Servicio de Directorio con OpenLDAP [6]: Certificados en Debian 7 “Wheezy”

Ufakelo kunye nenkqubo yoqwalaselo lwe qhwaba, kunye nokunye okuchazwe kumanqaku amabini angaphambili, ngaphandle kwesizukulwana sezatifikethi, kuvumelekile kwi-Wheezy.

Siza kusebenzisa isimbo seconsole ikakhulu kuba le yimiyalelo yeconsole. Sishiya zonke iziphumo ukuze sifumane ukucaca kwaye sifunde ngononophelo ukuba yeyiphi imiyalezo inkqubo ebuyela kuthi, kungenjalo asizange siyifunde ngononophelo.

Olona khathalelo lukhulu ekufuneka siluthathe kuxa besibuza:

Igama Eliqhelekileyo (umzekelo umncedisi we FQDN okanye igama LAKHO) []:mildap.amigos.cu

kwaye kufuneka sibhale i FQDN ukusuka kwiseva yethu ye-LDAP, kwimeko yethu mildap.amigos.cu. Ukuba awukwenzi ngale ndlela, isatifikethi asiyi kusebenza ngokuchanekileyo.

Ukufumana izatifikethi, siya kulandela le nkqubo ilandelayo:

:~# mkdir /root/myca
:~# cd /ingcambu/myca/
: ~/myca# /usr/lib/ssl/misc/CA.sh -newca
Igama lefayile yesatifikethi se-CA (okanye ngenisa ukuyila) Ukwenza isatifikethi se-CA ... Ukuvelisa i-2048 bit RSA isitshixo sabucala ................+++ ......... ....................................+++ ukubhala iqhosha elitsha labucala ku-'./demoCA/private/./cakey.pem'
Ngenisa ibinzana lokugqitha le-PEM:xeon
Ukuqinisekisa-Faka ibinzana lokugqitha le-PEM:xeon ----- Umalunga nokucelwa ukuba ufake iinkcukacha eziya kudityaniswa kwisicelo sakho sesatifikethi. Into oza kuyifaka kuyo ibizwa ngokuba liGama eliBalulekileyo okanye i-DN. Kukho imihlaba embalwa kodwa ungayishiya ingenanto Kweminye imihlaba kuyakubakho ixabiso elimiselweyo, Ukuba ungenisa '.', umhlaba uyakushiywa ungenanto. -----
Igama lelizwe (ikhowudi enobumba aba-2) [AU]:CU
Igama lePhondo okanye lePhondo (igama eligcweleyo) [Ilizwe elithile]:IHavana
Igama leNdawo (umzekelo, isixeko) []:IHavana
Igama loMbutho (umzekelo, inkampani) [Internet Widgits Pty Ltd]:Freekes
Igama leYunithi yoMbutho (umz., Icandelo) []:Freekes
Igama Eliqhelekileyo (umzekelo umncedisi we FQDN okanye igama LAKHO) []:mildap.amigos.cu
Idilesi yemeyile []:frodo@amigos.cu Nceda ufake ezi mpawu zilandelayo 'zongezelelweyo' eziza kuthunyelwa kunye nesicelo sakho sesatifikethi
Igama lokugqithisa elingumngeni []:xeon
Igama lenkampani elikhethiweyo []:IiFreekes Ukusebenzisa uqwalaselo ukusuka /usr/lib/ssl/openssl.cnf
Ngenisa ibinzana lokugqitha le ./demoCA/private/./cakey.pem:xeon Khangela ukuba isicelo siyahambelana nomsayino ok Iinkcukacha zesatifikethi: Inombolo yothotho: bb:9c:1b:72:a7:1d:d1:e1 Ukuqinisekisa hayi Ngaphambili: Nov 21 05:23:50 2013 GMT Hayi Emva: Nov 20 05 :23:50 2016 GMT Umxholo: countryName = CU stateOrProvinceName = Habana organizationName = Freekes organizationalUnitName = Freekes commonName = mildap.amigos.cu emailAddress = frodo@amigos.cu 509:3:509:3F:79A:C3:2:7C 47A:67:FD:D92:F9:D8:2:1A X3v1 Isichongi seGunya lesiQinisekiso: keyid:68:B4:B6:F7:40:9: 509:3F:79A:C3:2C:7C:47A:67: FD:D92:F9:D8:2:1A 3 iintsuku) Bhala uvimba weenkcukacha ngamangeniso amatsha eSiseko seDatha esiHlaziyiweyo ########################### ##################################################### #################################################### ###################
:~/myca# ivula i-req-entsha-iindawo-nodi-isitshixo i-newreq.pem-ngaphandle entshareq.pem
Ivelisa i-2048 bit ye-RSA iqhosha labucala .........+++ .............................. . ............+++ ukubhala isitshixo esitsha sabucala ku-'newreq.pem' ----- Umalunga nokucelwa ukuba ufake iinkcukacha eziya kudityaniswa kwisicelo sakho sesatifikethi. Into oza kuyifaka kuyo ibizwa ngokuba liGama eliBalulekileyo okanye i-DN. Kukho imihlaba embalwa kodwa ungayishiya ingenanto Kweminye imihlaba kuyakubakho ixabiso elimiselweyo, Ukuba ungenisa '.', umhlaba uyakushiywa ungenanto. -----
Igama lelizwe (ikhowudi enobumba aba-2) [AU]:CU
Igama lePhondo okanye lePhondo (igama eligcweleyo) [Ilizwe elithile]:IHavana
Igama leNdawo (umzekelo, isixeko) []:IHavana
Igama loMbutho (umzekelo, inkampani) [Internet Widgits Pty Ltd]:Freekes
Igama leYunithi yoMbutho (umz., Icandelo) []:Freekes
Igama Eliqhelekileyo (umzekelo umncedisi we FQDN okanye igama LAKHO) []:mildap.amigos.cu
Idilesi yemeyile []:frodo@amigos.cu Nceda ufake ezi mpawu zilandelayo 'zongezelelweyo' eziza kuthunyelwa kunye nesicelo sakho sesatifikethi
Igama lokugqithisa elingumngeni []:xeon
Igama lenkampani elikhethiweyo []:Freekes ######################################### #################################################### ################################################

