Tsarin shigarwa da daidaitawa na mari, kazalika da sauran abin da aka nuna a cikin labaran biyu da suka gabata, ban da ƙarni na takaddun shaida, suna aiki ga Wheezy.
Zamuyi amfani da salon wasan bidiyo mafi yawa tunda game da umarnin console ne. Mun bar duk abubuwan da muke fitarwa don mu sami tsabta kuma zamu iya karanta a hankali waɗanne saƙonni ne aikin ya dawo mana, wanda in ba haka ba kusan ba zamu karanta a hankali ba.
Babban abinda yakamata muyi shine idan suka tambayemu:
Sunan gama gari (misali uwar garken FQDN ko sunanka) []:mildap.amigos.cu
kuma dole ne mu rubuta FQDN daga sabarmu ta LDAP, wanda a wurinmu yake mildap.amigos.cu. In ba haka ba, takardar shaidar ba za ta yi aiki daidai ba.
Don samun takaddun shaida, za mu bi hanya mai zuwa:
: ~ # mkdir / tushen / myca : ~ # cd / tushen / myca / : ~ / myca # /usr/lib/ssl/misc/CA.sh -newca CA sunan filename (ko shigar don ƙirƙirar) Yin CA takardar shaidar ... Samar da maɓallin keɓaɓɓiyar RSA 2048 bit ................ +++ ......... ........................... +++ rubuta sabon mabuɗin sirri don './demoCA/private/./cakey.pem' Shigar da kalmar wucewa ta PEM:xeon Tabbatarwa - Shigar da kalmar wucewa ta PEM:xeon ----- Ana gab da tambayarka ka shigar da bayanan da za'a shigar dasu cikin bukatar takardar shedarka. Abinda zaku shiga shine ake kira Rarrabe Sunan ko DN. Akwai 'yan filaye kaɗan amma zaka iya barin wasu fanfo Ga wasu filayen za'a sami ƙimar tsoho, Idan ka shiga'. ', Filin zai bar fanko. ----- Sunan Kasa (lambar harafi 2) [AU]:CU Suna ko Lardin lardi (cikakken suna) [Wasu Jiha]:Habana Sunan yanki (misali, birni) []:Habana Sunan Kungiya (misali, kamfani) [Intanit Widgits Pty Ltd]:Freekes Ƙungiyar Ƙungiyar Ƙungiyoyi (misali, sashe) []:Freekes Sunan gama gari (misali uwar garken FQDN ko sunanka) []:mildap.amigos.cu Adireshin i-mel []:frodo@amigos.cu Da fatan za a shigar da waɗannan 'ƙarin' halayen da za a aika tare da takardar shaidarku Kalmar sirri ta kalubale []:xeon Sunan kamfani na zaɓi []:Freekes Ta amfani da sanyi daga /usr/lib/ssl/openssl.cnf Shigar da kalmar wucewa don ./demoCA/private/./cakey.pem:xeon Duba cewa buƙatar ta yi daidai da sa hannu Sa hannu lafiya Takaddun bayanai: Serial Number: bb: 9c: 1b: 72: a7: 1d: d1: e1 Ingancin Ba Kafin: Nuwamba 21 05:23:50 2013 GMT Ba Bayan: Nuwamba 20 05 . 23: 50: 2016: 509F: 3A: C509: 3C: 79C: 3A: 2: FD: D7: F47: D67: 92: 9A X8v2 Maɓallin Maɓallin Mulki: keyid: 1: B3: B1: F68: 4: 6: 7: 40F: 9A: C509: 3C: 79C: 3A: 2: FD: D7: F47: D67: 92: 9A X8v2 icananan rauntatawa: CA: GASKIYA za a sami takaddun shaida har zuwa Nuwamba 1 3:1:68 4 GMT ( 6 kwanaki) Rubuta fitar da bayanai tare da sabbin shigarwa 7 Takaitaccen Bayanin Bayanai ################## ############################# # ############################ # ##### : ~ / myca # openssl req -new -nodes -keyout newreq.pem -out newreq.pem Irƙirar maɓallin keɓaɓɓiyar RSA 2048 bit ......... +++ ............................... ............ +++ rubuta sabon mabuɗin sirri don 'newreq.pem' ----- Ana gab da tambayar ku ku shigar da bayanan da za a saka cikin takardar shaidarku. Abinda zaku shiga shine ake kira Rarrabe Sunan ko DN. Akwai 'yan filaye kaɗan amma zaka iya barin wasu fanfo Ga wasu filayen za'a sami ƙimar tsoho, Idan ka shiga'. ', Filin zai bar fanko. ----- Sunan Kasa (lambar harafi 2) [AU]:CU Suna ko Lardin lardi (cikakken suna) [Wasu Jiha]:Habana Sunan yanki (misali, birni) []:Habana Sunan Kungiya (misali, kamfani) [Intanit Widgits Pty Ltd]:Freekes Ƙungiyar Ƙungiyar Ƙungiyoyi (misali, sashe) []:Freekes Sunan gama gari (misali uwar garken FQDN ko sunanka) []:mildap.amigos.cu Adireshin i-mel []:frodo@amigos.cu Da fatan za a shigar da waɗannan 'ƙarin' halayen da za a aika tare da takardar shaidarku Kalmar sirri ta kalubale []:xeon Sunan kamfani na zaɓi []:Freekes ########################### ######################################### ############################# : ~ / myca # /usr/lib/ssl/misc/CA.sh -sign Amfani da sanyi daga /usr/lib/ssl/openssl.cnf Shigar da kalmar wucewa don ./demoCA/private/cakey.pem:xeon Duba cewa buƙatar ta dace da sa hannu Sa hannu lafiya Takaddun bayanai: Serial Number: bb: 9c: 1b: 72: a7: 1d: d1: e2 Ingancin Ba Kafin: Nuwamba 21 05:27:52 2013 GMT Ba Bayan: Nuwamba 21 05 : 27: 52 2014 GMT Take: countryName = CU stateOrProvinceName = Garin Habana OpenSSL Takaddun Shaidan da aka 509irƙira X3v509 Maɓallin Maɓallin Maɓalli: 3: 509: 3C: 80: 62E: 8C: B44: 5: 5F: E8: C67: 1: 5: 3: BD: E50: 29: 86: 4: 15 X72v34 Maɓallin Hukuma Ganowa: keyid: 98: B509: B3: F79: 3: 2: 7: 47F: 67A: C92: 9C: 8C: 2A: 1: FD: D3: F1: D68: 4: 6A Takaddun za a tabbatar da shi har zuwa Nuwamba 7 40:9:21 05 GMT (kwanaki 27) Shiga takardar shaidar? [y / n]:y 1 daga cikin 1 takardar shaidar buƙatun bokan, aikata? [y / n]y Write out database with 1 new entries Data Base Updated Certificate: Data: Version: 3 (0x2) Serial Number: bb:9c:1b:72:a7:1d:d1:e2 Signature Algorithm: sha1WithRSAEncryption Issuer: C=CU, ST=Habana, O=Freekes, OU=Freekes, CN=mildap.amigos.cu/emailAddress=frodo@amigos.cu Validity Not Before: Nov 21 05:27:52 2013 GMT Not After : Nov 21 05:27:52 2014 GMT Subject: C=CU, ST=Habana, L=Habana, O=Freekes, OU=Freekes, CN=mildap.amigos.cu/emailAddress=frodo@amigos.cu Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:c7:52:49:72:dc:93:aa:bc:6c:59:00:5c:08:74: e1:7a:d9:f4:06:04:a5:b5:47:16:6a:ee:e8:37:86: 57:cb:a8:2e:87:13:27:23:ab:5f:85:69:fd:df:ad: db:00:83:43:4d:dc:4f:26:b8:62:d1:b7:5c:60:98: 61:89:ac:e5:e4:99:62:5d:36:cf:94:7d:59:b7:3b: be:dd:14:0d:2e:a3:87:3a:0b:8f:d9:69:58:ee:1e: 