Sabis ɗin Adireshi tare da OpenLDAP [6]: Takaddun shaida a cikin Debian 7 “Wheezy”

Tsarin shigarwa da daidaitawa na mari, kazalika da sauran abin da aka nuna a cikin labaran biyu da suka gabata, ban da ƙarni na takaddun shaida, suna aiki ga Wheezy.

Zamuyi amfani da salon wasan bidiyo mafi yawa tunda game da umarnin console ne. Mun bar duk abubuwan da muke fitarwa don mu sami tsabta kuma zamu iya karanta a hankali waɗanne saƙonni ne aikin ya dawo mana, wanda in ba haka ba kusan ba zamu karanta a hankali ba.

Babban abinda yakamata muyi shine idan suka tambayemu:

Sunan gama gari (misali uwar garken FQDN ko sunanka) []:mildap.amigos.cu

kuma dole ne mu rubuta FQDN daga sabarmu ta LDAP, wanda a wurinmu yake mildap.amigos.cu. In ba haka ba, takardar shaidar ba za ta yi aiki daidai ba.

Don samun takaddun shaida, za mu bi hanya mai zuwa:

: ~ # mkdir / tushen / myca
: ~ # cd / tushen / myca /
: ~ / myca # /usr/lib/ssl/misc/CA.sh -newca
CA sunan filename (ko shigar don ƙirƙirar) Yin CA takardar shaidar ... Samar da maɓallin keɓaɓɓiyar RSA 2048 bit ................ +++ ......... ........................... +++ rubuta sabon mabuɗin sirri don './demoCA/private/./cakey.pem'
Shigar da kalmar wucewa ta PEM:xeon
Tabbatarwa - Shigar da kalmar wucewa ta PEM:xeon ----- Ana gab da tambayarka ka shigar da bayanan da za'a shigar dasu cikin bukatar takardar shedarka. Abinda zaku shiga shine ake kira Rarrabe Sunan ko DN. Akwai 'yan filaye kaɗan amma zaka iya barin wasu fanfo Ga wasu filayen za'a sami ƙimar tsoho, Idan ka shiga'. ', Filin zai bar fanko. -----
Sunan Kasa (lambar harafi 2) [AU]:CU
Suna ko Lardin lardi (cikakken suna) [Wasu Jiha]:Habana
Sunan yanki (misali, birni) []:Habana
Sunan Kungiya (misali, kamfani) [Intanit Widgits Pty Ltd]:Freekes
Ƙungiyar Ƙungiyar Ƙungiyoyi (misali, sashe) []:Freekes
Sunan gama gari (misali uwar garken FQDN ko sunanka) []:mildap.amigos.cu
Adireshin i-mel []:frodo@amigos.cu Da fatan za a shigar da waɗannan 'ƙarin' halayen da za a aika tare da takardar shaidarku
Kalmar sirri ta kalubale []:xeon
Sunan kamfani na zaɓi []:Freekes Ta amfani da sanyi daga /usr/lib/ssl/openssl.cnf
Shigar da kalmar wucewa don ./demoCA/private/./cakey.pem:xeon Duba cewa buƙatar ta yi daidai da sa hannu Sa hannu lafiya Takaddun bayanai: Serial Number: bb: 9c: 1b: 72: a7: 1d: d1: e1 Ingancin Ba Kafin: Nuwamba 21 05:23:50 2013 GMT Ba Bayan: Nuwamba 20 05 . 23: 50: 2016: 509F: 3A: C509: 3C: 79C: 3A: 2: FD: D7: F47: D67: 92: 9A X8v2 Maɓallin Maɓallin Mulki: keyid: 1: B3: B1: F68: 4: 6: 7: 40F: 9A: C509: 3C: 79C: 3A: 2: FD: D7: F47: D67: 92: 9A X8v2 icananan rauntatawa: CA: GASKIYA za a sami takaddun shaida har zuwa Nuwamba 1 3:1:68 4 GMT ( 6 kwanaki) Rubuta fitar da bayanai tare da sabbin shigarwa 7 Takaitaccen Bayanin Bayanai ################## ############################# # ############################ # #####
: ~ / myca # openssl req -new -nodes -keyout newreq.pem -out newreq.pem
Irƙirar maɓallin keɓaɓɓiyar RSA 2048 bit ......... +++ ............................... ............ +++ rubuta sabon mabuɗin sirri don 'newreq.pem' ----- Ana gab da tambayar ku ku shigar da bayanan da za a saka cikin takardar shaidarku. Abinda zaku shiga shine ake kira Rarrabe Sunan ko DN. Akwai 'yan filaye kaɗan amma zaka iya barin wasu fanfo Ga wasu filayen za'a sami ƙimar tsoho, Idan ka shiga'. ', Filin zai bar fanko. -----
Sunan Kasa (lambar harafi 2) [AU]:CU
Suna ko Lardin lardi (cikakken suna) [Wasu Jiha]:Habana
Sunan yanki (misali, birni) []:Habana
Sunan Kungiya (misali, kamfani) [Intanit Widgits Pty Ltd]:Freekes
Ƙungiyar Ƙungiyar Ƙungiyoyi (misali, sashe) []:Freekes
Sunan gama gari (misali uwar garken FQDN ko sunanka) []:mildap.amigos.cu
Adireshin i-mel []:frodo@amigos.cu Da fatan za a shigar da waɗannan 'ƙarin' halayen da za a aika tare da takardar shaidarku
Kalmar sirri ta kalubale []:xeon
Sunan kamfani na zaɓi []:Freekes ########################### ######################################### #############################