: ~/myca# /usr/lib/ssl/misc/CA.sh -sign
Usebenzisa ubumbeko olusuka ku/usr/lib/ssl/openssl.cnf
Ngenisa ibinzana lokugqitha le ./demoCA/private/cakey.pem:xeon Khangela ukuba isicelo siyahambelana nomsayino ok ok Iinkcukacha zesatifikethi: Inombolo yothotho: bb:9c:1b:72:a7:1d:d1:e2 Ukuqinisekisa hayi Ngaphambili: Nov 21 05:27:52 2013 GMT Hayi Emva: Nov 21 05 :27:52 2014 GMT Umxholo: ilizweName = CU stateOrProvinceName = Habana localityName = Habana organizationName = IiFreekes organizationalUnitName = IiFreekes commonName = mildap.amigos.cu emailAddress = frodo@amigos.cu OpenSSL Generated Certificate Identifier:509: Keyid: B3: F509:3:509:3:80F:62A:C8:44C:5C:5A:8:FD:D67:F1:D5:3:50A Isatifikethi siza kuqinisekiswa kude kube nguNov 29 86:4:15 72 GMT (34) iintsuku)
Sayina isatifikethi? [y/n]:y

Isi-1 kwesi-1 sesicelo sesatifikethi siqinisekisiwe, sizinikele? [y/n]y
Write out database with 1 new entries
Data Base Updated
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
bb:9c:1b:72:a7:1d:d1:e2
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=CU, ST=Habana, O=Freekes, OU=Freekes, CN=mildap.amigos.cu/emailAddress=frodo@amigos.cu
Validity
Not Before: Nov 21 05:27:52 2013 GMT
Not After : Nov 21 05:27:52 2014 GMT
Subject: C=CU, ST=Habana, L=Habana, O=Freekes, OU=Freekes, CN=mildap.amigos.cu/emailAddress=frodo@amigos.cu
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c7:52:49:72:dc:93:aa:bc:6c:59:00:5c:08:74:
e1:7a:d9:f4:06:04:a5:b5:47:16:6a:ee:e8:37:86:
57:cb:a8:2e:87:13:27:23:ab:5f:85:69:fd:df:ad:
db:00:83:43:4d:dc:4f:26:b8:62:d1:b7:5c:60:98:
61:89:ac:e5:e4:99:62:5d:36:cf:94:7d:59:b7:3b:
be:dd:14:0d:2e:a3:87:3a:0b:8f:d9:69:58:ee:1e:
82:a8:95:83:80:4b:92:9c:76:8e:35:90:d4:53:71:
b2:cf:88:2a:df:6f:17:d0:18:f3:a5:8c:1e:5f:5f:
05:7a:8d:1d:24:d8:cf:d6:11:50:0d:cf:18:2e:7d:
84:7c:3b:7b:20:b5:87:91:e5:ba:13:70:7b:79:3c:
4c:21:df:fb:c6:38:92:93:4d:a7:1c:aa:bd:30:4c:
61:e6:c8:8d:e4:e8:14:4f:75:37:9f:ae:b9:7b:31:
37:e9:bb:73:7f:82:c1:cc:92:21:fd:1a:05:ab:9e:
82:59:c8:f2:95:7c:6b:d4:97:48:8a:ce:c1:d1:26:
7f:be:38:0e:53:a7:03:c6:30:80:43:f4:f6:df:2e:
8f:62:48:a0:8c:30:6b:b6:ba:36:8e:3d:b9:67:a0:
48:a8:12:b7:c9:9a:c6:ba:f5:45:58:c7:a5:1a:e7:
4f:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
80:62:8C:44:5E:5C:B8:67:1F:E5:C3:50:29:86:BD:E4:15:72:34:98
X509v3 Authority Key Identifier:
keyid:79:B3:B2:F7:47:67:92:9F:8A:C2:1C:3C:1A:68:FD:D4:F6:D7:40:9A

