops.com subject=C = CN, ST = LiaoNing, O = devops, OU = test, CN = test.com notBefore=Dec 15 05:07:14 2019 GMT notAfter=Mar 14 05:07:14 2020 GMT [root@liumiaocn ca]#
