Ufakelo kunye nenkqubo yoqwalaselo lwe qhwaba, kunye nokunye okuchazwe kumanqaku amabini angaphambili, ngaphandle kwesizukulwana sezatifikethi, kuvumelekile kwi-Wheezy.
Siza kusebenzisa isimbo seconsole ikakhulu kuba le yimiyalelo yeconsole. Sishiya zonke iziphumo ukuze sifumane ukucaca kwaye sifunde ngononophelo ukuba yeyiphi imiyalezo inkqubo ebuyela kuthi, kungenjalo asizange siyifunde ngononophelo.
Olona khathalelo lukhulu ekufuneka siluthathe kuxa besibuza:
Igama Eliqhelekileyo (umzekelo umncedisi we FQDN okanye igama LAKHO) []:mildap.amigos.cu
kwaye kufuneka sibhale i FQDN ukusuka kwiseva yethu ye-LDAP, kwimeko yethu mildap.amigos.cu. Ukuba awukwenzi ngale ndlela, isatifikethi asiyi kusebenza ngokuchanekileyo.
Ukufumana izatifikethi, siya kulandela le nkqubo ilandelayo:
:~# mkdir /root/myca :~# cd /ingcambu/myca/ : ~/myca# /usr/lib/ssl/misc/CA.sh -newca Igama lefayile yesatifikethi se-CA (okanye ngenisa ukuyila) Ukwenza isatifikethi se-CA ... Ukuvelisa i-2048 bit RSA isitshixo sabucala ................+++ ......... ....................................+++ ukubhala iqhosha elitsha labucala ku-'./demoCA/private/./cakey.pem' Ngenisa ibinzana lokugqitha le-PEM:xeon Ukuqinisekisa-Faka ibinzana lokugqitha le-PEM:xeon ----- Umalunga nokucelwa ukuba ufake iinkcukacha eziya kudityaniswa kwisicelo sakho sesatifikethi. Into oza kuyifaka kuyo ibizwa ngokuba liGama eliBalulekileyo okanye i-DN. Kukho imihlaba embalwa kodwa ungayishiya ingenanto Kweminye imihlaba kuyakubakho ixabiso elimiselweyo, Ukuba ungenisa '.', umhlaba uyakushiywa ungenanto. ----- Igama lelizwe (ikhowudi enobumba aba-2) [AU]:CU Igama lePhondo okanye lePhondo (igama eligcweleyo) [Ilizwe elithile]:IHavana Igama leNdawo (umzekelo, isixeko) []:IHavana Igama loMbutho (umzekelo, inkampani) [Internet Widgits Pty Ltd]:Freekes Igama leYunithi yoMbutho (umz., Icandelo) []:Freekes Igama Eliqhelekileyo (umzekelo umncedisi we FQDN okanye igama LAKHO) []:mildap.amigos.cu Idilesi yemeyile []:frodo@amigos.cu Nceda ufake ezi mpawu zilandelayo 'zongezelelweyo' eziza kuthunyelwa kunye nesicelo sakho sesatifikethi Igama lokugqithisa elingumngeni []:xeon Igama lenkampani elikhethiweyo []:IiFreekes Ukusebenzisa uqwalaselo ukusuka /usr/lib/ssl/openssl.cnf Ngenisa ibinzana lokugqitha le ./demoCA/private/./cakey.pem:xeon Khangela ukuba isicelo siyahambelana nomsayino ok Iinkcukacha zesatifikethi: Inombolo yothotho: bb:9c:1b:72:a7:1d:d1:e1 