Signature Algorithm: sha1WithRSAEncryption
66:20:5c:6f:58:c1:7d:d7:f6:a9:82:ab:2b:62:15:1f:31:5a:
56:82:0e:ff:73:4f:3f:9b:36:5e:68:24:b4:17:3f:fd:ed:9f:
96:43:70:f2:8b:5f:22:cc:ed:49:cf:84:f3:ce:90:58:fa:9b:
1d:bd:0b:cd:75:f3:3c:e5:fc:a8:e3:b7:8a:65:40:04:1e:61:
de:ea:84:39:93:81:c6:f6:9d:cf:5d:d7:35:96:1f:97:8d:dd:
8e:65:0b:d6:c4:01:a8:fc:4d:37:2d:d7:50:fd:f9:22:30:97:
45:f5:64:0e:fa:87:46:38:b3:6f:3f:0f:ef:60:ca:24:86:4d:
23:0c:79:4d:77:fb:f0:de:3f:2e:a3:07:4b:cd:1a:de:4f:f3:
7a:03:bf:a6:d4:fd:20:f5:17:6b:ac:a9:87:e8:71:01:d7:48:
8f:9a:f3:ed:43:60:58:73:62:b2:99:82:d7:98:97:45:09:90:
0c:21:02:82:3b:2a:e7:c7:fe:76:90:00:d9:db:87:c7:e5:93:
14:6a:6e:3b:fd:47:fc:d5:cd:95:a7:cc:ea:49:c0:64:c5:e7:
55:cd:2f:b1:e0:2b:3d:c4:a1:18:77:fb:73:93:69:92:dd:9d:
d8:a5:2b:5f:31:25:ea:94:67:49:4e:3f:05:bf:6c:97:a3:1b:
02:bf:2b:b0
-----BEGIN CERTIFICATE-----
MIIECjCCAvKgAwIBAgIJALucG3KnHdHiMA0GCSqGSIb3DQEBBQUAMH0xCzAJBgNV
BAYTAkNVMQ8wDQYDVQQIDAZIYXZhbmExEDAOBgNVBAoMB0ZyZWVrZXMxEDAOBgNV
BAsMB0ZyZWVrZXMxGTAXBgNVBAMMEG1pbGRhcC5hbWlnb3MuY3UxHjAcBgkqhkiG
9w0BCQEWD2Zyb2RvQGFtaWdvcy5jdTAeFw0xMzExMjEwNTI3NTJaFw0xNDExMjEw
NTI3NTJaMIGOMQswCQYDVQQGEwJDVTEPMA0GA1UECAwGSGF2YW5hMQ8wDQYDVQQH
DAZIYXZhbmExEDAOBgNVBAoMB0ZyZWVrZXMxEDAOBgNVBAsMB0ZyZWVrZXMxGTAX
BgNVBAMMEG1pbGRhcC5hbWlnb3MuY3UxHjAcBgkqhkiG9w0BCQEWD2Zyb2RvQGFt
aWdvcy5jdTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMdSSXLck6q8
bFkAXAh04XrZ9AYEpbVHFmru6DeGV8uoLocTJyOrX4Vp/d+t2wCDQ03cTya4YtG3
XGCYYYms5eSZYl02z5R9Wbc7vt0UDS6jhzoLj9lpWO4egqiVg4BLkpx2jjWQ1FNx
ss+IKt9vF9AY86WMHl9fBXqNHSTYz9YRUA3PGC59hHw7eyC1h5HluhNwe3k8TCHf
+8Y4kpNNpxyqvTBMYebIjeToFE91N5+uuXsxN+m7c3+CwcySIf0aBaueglnI8pV8
a9SXSIrOwdEmf744DlOnA8YwgEP09t8uj2JIoIwwa7a6No49uWegSKgSt8maxrr1
RVjHpRrnT4sCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3Bl
blNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFIBijEReXLhnH+XD
UCmGveQVcjSYMB8GA1UdIwQYMBaAFHmzsvdHZ5KfisIcPBpo/dT210CaMA0GCSqG
SIb3DQEBBQUAA4IBAQBmIFxvWMF91/apgqsrYhUfMVpWgg7/c08/mzZeaCS0Fz/9
7Z+WQ3Dyi18izO1Jz4TzzpBY+psdvQvNdfM85fyo47eKZUAEHmHe6oQ5k4HG9p3P
Xdc1lh+Xjd2OZQvWxAGo/E03LddQ/fkiMJdF9WQO+odGOLNvPw/vYMokhk0jDHlN
d/vw3j8uowdLzRreT/N6A7+m1P0g9RdrrKmH6HEB10iPmvPtQ2BYc2KymYLXmJdF
CZAMIQKCOyrnx/52kADZ24fH5ZMUam47/Uf81c2Vp8zqScBkxedVzS+x4Cs9xKEY
d/tzk2mS3Z3YpStfMSXqlGdJTj8Fv2yXoxsCvyuw
-----END CERTIFICATE-----
Signed certificate is in newcert.pem
###################################################################
###################################################################

