自建CA以及證書認證

一.自建CA

OS:centos 6.4

# cd /etc/pki/CA
# (umask 077;openssl genrsa -out /etc/pki/CA/private/cakey.pem 1024) (生成CA私匙)
# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3650 (生成自簽證書)
# touch /etc/pki/CA/index.txt
# echo 01 > serial

二.如何製作csr

mkdir /usr/local/mysql/ssl
(umask 077;openssl genrsa -out  /usr/local/mysql/ssl/mysql.key 1024)
openssl req -new -key /usr/local/mysql/ssl/mysql.key -out  /usr/local/mysql/ssl/mysql.csr -days 365

三.如何給別人認證

openssl ca -in mysql.csr -out mysql.crt -days 365