Nidaamka rakibaadda iyo qaabeynta ee dharbaaxay, iyo sidoo kale inta kale ee lagu muujiyey labadii maqaal ee hore, marka laga reebo jiilka shahaadooyinka, waxay ansax u yihiin Wheezy.
Waxaan u adeegsan doonaa qaabka qunsuliyadda inta badan maadaama ay ku saabsan tahay amarrada qalabka. Waxaan u deyneynaa dhammaan wax soo saarka si aan u helno caddayn oo aan si taxaddar leh u akhriyi karno farriimaha ay hawshu soo celinayso, taas oo haddii kale aannaan weligood si taxaddar leh u akhriyin.
Daryeelka ugu weyn ee ay tahay inaan helno waa markay na weydiiyaan:
Magaca Guud (tusaale server FQDN ama magacaaga) []:mildap.amigos.cu
waana inaan qornaa FQDN ka socota adeegeena LDAP, kaas oo kiiskeenu yahay mildap.amigos.cu. Haddii kale, shahaadadu si sax ah uma shaqeyn doonto.
Si loo helo shahaadooyinka, waxaan raaci doonaa nidaamka soo socda:
: ~ # mkdir / xidid / myca : ~ # cd / xidid / myca / : ~ / myca # /usr/lib/ssl/misc/CA.sh -newca Magaca shahaadada CA (ama gal si aad u abuurto) Sameynta shahaadada CA ... Abuuritaanka furaha gaarka loo leeyahay ee 2048 RSA ah ................ +++ ......... ........................... +++ qorista fure cusub oo khaas ah './demoCA/private/./cakey.pem' Gali weedha gudbinta PEM:xeon Hubinta - Ku qor PEM weedha marin:xeon ----- Waxaa lagaa codsan doonaa inaad gasho macluumaad lagu dari doono codsigaaga shahaadada. Waxa aad gali doontid waa waxa loogu yeero Magac Sharaf leh ama DN. Waxaa jira dhowr goobood laakiin waad ka tagi kartaa xoogaa bannaan Meelaha qaar waxaa ku jiri doona qiime caadi ah, haddii aad gasho '.', Goobta ayaa laga tagi doonaa iyadoo maran. ----- Magaca Wadanka (2 xaraf lambar) [AU]:CU Magaca Gobolka ama Gobolka (Magac buuxa) [Gobolka Qaar]:Havana Magaca Deegaanka (tusaale, magaalo) []:Havana Magaca Ururka (tusaale, shirkad) [Internet Widgits Pty Ltd]:Freekes Magaca Cutubka Ururka (tus., Qaybta) []:Freekes Magaca Guud (tusaale server FQDN ama magacaaga) []:mildap.amigos.cu Cinwaanka emailka []:frodo@amigos.cu Fadlan gali astaamaha 'dheeraad ah' ee soo socda si laguugu soo diro codsigaaga shahaadada Fure sir ah []:xeon Magaca shirkad ikhtiyaari ah []:Freekes Isticmaalka qaabeynta ka /usr/lib/ssl/openssl.cnf Gali jumlada gudbinta ee ./demoCA/private/./cakey.pem:xeon Hubso in codsigu u dhigmo saxiixa Saxeex ok Shahaadada Faahfaahinta: Number Serial: bb: 9c: 1b: 72: a7: 1d: d1: e1 Ansaxnimo Aan Kahor: Nofeembar 21 05:23:50 2013 GMT Aan Kaddib: Nofeembar 20 05 : 23: 50 2016 GMT Subject: countryName = CU stateOrProvinceName = Habana organizationName = Freekes organizationUnitName = Freekes commonName = mildap.amigos.cu emailAddress = frodo@amigos.cu X509v3 kordhin: X509v3 Mawduuca Aqoonsiga Muhiimka ah: 79: B3: B2: 7: 47: 67: 92F: 9A: C8: 2C: 1C: 3A: 1: FD: D68: F4: D6: 7: 40A X9v509 Hay'adda Aqoonsiga Furaha: keyid: 3: B79: B3: F2: 7: 47: 67: 92F: 9A: C8: 2C: 1C: 3A: 1: FD: D68: F4: D6: 7: 40A X9v509 Caqabadaha Aasaasiga ah: CA: Shahaadada runta ah waa in la caddeeyo illaa Noofember 3 20:05:23 50 GMT 2016 maalmood) Ku qor kaydka xogta 1095 cusub oo ah Xog Cusub oo la cusbooneysiiyay ############### ##################################### ## #################################### ## ##### : ~ / myca # openssl req -new -nodes -keyout newreq.pem -out newreq.pem Abuurista furaha gaarka loo leeyahay ee 2048 RSA ah ......... +++ ............................... ............ +++ qorista fure cusub oo khaas ah 'newreq.pem' ----- Waxaa lagaa codsan doonaa inaad gasho macluumaad lagu dari doono codsigaaga shahaadada. Waxa aad gali doontid waa waxa loogu yeero Magac Sharaf leh ama DN. Waxaa jira dhowr goobood laakiin waad ka tagi kartaa xoogaa bannaan Meelaha qaar waxaa ku jiri doona qiime caadi ah, haddii aad gasho '.', Goobta ayaa laga tagi doonaa iyadoo maran. ----- Magaca Wadanka (2 xaraf lambar) [AU]:CU Magaca Gobolka ama Gobolka (Magac buuxa) [Gobolka Qaar]:Havana Magaca Deegaanka (tusaale, magaalo) []:Havana Magaca Ururka (tusaale, shirkad) [Internet Widgits Pty Ltd]:Freekes Magaca Cutubka Ururka (tus., Qaybta) []:Freekes Magaca Guud (tusaale server FQDN ama magacaaga) []:mildap.amigos.cu Cinwaanka emailka []:frodo@amigos.cu Fadlan gali astaamaha 'dheeraad ah' ee soo socda si laguugu soo diro codsigaaga shahaadada Fure sir ah []:xeon Magaca shirkad ikhtiyaari ah []:Freekes ################################# ########################################### ########################################### : ~ / myca # /usr/lib/ssl/misc/CA.sh -sign Adoo adeegsanaya qaabeyn ka socota /usr/lib/ssl/openssl.cnf Gali jumlada gudbinta loogu talagalay ./demoCA/private/cakey.pem:xeon Hubi in codsigu u dhigmo saxiixa Saxeex ok Shahaadada Faahfaahinta: Number Serial: bb: 9c: 1b: 72: a7: 1d: d1: e2 Ansaxnimo Aan Kahor: Nofeembar 21 05:27:52 2013 GMT Aan Ka Dib: Nofeembar 21 05 : 27: 52 2014 GMT Subject: countryName = CU stateOrProvinceName = Habana localityName = Habana organizationName = Freekes organizationalUnitName = Freekes commonName = mildap.amigos.cu emailAddress = frodo@amigos.cu X509v3 kordhinta: X509v3 Fikradaha Aasaasiga ah CA: Shahaadada Abuuritaanka OpenSSL ee X509v3 Aqoonsiga Muhiimka ah ee Mawduuca: 80: 62: 8C: 44: 5E: 5C: B8: 67: 1F: E5: C3: 50: 29: 86: BD: E4: 15: 72: 34: 98 X509v3 Hay'adda Furaha Aqoonsiga: furaha: 79: B3: B2: F7: 47: 67: 92: 9F: 8A: C2: 1C: 3C: 1A: 68: FD: D4: F6: D7: 40: 9A Shahaadada waa in la caddeeyo ilaa Noofembar 21 05:27:52 2014 GMT (365 maalmood) Saxeex shahaadada? [y / n]:y 1 ka mid ah 1 codsi shahaado ayaa la xaqiijiyay, ma galay? [y / n]y Write out database with 1 new entries Data Base Updated Certificate: Data: Version: 3 (0x2) Serial Number: bb:9c:1b:72:a7:1d:d1:e2 Signature Algorithm: sha1WithRSAEncryption Issuer: C=CU, ST=Habana, O=Freekes, OU=Freekes, CN=mildap.amigos.cu/emailAddress=frodo@amigos.cu Validity Not Before: Nov 21 05:27:52 2013 GMT Not After : Nov 21 05:27:52 2014 GMT Subject: C=CU, ST=Habana, L=Habana, O=Freekes, OU=Freekes, CN=mildap.amigos.cu/emailAddress=frodo@amigos.cu Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:c7:52:49:72:dc:93:aa:bc:6c:59:00:5c:08:74: e1:7a:d9:f4:06:04:a5:b5:47:16:6a:ee:e8:37:86: 57:cb:a8:2e:87:13:27:23:ab:5f:85:69:fd:df:ad: db:00:83:43:4d:dc:4f:26:b8:62:d1:b7:5c:60:98: 61:89:ac:e5:e4:99:62:5d:36:cf:94:7d:59:b7:3b: be:dd:14:0d:2e:a3:87:3a:0b:8f:d9:69:58:ee:1e: 82:a8:95:83:80:4b:92:9c:76:8e:35:90:d4:53:71: b2:cf:88:2a:df:6f:17:d0:18:f3:a5:8c:1e:5f:5f: 05:7a:8d:1d:24:d8:cf:d6:11:50:0d:cf:18:2e:7d: 84:7c:3b:7b:20:b5:87:91:e5:ba:13:70:7b:79:3c: 4c:21:df:fb:c6:38:92:93:4d:a7:1c:aa:bd:30:4c: 61:e6:c8:8d:e4:e8:14:4f:75:37:9f:ae:b9:7b:31: 37:e9:bb:73:7f:82:c1:cc:92:21:fd:1a:05:ab:9e: 82:59:c8:f2:95:7c:6b:d4:97:48:8a:ce:c1:d1:26: 7f:be:38:0e:53:a7:03:c6:30:80:43:f4:f6:df:2e: 8f:62:48:a0:8c:30:6b:b6:ba:36:8e:3d:b9:67:a0: 48:a8:12:b7:c9:9a:c6:ba:f5:45:58:c7:a5:1a:e7: 4f:8b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 80:62:8C:44:5E:5C:B8:67:1F:E5:C3:50:29:86:BD:E4:15:72:34:98 X509v3 Authority Key Identifier: keyid:79:B3:B2:F7:47:67:92:9F:8A:C2:1C:3C:1A:68:FD:D4:F6:D7:40:9A Signature Algorithm: sha1WithRSAEncryption 66:20:5c:6f:58:c1:7d:d7:f6:a9:82:ab:2b:62:15:1f:31:5a: 56:82:0e:ff:73:4f:3f:9b:36:5e:68:24:b4:17:3f:fd:ed:9f: 96:43:70:f2:8b:5f:22:cc:ed:49:cf:84:f3:ce:90:58:fa:9b: 1d:bd:0b:cd:75:f3:3c:e5:fc:a8:e3:b7:8a:65:40:04:1e:61: de:ea:84:39:93:81:c6:f6:9d:cf:5d:d7:35:96:1f:97:8d:dd: 8e:65:0b:d6:c4:01:a8:fc:4d:37:2d:d7:50:fd:f9:22:30:97: 45:f5:64:0e:fa:87:46:38:b3:6f:3f:0f:ef:60:ca:24:86:4d: 23:0c:79:4d:77:fb:f0:de:3f:2e:a3:07:4b:cd:1a:de:4f:f3: 7a:03:bf:a6:d4:fd:20:f5:17:6b:ac:a9:87:e8:71:01:d7:48: 8f:9a:f3:ed:43:60:58:73:62:b2:99:82:d7:98:97:45:09:90: 0c:21:02:82:3b:2a:e7:c7:fe:76:90:00:d9:db:87:c7:e5:93: 14:6a:6e:3b:fd:47:fc:d5:cd:95:a7:cc:ea:49:c0:64:c5:e7: 55:cd:2f:b1:e0:2b:3d:c4:a1:18:77:fb:73:93:69:92:dd:9d: d8:a5:2b:5f:31:25:ea:94:67:49:4e:3f:05:bf:6c:97:a3:1b: 02:bf:2b:b0 -----BEGIN CERTIFICATE----- MIIECjCCAvKgAwIBAgIJALucG3KnHdHiMA0GCSqGSIb3DQEBBQUAMH0xCzAJBgNV BAYTAkNVMQ8wDQYDVQQIDAZIYXZhbmExEDAOBgNVBAoMB0ZyZWVrZXMxEDAOBgNV BAsMB0ZyZWVrZXMxGTAXBgNVBAMMEG1pbGRhcC5hbWlnb3MuY3UxHjAcBgkqhkiG 9w0BCQEWD2Zyb2RvQGFtaWdvcy5jdTAeFw0xMzExMjEwNTI3NTJaFw0xNDExMjEw NTI3NTJaMIGOMQswCQYDVQQGEwJDVTEPMA0GA1UECAwGSGF2YW5hMQ8wDQYDVQQH DAZIYXZhbmExEDAOBgNVBAoMB0ZyZWVrZXMxEDAOBgNVBAsMB0ZyZWVrZXMxGTAX BgNVBAMMEG1pbGRhcC5hbWlnb3MuY3UxHjAcBgkqhkiG9w0BCQEWD2Zyb2RvQGFt aWdvcy5jdTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMdSSXLck6q8 bFkAXAh04XrZ9AYEpbVHFmru6DeGV8uoLocTJyOrX4Vp/d+t2wCDQ03cTya4YtG3 XGCYYYms5eSZYl02z5R9Wbc7vt0UDS6jhzoLj9lpWO4egqiVg4BLkpx2jjWQ1FNx ss+IKt9vF9AY86WMHl9fBXqNHSTYz9YRUA3PGC59hHw7eyC1h5HluhNwe3k8TCHf +8Y4kpNNpxyqvTBMYebIjeToFE91N5+uuXsxN+m7c3+CwcySIf0aBaueglnI8pV8 a9SXSIrOwdEmf744DlOnA8YwgEP09t8uj2JIoIwwa7a6No49uWegSKgSt8maxrr1 RVjHpRrnT4sCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3Bl blNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFIBijEReXLhnH+XD