: ~ / myca # /usr/lib/ssl/misc/CA.sh -sign
Amfani da sanyi daga /usr/lib/ssl/openssl.cnf
Shigar da kalmar wucewa don ./demoCA/private/cakey.pem:xeon Duba cewa buƙatar ta dace da sa hannu Sa hannu lafiya Takaddun bayanai: Serial Number: bb: 9c: 1b: 72: a7: 1d: d1: e2 Ingancin Ba Kafin: Nuwamba 21 05:27:52 2013 GMT Ba Bayan: Nuwamba 21 05 : 27: 52 2014 GMT Take: countryName = CU stateOrProvinceName = Garin Habana OpenSSL Takaddun Shaidan da aka 509irƙira X3v509 Maɓallin Maɓallin Maɓalli: 3: 509: 3C: 80: 62E: 8C: B44: 5: 5F: E8: C67: 1: 5: 3: BD: E50: 29: 86: 4: 15 X72v34 Maɓallin Hukuma Ganowa: keyid: 98: B509: B3: F79: 3: 2: 7: 47F: 67A: C92: 9C: 8C: 2A: 1: FD: D3: F1: D68: 4: 6A Takaddun za a tabbatar da shi har zuwa Nuwamba 7 40:9:21 05 GMT (kwanaki 27)
Shiga takardar shaidar? [y / n]:y

1 daga cikin 1 takardar shaidar buƙatun bokan, aikata? [y / n]y
Write out database with 1 new entries
Data Base Updated
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
bb:9c:1b:72:a7:1d:d1:e2
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=CU, ST=Habana, O=Freekes, OU=Freekes, CN=mildap.amigos.cu/emailAddress=frodo@amigos.cu
Validity
Not Before: Nov 21 05:27:52 2013 GMT
Not After : Nov 21 05:27:52 2014 GMT
Subject: C=CU, ST=Habana, L=Habana, O=Freekes, OU=Freekes, CN=mildap.amigos.cu/emailAddress=frodo@amigos.cu
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c7:52:49:72:dc:93:aa:bc:6c:59:00:5c:08:74:
e1:7a:d9:f4:06:04:a5:b5:47:16:6a:ee:e8:37:86:
57:cb:a8:2e:87:13:27:23:ab:5f:85:69:fd:df:ad:
db:00:83:43:4d:dc:4f:26:b8:62:d1:b7:5c:60:98:
61:89:ac:e5:e4:99:62:5d:36:cf:94:7d:59:b7:3b:
be:dd:14:0d:2e:a3:87:3a:0b:8f:d9:69:58:ee:1e:
82:a8:95:83:80:4b:92:9c:76:8e:35:90:d4:53:71:
b2:cf:88:2a:df:6f:17:d0:18:f3:a5:8c:1e:5f:5f:
05:7a:8d:1d:24:d8:cf:d6:11:50:0d:cf:18:2e:7d:
84:7c:3b:7b:20:b5:87:91:e5:ba:13:70:7b:79:3c:
4c:21:df:fb:c6:38:92:93:4d:a7:1c:aa:bd:30:4c:
61:e6:c8:8d:e4:e8:14:4f:75:37:9f:ae:b9:7b:31:
37:e9:bb:73:7f:82:c1:cc:92:21:fd:1a:05:ab:9e:
82:59:c8:f2:95:7c:6b:d4:97:48:8a:ce:c1:d1:26:
7f:be:38:0e:53:a7:03:c6:30:80:43:f4:f6:df:2e:
8f:62:48:a0:8c:30:6b:b6:ba:36:8e:3d:b9:67:a0:
48:a8:12:b7:c9:9a:c6:ba:f5:45:58:c7:a5:1a:e7:
4f:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
80:62:8C:44:5E:5C:B8:67:1F:E5:C3:50:29:86:BD:E4:15:72:34:98
X509v3 Authority Key Identifier:
keyid:79:B3:B2:F7:47:67:92:9F:8A:C2:1C:3C:1A:68:FD:D4:F6:D7:40:9A

