1.证书签发准备
准备签发证书环境
运维主机 HDSS7-200.host.com上:
安装CFSSL
证书签发工具CFSSL:R1.2
cfssl下载地址
cfssl-json下载地址
cfssl-certinfo下载地址
[root@hdss7-200 ~]# wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -O /usr/bin/cfssl
[root@hdss7-200 ~]# wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -O /usr/bin/cfssl-json
[root@hdss7-200 ~]# wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 -O /usr/bin/cfssl-certinfo
[root@hdss7-200 ~]# chmod +x /usr/bin/cfssl*
[root@hdss7-200 ~]# cd /opt/
[root@hdss7-200 opt]# mkdir certs
[root@hdss7-200 opt]# vim /opt/certs/ca-csr.json
[root@hdss7-200 opt]# cat /opt/certs/ca-csr.json
{
"CN": "Banma",
"hosts": [
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "beijing",
"L": "beijing",
"O": "od",
"OU": "ops"
}
],
"ca": {
"expiry": "175200h"
}
}
[root@hdss7-200 certs]# cfssl gencert -initca ca-csr.json | cfssl-json -bare ca
2020/06/06 11:19:07 [INFO] generating a new CA key and certificate from CSR
2020/06/06 11:19:07 [INFO] generate received request
2020/06/06 11:19:07 [INFO] received CSR
2020/06/06 11:19:07 [INFO] generating key: rsa-2048
2020/06/06 11:19:07 [INFO] encoded CSR
2020/06/06 11:19:07 [INFO] signed certificate with serial number 338063746541492966339048061307851413764026027302
[root@hdss7-200 certs]# ll
total 16
-rw-r--r-- 1 root root 989 Jun 6 11:19 ca.csr
-rw-r--r-- 1 root root 334 Jun 6 11:18 ca-csr.json
-rw------- 1 root root 1679 Jun 6 11:19 ca-key.pem #根证书私钥
-rw-r--r-- 1 root root 1334 Jun 6 11:19 ca.pem #根证书
原文章已同步到语雀