82:a8:95:83:80:4b:92:9c:76:8e:35:90:d4:53:71: b2:cf:88:2a:df:6f:17:d0:18:f3:a5:8c:1e:5f:5f: 05:7a:8d:1d:24:d8:cf:d6:11:50:0d:cf:18:2e:7d: 84:7c:3b:7b:20:b5:87:91:e5:ba:13:70:7b:79:3c: 4c:21:df:fb:c6:38:92:93:4d:a7:1c:aa:bd:30:4c: 61:e6:c8:8d:e4:e8:14:4f:75:37:9f:ae:b9:7b:31: 37:e9:bb:73:7f:82:c1:cc:92:21:fd:1a:05:ab:9e: 82:59:c8:f2:95:7c:6b:d4:97:48:8a:ce:c1:d1:26: 7f:be:38:0e:53:a7:03:c6:30:80:43:f4:f6:df:2e: 8f:62:48:a0:8c:30:6b:b6:ba:36:8e:3d:b9:67:a0: 48:a8:12:b7:c9:9a:c6:ba:f5:45:58:c7:a5:1a:e7: 4f:8b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 80:62:8C:44:5E:5C:B8:67:1F:E5:C3:50:29:86:BD:E4:15:72:34:98 X509v3 Authority Key Identifier: keyid:79:B3:B2:F7:47:67:92:9F:8A:C2:1C:3C:1A:68:FD:D4:F6:D7:40:9A Signature Algorithm: sha1WithRSAEncryption 66:20:5c:6f:58:c1:7d:d7:f6:a9:82:ab:2b:62:15:1f:31:5a: 56:82:0e:ff:73:4f:3f:9b:36:5e:68:24:b4:17:3f:fd:ed:9f: 96:43:70:f2:8b:5f:22:cc:ed:49:cf:84:f3:ce:90:58:fa:9b: 1d:bd:0b:cd:75:f3:3c:e5:fc:a8:e3:b7:8a:65:40:04:1e:61: de:ea:84:39:93:81:c6:f6:9d:cf:5d:d7:35:96:1f:97:8d:dd: 8e:65:0b:d6:c4:01:a8:fc:4d:37:2d:d7:50:fd:f9:22:30:97: 45:f5:64:0e:fa:87:46:38:b3:6f:3f:0f:ef:60:ca:24:86:4d: 23:0c:79:4d:77:fb:f0:de:3f:2e:a3:07:4b:cd:1a:de:4f:f3: 7a:03:bf:a6:d4:fd:20:f5:17:6b:ac:a9:87:e8:71:01:d7:48: 8f:9a:f3:ed:43:60:58:73:62:b2:99:82:d7:98:97:45:09:90: 0c:21:02:82:3b:2a:e7:c7:fe:76:90:00:d9:db:87:c7:e5:93: 14:6a:6e:3b:fd:47:fc:d5:cd:95:a7:cc:ea:49:c0:64:c5:e7: 55:cd:2f:b1:e0:2b:3d:c4:a1:18:77:fb:73:93:69:92:dd:9d: d8:a5:2b:5f:31:25:ea:94:67:49:4e:3f:05:bf:6c:97:a3:1b: 02:bf:2b:b0 -----BEGIN CERTIFICATE----- MIIECjCCAvKgAwIBAgIJALucG3KnHdHiMA0GCSqGSIb3DQEBBQUAMH0xCzAJBgNV BAYTAkNVMQ8wDQYDVQQIDAZIYXZhbmExEDAOBgNVBAoMB0ZyZWVrZXMxEDAOBgNV BAsMB0ZyZWVrZXMxGTAXBgNVBAMMEG1pbGRhcC5hbWlnb3MuY3UxHjAcBgkqhkiG 9w0BCQEWD2Zyb2RvQGFtaWdvcy5jdTAeFw0xMzExMjEwNTI3NTJaFw0xNDExMjEw NTI3NTJaMIGOMQswCQYDVQQGEwJDVTEPMA0GA1UECAwGSGF2YW5hMQ8wDQYDVQQH DAZIYXZhbmExEDAOBgNVBAoMB0ZyZWVrZXMxEDAOBgNVBAsMB0ZyZWVrZXMxGTAX BgNVBAMMEG1pbGRhcC5hbWlnb3MuY3UxHjAcBgkqhkiG9w0BCQEWD2Zyb2RvQGFt aWdvcy5jdTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMdSSXLck6q8 bFkAXAh04XrZ9AYEpbVHFmru6DeGV8uoLocTJyOrX4Vp/d+t2wCDQ03cTya4YtG3 XGCYYYms5eSZYl02z5R9Wbc7vt0UDS6jhzoLj9lpWO4egqiVg4BLkpx2jjWQ1FNx ss+IKt9vF9AY86WMHl9fBXqNHSTYz9YRUA3PGC59hHw7eyC1h5HluhNwe3k8TCHf +8Y4kpNNpxyqvTBMYebIjeToFE91N5+uuXsxN+m7c3+CwcySIf0aBaueglnI8pV8 a9SXSIrOwdEmf744DlOnA8YwgEP09t8uj2JIoIwwa7a6No49uWegSKgSt8maxrr1 RVjHpRrnT4sCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3Bl blNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFIBijEReXLhnH+XD UCmGveQVcjSYMB8GA1UdIwQYMBaAFHmzsvdHZ5KfisIcPBpo/dT210CaMA0GCSqG SIb3DQEBBQUAA4IBAQBmIFxvWMF91/apgqsrYhUfMVpWgg7/c08/mzZeaCS0Fz/9 7Z+WQ3Dyi18izO1Jz4TzzpBY+psdvQvNdfM85fyo47eKZUAEHmHe6oQ5k4HG9p3P