Signature Algorithm: sha1WithRSAEncryption
66:20:5c:6f:58:c1:7d:d7:f6:a9:82:ab:2b:62:15:1f:31:5a:
56:82:0e:ff:73:4f:3f:9b:36:5e:68:24:b4:17:3f:fd:ed:9f:
96:43:70:f2:8b:5f:22:cc:ed:49:cf:84:f3:ce:90:58:fa:9b:
1d:bd:0b:cd:75:f3:3c:e5:fc:a8:e3:b7:8a:65:40:04:1e:61:
de:ea:84:39:93:81:c6:f6:9d:cf:5d:d7:35:96:1f:97:8d:dd:
8e:65:0b:d6:c4:01:a8:fc:4d:37:2d:d7:50:fd:f9:22:30:97:
45:f5:64:0e:fa:87:46:38:b3:6f:3f:0f:ef:60:ca:24:86:4d:
23:0c:79:4d:77:fb:f0:de:3f:2e:a3:07:4b:cd:1a:de:4f:f3:
7a:03:bf:a6:d4:fd:20:f5:17:6b:ac:a9:87:e8:71:01:d7:48:
8f:9a:f3:ed:43:60:58:73:62:b2:99:82:d7:98:97:45:09:90:
0c:21:02:82:3b:2a:e7:c7:fe:76:90:00:d9:db:87:c7:e5:93:
14:6a:6e:3b:fd:47:fc:d5:cd:95:a7:cc:ea:49:c0:64:c5:e7:
55:cd:2f:b1:e0:2b:3d:c4:a1:18:77:fb:73:93:69:92:dd:9d:
d8:a5:2b:5f:31:25:ea:94:67:49:4e:3f:05:bf:6c:97:a3:1b:
02:bf:2b:b0
-----BEGIN CERTIFICATE-----
MIIECjCCAvKgAwIBAgIJALucG3KnHdHiMA0GCSqGSIb3DQEBBQUAMH0xCzAJBgNV
BAYTAkNVMQ8wDQYDVQQIDAZIYXZhbmExEDAOBgNVBAoMB0ZyZWVrZXMxEDAOBgNV
BAsMB0ZyZWVrZXMxGTAXBgNVBAMMEG1pbGRhcC5hbWlnb3MuY3UxHjAcBgkqhkiG
9w0BCQEWD2Zyb2RvQGFtaWdvcy5jdTAeFw0xMzExMjEwNTI3NTJaFw0xNDExMjEw
NTI3NTJaMIGOMQswCQYDVQQGEwJDVTEPMA0GA1UECAwGSGF2YW5hMQ8wDQYDVQQH
DAZIYXZhbmExEDAOBgNVBAoMB0ZyZWVrZXMxEDAOBgNVBAsMB0ZyZWVrZXMxGTAX
BgNVBAMMEG1pbGRhcC5hbWlnb3MuY3UxHjAcBgkqhkiG9w0BCQEWD2Zyb2RvQGFt
aWdvcy5jdTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMdSSXLck6q8
bFkAXAh04XrZ9AYEpbVHFmru6DeGV8uoLocTJyOrX4Vp/d+t2wCDQ03cTya4YtG3
XGCYYYms5eSZYl02z5R9Wbc7vt0UDS6jhzoLj9lpWO4egqiVg4BLkpx2jjWQ1FNx
ss+IKt9vF9AY86WMHl9fBXqNHSTYz9YRUA3PGC59hHw7eyC1h5HluhNwe3k8TCHf
+8Y4kpNNpxyqvTBMYebIjeToFE91N5+uuXsxN+m7c3+CwcySIf0aBaueglnI8pV8
a9SXSIrOwdEmf744DlOnA8YwgEP09t8uj2JIoIwwa7a6No49uWegSKgSt8maxrr1
RVjHpRrnT4sCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3Bl
blNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFIBijEReXLhnH+XD
UCmGveQVcjSYMB8GA1UdIwQYMBaAFHmzsvdHZ5KfisIcPBpo/dT210CaMA0GCSqG
SIb3DQEBBQUAA4IBAQBmIFxvWMF91/apgqsrYhUfMVpWgg7/c08/mzZeaCS0Fz/9
7Z+WQ3Dyi18izO1Jz4TzzpBY+psdvQvNdfM85fyo47eKZUAEHmHe6oQ5k4HG9p3P
Xdc1lh+Xjd2OZQvWxAGo/E03LddQ/fkiMJdF9WQO+odGOLNvPw/vYMokhk0jDHlN
d/vw3j8uowdLzRreT/N6A7+m1P0g9RdrrKmH6HEB10iPmvPtQ2BYc2KymYLXmJdF
CZAMIQKCOyrnx/52kADZ24fH5ZMUam47/Uf81c2Vp8zqScBkxedVzS+x4Cs9xKEY
d/tzk2mS3Z3YpStfMSXqlGdJTj8Fv2yXoxsCvyuw
-----END CERTIFICATE-----
Signed certificate is in newcert.pem
###################################################################
###################################################################