Ukuqinisekisa hayi Ngaphambili: Nov 21 05:23:50 2013 GMT Hayi Emva: Nov 20 05 :23:50 2016 GMT Umxholo: countryName = CU stateOrProvinceName = Habana organizationName = Freekes organizationalUnitName = Freekes commonName = mildap.amigos.cu emailAddress = frodo@amigos.cu 509:3:509:3F:79A:C3:2:7C 47A:67:FD:D92:F9:D8:2:1A X3v1 Isichongi seGunya lesiQinisekiso: keyid:68:B4:B6:F7:40:9: 509:3F:79A:C3:2C:7C:47A:67: FD:D92:F9:D8:2:1A 3 iintsuku) Bhala uvimba weenkcukacha ngamangeniso amatsha eSiseko seDatha esiHlaziyiweyo ########################### ##################################################### #################################################### ################### :~/myca# ivula i-req-entsha-iindawo-nodi-isitshixo i-newreq.pem-ngaphandle entshareq.pem Ivelisa i-2048 bit ye-RSA iqhosha labucala .........+++ .............................. . ............+++ ukubhala isitshixo esitsha sabucala ku-'newreq.pem' ----- Umalunga nokucelwa ukuba ufake iinkcukacha eziya kudityaniswa kwisicelo sakho sesatifikethi. Into oza kuyifaka kuyo ibizwa ngokuba liGama eliBalulekileyo okanye i-DN. Kukho imihlaba embalwa kodwa ungayishiya ingenanto Kweminye imihlaba kuyakubakho ixabiso elimiselweyo, Ukuba ungenisa '.', umhlaba uyakushiywa ungenanto. ----- Igama lelizwe (ikhowudi enobumba aba-2) [AU]:CU Igama lePhondo okanye lePhondo (igama eligcweleyo) [Ilizwe elithile]:IHavana Igama leNdawo (umzekelo, isixeko) []:IHavana Igama loMbutho (umzekelo, inkampani) [Internet Widgits Pty Ltd]:Freekes Igama leYunithi yoMbutho (umz., Icandelo) []:Freekes Igama Eliqhelekileyo (umzekelo umncedisi we FQDN okanye igama LAKHO) []:mildap.amigos.cu Idilesi yemeyile []:frodo@amigos.cu Nceda ufake ezi mpawu zilandelayo 'zongezelelweyo' eziza kuthunyelwa kunye nesicelo sakho sesatifikethi Igama lokugqithisa elingumngeni []:xeon Igama lenkampani elikhethiweyo []:Freekes ######################################### #################################################### ################################################ : ~/myca# /usr/lib/ssl/misc/CA.sh -sign Usebenzisa ubumbeko olusuka ku/usr/lib/ssl/openssl.cnf Ngenisa ibinzana lokugqitha le ./demoCA/private/cakey.pem:xeon Khangela ukuba isicelo siyahambelana nomsayino ok ok Iinkcukacha zesatifikethi: Inombolo yothotho: bb:9c:1b:72:a7:1d:d1:e2 Ukuqinisekisa hayi Ngaphambili: Nov 21 05:27:52 2013 GMT Hayi Emva: Nov 21 05 :27:52 2014 GMT Umxholo: ilizweName = CU stateOrProvinceName = Habana localityName = Habana organizationName = IiFreekes organizationalUnitName = IiFreekes commonName = mildap.amigos.cu emailAddress = frodo@amigos.cu OpenSSL Generated Certificate Identifier:509: Keyid: B3: F509:3:509:3:80F:62A:C8:44C:5C:5A:8:FD:D67:F1:D5:3:50A Isatifikethi siza kuqinisekiswa kude kube nguNov 29 86:4:15 72 GMT (34) iintsuku) Sayina isatifikethi? [y/n]:y Isi-1 kwesi-1 sesicelo sesatifikethi siqinisekisiwe, sizinikele? [y/n]y Write out database with 1 new entries Data Base Updated Certificate: Data: Version: 3 (0x2) Serial Number: bb:9c:1b:72:a7:1d:d1:e2 Signature Algorithm: sha1WithRSAEncryption Issuer: C=CU, ST=Habana, O=Freekes, OU=Freekes, CN=mildap.amigos.cu/emailAddress=frodo@amigos.cu Validity Not Before: Nov 21 05:27:52 2013 GMT Not After : Nov 21 05:27:52 2014 GMT Subject: C=CU, ST=Habana, L=Habana, O=Freekes, OU=Freekes, CN=mildap.amigos.cu/emailAddress=frodo@amigos.cu Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:c7:52:49:72:dc:93:aa:bc:6c:59:00:5c:08:74: e1:7a:d9:f4:06:04:a5:b5:47:16:6a:ee:e8:37:86: 57:cb:a8:2e:87:13:27:23:ab:5f:85:69:fd:df:ad: db:00:83:43:4d:dc:4f:26:b8:62:d1:b7:5c:60:98: 61:89:ac:e5:e4:99:62:5d:36:cf:94:7d:59:b7:3b: be:dd:14:0d:2e:a3:87:3a:0b:8f:d9:69:58:ee:1e: 82:a8:95:83:80:4b:92:9c:76:8e:35:90:d4:53:71: b2:cf:88:2a:df:6f:17:d0:18:f3:a5:8c:1e:5f:5f: 05:7a:8d:1d:24:d8:cf:d6:11:50:0d:cf:18:2e:7d: 84:7c:3b:7b:20:b5:87:91:e5:ba:13:70:7b:79:3c: 4c:21:df:fb:c6:38:92:93:4d:a7:1c:aa:bd:30:4c: 61:e6:c8:8d:e4:e8:14:4f:75:37:9f:ae:b9:7b:31: 37:e9:bb:73:7f:82:c1:cc:92:21:fd:1a:05:ab:9e: 82:59:c8:f2:95:7c:6b:d4:97:48:8a:ce:c1:d1:26: 7f:be:38:0e:53:a7:03:c6:30:80:43:f4:f6:df:2e: 8f:62:48:a0:8c:30:6b:b6:ba:36:8e:3d:b9:67:a0: 48:a8:12:b7:c9:9a:c6:ba:f5:45:58:c7:a5:1a:e7: 4f:8b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 80:62:8C:44:5E:5C:B8:67:1F:E5:C3:50:29:86:BD:E4:15:72:34:98 X509v3 Authority Key Identifier: keyid:79:B3:B2:F7:47:67:92:9F:8A:C2:1C:3C:1A:68:FD:D4:F6:D7:40:9A Signature Algorithm: sha1WithRSAEncryption 66:20:5c:6f:58:c1:7d:d7:f6:a9:82:ab:2b:62:15:1f:31:5a: 56:82:0e:ff:73:4f:3f:9b:36:5e:68:24:b4:17:3f:fd:ed:9f: 96:43:70:f2:8b:5f:22:cc:ed:49:cf:84:f3:ce:90:58:fa:9b: 1d:bd:0b:cd:75:f3:3c:e5:fc:a8:e3:b7:8a:65:40:04:1e:61: de:ea:84:39:93:81:c6:f6:9d:cf:5d:d7:35:96:1f:97:8d:dd: 8e:65:0b:d6:c4:01:a8:fc:4d:37:2d:d7:50:fd:f9:22:30:97: 45:f5:64:0e:fa:87:46:38:b3:6f:3f:0f:ef:60:ca:24:86:4d: 23:0c:79:4d:77:fb:f0:de:3f:2e:a3:07:4b:cd:1a:de:4f:f3: 