Xdc1lh+Xjd2OZQvWxAGo/E03LddQ/fkiMJdF9WQO+odGOLNvPw/vYMokhk0jDHlN d/vw3j8uowdLzRreT/N6A7+m1P0g9RdrrKmH6HEB10iPmvPtQ2BYc2KymYLXmJdF CZAMIQKCOyrnx/52kADZ24fH5ZMUam47/Uf81c2Vp8zqScBkxedVzS+x4Cs9xKEY d/tzk2mS3Z3YpStfMSXqlGdJTj8Fv2yXoxsCvyuw -----END CERTIFICATE----- Signed certificate is in newcert.pem ################################################################### ################################################################### : ~ / myca # cp demoCA / cacert.pem / sauransu / ssl / certs / : ~ / myca # mv sabon shiga.pem /etc/ssl/certs/mildap-cert.pem : ~ / myca # mv newreq.pem /etc/ssl/rikan/mildap-key.pem : ~ / myca # chmod 600 /etc/ssl/ keɓaɓɓu/mildap-key.pem : ~ / myca # nano certinfo.ldif dn: cn = saita kara: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem - add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ssl/certs/mildap-cert.pem - add: milcTat -kashi.pem : ~ / myca # ldapmodify -Y EXTERNAL -H ldapi: /// -f /root/myca/certinfo.ldif : ~ / myca # ƙwarewa shigar ssl-cert : ~ / myca # adduser budeldap ssl-cert Dingara mai amfani `` budeldap 'zuwa ƙungiyar' ssl-cert '... dingara mai amfani buɗeldap zuwa ƙungiyar ssl-cert Anyi. : ~ / myca # chgrp ssl-cert /etc/ssl/rikanta/mildap-key.pem : ~ / myca # chmod g + r /etc/ssl/ keɓaɓɓu/mildap-key.pem : ~ / myca # chmod ko /etc/ssl/ keɓaɓɓu/mildap-key.pem : ~ / myca # sake kunnawa slapd service [ok] Tsaida OpenLDAP: slapd. [ok] Fara OpenLDAP: slapd. : ~ / myca # wutsiya / var / log / syslog
Tare da wannan bayanin da labarin da ya gabata, yanzu zamu iya amfani da Wheezy azaman tsarin aiki don Sabis ɗinmu na Directory.
Ci gaba da mu a kashi na gaba !!!.
Ta yaya zan iya sanya irin wannan takardar shaidar ko https akan gidan yanar gizon? ba tare da neman izini ga kamfani, mahaɗan ko shafin waje ba
Waɗanne amfani ne takardar shaidar ku ke da su?
A cikin misali, cacert.pem fayil na takardar shaidar shine don kunna tashar sadarwa mai ɓoye tsakanin abokin ciniki da sabar, ko dai a kan sabar kanta inda muke da OpenLDAP, ko a kan abokin ciniki wanda ya tabbatar da Directory.
A kan sabar da kan abokin harka, dole ne ka bayyana inda suke a cikin fayil din /etc/ldap/ldap.conf, kamar yadda aka bayyana a cikin labarin da ya gabata:
/Etc/ldap/ldap.conf fayil
GASKIYA dc = abokai, dc = cu
URI ldap: //mildap.amigos.cu
# KYAUTA 12
# LOKACI 15
#DEREF bazai taba ba
# TLS takaddun shaida (da ake buƙata don GnuTLS)
TLS_CACERT /etc/ssl/certs/cacert.pem
Tabbas, a yanayin abokin ciniki, dole ne ku kwafa wannan fayil ɗin zuwa babban fayil ɗin / etc / ssl / certs. Daga nan gaba, zaku iya amfani da StartTLS don sadarwa tare da sabar LDAP. Ina ba ku shawarar karanta labaran da suka gabata.
gaisuwa
Godiya ga raba wannan bayani yaya zan gyara haɗin na'urorin audio na bluetooth a cikin windows 10