: ~ / myca # cp demoCA / cacert.pem / sauransu / ssl / certs /
: ~ / myca # mv sabon shiga.pem /etc/ssl/certs/mildap-cert.pem
: ~ / myca # mv newreq.pem /etc/ssl/rikan/mildap-key.pem
: ~ / myca # chmod 600 /etc/ssl/ keɓaɓɓu/mildap-key.pem

: ~ / myca # nano certinfo.ldif
dn: cn = saita kara: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem - add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ssl/certs/mildap-cert.pem - add: milcTat -kashi.pem

: ~ / myca # ldapmodify -Y EXTERNAL -H ldapi: /// -f /root/myca/certinfo.ldif

: ~ / myca # ƙwarewa shigar ssl-cert

: ~ / myca # adduser budeldap ssl-cert
Dingara mai amfani `` budeldap 'zuwa ƙungiyar' ssl-cert '... dingara mai amfani buɗeldap zuwa ƙungiyar ssl-cert Anyi.
: ~ / myca # chgrp ssl-cert /etc/ssl/rikanta/mildap-key.pem
: ~ / myca # chmod g + r /etc/ssl/ keɓaɓɓu/mildap-key.pem
: ~ / myca # chmod ko /etc/ssl/ keɓaɓɓu/mildap-key.pem
: ~ / myca # sake kunnawa slapd service
[ok] Tsaida OpenLDAP: slapd. [ok] Fara OpenLDAP: slapd.

: ~ / myca # wutsiya / var / log / syslog

Tare da wannan bayanin da labarin da ya gabata, yanzu zamu iya amfani da Wheezy azaman tsarin aiki don Sabis ɗinmu na Directory.

Ci gaba da mu a kashi na gaba !!!.


3 comments, bar naka

Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Wanda ke da alhakin bayanan: Miguel Ángel Gatón
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.

  1.   sdsfae m

    Ta yaya zan iya sanya irin wannan takardar shaidar ko https akan gidan yanar gizon? ba tare da neman izini ga kamfani, mahaɗan ko shafin waje ba
    Waɗanne amfani ne takardar shaidar ku ke da su?

    1.    federico m

      A cikin misali, cacert.pem fayil na takardar shaidar shine don kunna tashar sadarwa mai ɓoye tsakanin abokin ciniki da sabar, ko dai a kan sabar kanta inda muke da OpenLDAP, ko a kan abokin ciniki wanda ya tabbatar da Directory.

      A kan sabar da kan abokin harka, dole ne ka bayyana inda suke a cikin fayil din /etc/ldap/ldap.conf, kamar yadda aka bayyana a cikin labarin da ya gabata:
      /Etc/ldap/ldap.conf fayil

      GASKIYA dc = abokai, dc = cu
      URI ldap: //mildap.amigos.cu

      # KYAUTA 12
      # LOKACI 15
      #DEREF bazai taba ba

      # TLS takaddun shaida (da ake buƙata don GnuTLS)
      TLS_CACERT /etc/ssl/certs/cacert.pem

      Tabbas, a yanayin abokin ciniki, dole ne ku kwafa wannan fayil ɗin zuwa babban fayil ɗin / etc / ssl / certs. Daga nan gaba, zaku iya amfani da StartTLS don sadarwa tare da sabar LDAP. Ina ba ku shawarar karanta labaran da suka gabata.

      gaisuwa