:~/myca# cp demoCA/cacert.pem /etc/ssl/certs/
:~/myca# mv newcert.pem /etc/ssl/certs/mildap-cert.pem
:~/myca# mv newreq.pem /etc/ssl/private/mildap-key.pem
: ~/myca# chmod 600 /etc/ssl/private/mildap-key.pem

:~/myca# nano certinfo.ldif
dn: cn = ukongeza ukongeza: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem - yongeza: olcTLSCertificateFile olcTLSCertificateFile: /etc/ssl/certs/mildap-certficac-certficTLSCerSCert-cert. Ifayile: / etc/ssl/private /mildap-key.pem

:~/myca# ldapmodify -Y NGAPHANDLE -H ldapi:/// -f /root/myca/certinfo.ldif

:~/myca# ukufaneleka kokufaka i-ssl-cert

:~/myca# adduser openldap ssl-cert
Ukongeza umsebenzisi `openldap' kwiqela `ssl-cert' ... Ukongeza umsebenzisi openldap kwiqela ssl-cert Kwenziwe.
:~/myca# chgrp ssl-cert /etc/ssl/private/mildap-key.pem
:~/myca# chmod g+r /etc/ssl/private/mildap-key.pem
:~/myca# chmod okanye /etc/ssl/private/mildap-key.pem
:~/myca# inkonzo slapd qala kwakhona
[ok] Ukumisa i-OpenLDAP: qhwaba. [ok] Ukuqalisa i-OpenLDAP: slapd.

:~/myca# umsila /var/log/syslog

Ngale ngcaciso kunye namanqaku angaphambili, ngoku sinokusebenzisa i-Wheezy njengenkqubo yokusebenza yeNkonzo yethu yoLawulo.

Qhubeka nathi kwisitolingi esilandelayo!!!.

Shiya uluvo lwakho Rhoxisa impendulo

sdfaae sitsho
yenzayo 10 iminyaka

Ndilubeka njani olu hlobo lwezatifikethi okanye i-https kwiwebhusayithi? ngaphandle kokubhenela kwinkampani, iqumrhu okanye iphepha langaphandle
Zeziphi ezinye iindlela esinazo isiqinisekiso sakho?

Phendula kwi-sdsfaae
1. UFrederick sitsho
  yenzayo 10 iminyaka
  
  Ngokomzekelo, ifayile ye cacert.pem yesatifikethi kukuqalisa umjelo wonxibelelwano ofihliweyo phakathi komxhasi kunye nomncedisi, nokuba kumncedisi apho sine-OpenLDAP, okanye kumxhasi oqinisekisa ngokuchasene noMlawuli.
  
  Kumncedisi kunye nomxhasi, kufuneka uchaze indawo yayo kwifayile /etc/ldap/ldap.conf, njengoko kuchaziwe kwinqaku elidlulileyo:
  /etc/ldap/ldap.conf ifayile
  
  ISISEKO dc=abahlobo,dc=cu
  URI ldap://mildap.amigos.cu
  
  #SIZELIMIT 12
  #UMDA 15
  #DEREF zange
  
  # Izatifikethi ze-TLS (ezifunekayo kwi-GnuTLS)
  TLS_CACERT /etc/ssl/certs/cacert.pem
  
  Kunjalo, kwimeko yomxhasi, kufuneka ukhuphele loo fayile kwi/etc/ssl/certs folder. Ukususela ngoko, ungasebenzisa i-StartTLS ukunxibelelana neseva ye-LDAP. Ndikucebisa ukuba ufunde amanqaku angaphambili.
  
  Phendula nge quote
  
  Phendula kwi-federico
qhekeza sitsho
yenzayo 6 iminyaka

Enkosi ngokwabelana ngolu lwazi Ndilulungisa njani uqhagamshelo lwezixhobo zomsindo zebluetooth kwiiWindows 10

Phendula u-rajan

DesdeLinux

Inkonzo kavimba weefayili nge-OpenLDAP [6]: Izatifikethi kwiDebian 7 "Wheezy"

Shiya uluvo lwakho Rhoxisa impendulo