UCmGveQVcjSYMB8GA1UdIwQYMBaAFHmzsvdHZ5KfisIcPBpo/dT210CaMA0GCSqG SIb3DQEBBQUAA4IBAQBmIFxvWMF91/apgqsrYhUfMVpWgg7/c08/mzZeaCS0Fz/9 7Z+WQ3Dyi18izO1Jz4TzzpBY+psdvQvNdfM85fyo47eKZUAEHmHe6oQ5k4HG9p3P Xdc1lh+Xjd2OZQvWxAGo/E03LddQ/fkiMJdF9WQO+odGOLNvPw/vYMokhk0jDHlN d/vw3j8uowdLzRreT/N6A7+m1P0g9RdrrKmH6HEB10iPmvPtQ2BYc2KymYLXmJdF CZAMIQKCOyrnx/52kADZ24fH5ZMUam47/Uf81c2Vp8zqScBkxedVzS+x4Cs9xKEY d/tzk2mS3Z3YpStfMSXqlGdJTj8Fv2yXoxsCvyuw -----END CERTIFICATE----- Signed certificate is in newcert.pem ################################################################### ################################################################### : ~ / myca # cp demoCA / cacert.pem / iwm / ssl / certs / : ~ / myca # mv newcert.pem /etc/ssl/certs/mildap-cert.pem : ~ / myca # mv newreq.pem /etc/ssl/private/mildap-key.pem : ~ / myca # chmod 600 /etc/ssl/private/mildap-key.pem : ~ / myca # nano certinfo.ldif dn: cn = config add: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem - add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ssl/certs/mildap-cert.pem - add: milcT -key.pem : ~ / myca # ldapmodify -Y EXTERNAL -H ldapi: /// -f /root/myca/certinfo.ldif : ~ / myca # aptitude rakibi ssl-cert : ~ / myca # adduser openldap ssl-cert Ku darida isticmaalaha 'openldap' kooxda 'ssl-cert' ... Ku darida isticmaale furanlda kooxda ssl-cert Waa la qabtay. : ~ / myca # chgrp ssl-cert /etc/ssl/private/mildap-key.pem : ~ / myca # chmod g + r /etc/ssl/private/mildap-key.pem : ~ / myca # chmod ama /etc/ssl/private/mildap-key.pem : ~ / myca # adeegga slapd dib u bilaw [ok] Joojinta OpenLDAP: slapd. [ok] Bilaabida OpenLDAP: slapd. : ~ / myca # dabada / var / log / syslog
Sharaxaaddan iyo qodobbada hore, waxaan hadda u isticmaali karnaa Wheezy inuu yahay nidaamka hawlgalka ee Adeegga Tusaha.
Nagala soco qaybta xigta !!!.
Sideen u dhigaa shahaado noocan ah ama https bogga internetka? adigoon maciinsan shirkad, hay'ad ama bog dibadeed
Maxaa kale oo adeegsi ah shahaadadaadu leedahay?
Tusaalaha, feylka cacert.pem ee shahaadadu waa inuu kiciyo kanaal isgaarsiineed oo qarsoodi ah oo udhaxeeya macmiilka iyo serverka, ama serverka laftiisa meesha aan ku leenahay OpenLDAP, ama macmiil xaqiijinaya kahooseedka.
On serverka iyo macmiilka, waa inaad ku dhawaaqdaa meesha ay ku yaalliin faylka /etc/ldap/ldap.conf, sida lagu sharxay maqaalkii hore:
/Etc/ldap/ldap.conf faylka
BASE dc = saaxiibo, dc = cu
URI ldap: //mildap.amigos.cu
# QIIMEYNTA 12
#TILAALKA 15
#DEREF marna
Shahaadooyinka TLS (waxaa loo baahan yahay GnuTLS)
TLS_CACERT /etc/ssl/certs/cacert.pem
Dabcan, marka laga hadlayo macmiilka, waa inaad nuqul ka sameysataa faylkaas galka / etc / ssl / certs folder. Wixii intaa ka dambeeya, waxaad isticmaali kartaa StartTLS si aad ula xiriirto server-ka LDAP. Waxaan kugula talinayaa inaad aqriso qodobada hore.
Salaan
Waad ku mahadsantahay wadaagida macluumaadkan Sideen ku hagaajiyaa isku xirnaanta aaladaha maqalka bluetooth-ka ee windows 10