7a:03:bf:a6:d4:fd:20:f5:17:6b:ac:a9:87:e8:71:01:d7:48: 8f:9a:f3:ed:43:60:58:73:62:b2:99:82:d7:98:97:45:09:90: 0c:21:02:82:3b:2a:e7:c7:fe:76:90:00:d9:db:87:c7:e5:93: 14:6a:6e:3b:fd:47:fc:d5:cd:95:a7:cc:ea:49:c0:64:c5:e7: 55:cd:2f:b1:e0:2b:3d:c4:a1:18:77:fb:73:93:69:92:dd:9d: d8:a5:2b:5f:31:25:ea:94:67:49:4e:3f:05:bf:6c:97:a3:1b: 02:bf:2b:b0 -----BEGIN CERTIFICATE----- MIIECjCCAvKgAwIBAgIJALucG3KnHdHiMA0GCSqGSIb3DQEBBQUAMH0xCzAJBgNV BAYTAkNVMQ8wDQYDVQQIDAZIYXZhbmExEDAOBgNVBAoMB0ZyZWVrZXMxEDAOBgNV BAsMB0ZyZWVrZXMxGTAXBgNVBAMMEG1pbGRhcC5hbWlnb3MuY3UxHjAcBgkqhkiG 9w0BCQEWD2Zyb2RvQGFtaWdvcy5jdTAeFw0xMzExMjEwNTI3NTJaFw0xNDExMjEw NTI3NTJaMIGOMQswCQYDVQQGEwJDVTEPMA0GA1UECAwGSGF2YW5hMQ8wDQYDVQQH DAZIYXZhbmExEDAOBgNVBAoMB0ZyZWVrZXMxEDAOBgNVBAsMB0ZyZWVrZXMxGTAX BgNVBAMMEG1pbGRhcC5hbWlnb3MuY3UxHjAcBgkqhkiG9w0BCQEWD2Zyb2RvQGFt aWdvcy5jdTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMdSSXLck6q8 bFkAXAh04XrZ9AYEpbVHFmru6DeGV8uoLocTJyOrX4Vp/d+t2wCDQ03cTya4YtG3 XGCYYYms5eSZYl02z5R9Wbc7vt0UDS6jhzoLj9lpWO4egqiVg4BLkpx2jjWQ1FNx ss+IKt9vF9AY86WMHl9fBXqNHSTYz9YRUA3PGC59hHw7eyC1h5HluhNwe3k8TCHf +8Y4kpNNpxyqvTBMYebIjeToFE91N5+uuXsxN+m7c3+CwcySIf0aBaueglnI8pV8 a9SXSIrOwdEmf744DlOnA8YwgEP09t8uj2JIoIwwa7a6No49uWegSKgSt8maxrr1 RVjHpRrnT4sCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3Bl blNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFIBijEReXLhnH+XD UCmGveQVcjSYMB8GA1UdIwQYMBaAFHmzsvdHZ5KfisIcPBpo/dT210CaMA0GCSqG SIb3DQEBBQUAA4IBAQBmIFxvWMF91/apgqsrYhUfMVpWgg7/c08/mzZeaCS0Fz/9 7Z+WQ3Dyi18izO1Jz4TzzpBY+psdvQvNdfM85fyo47eKZUAEHmHe6oQ5k4HG9p3P Xdc1lh+Xjd2OZQvWxAGo/E03LddQ/fkiMJdF9WQO+odGOLNvPw/vYMokhk0jDHlN d/vw3j8uowdLzRreT/N6A7+m1P0g9RdrrKmH6HEB10iPmvPtQ2BYc2KymYLXmJdF CZAMIQKCOyrnx/52kADZ24fH5ZMUam47/Uf81c2Vp8zqScBkxedVzS+x4Cs9xKEY d/tzk2mS3Z3YpStfMSXqlGdJTj8Fv2yXoxsCvyuw -----END CERTIFICATE----- Signed certificate is in newcert.pem ################################################################### ################################################################### :~/myca# cp demoCA/cacert.pem /etc/ssl/certs/ :~/myca# mv newcert.pem /etc/ssl/certs/mildap-cert.pem :~/myca# mv newreq.pem /etc/ssl/private/mildap-key.pem : ~/myca# chmod 600 /etc/ssl/private/mildap-key.pem :~/myca# nano certinfo.ldif dn: cn = ukongeza ukongeza: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem - yongeza: olcTLSCertificateFile olcTLSCertificateFile: /etc/ssl/certs/mildap-certficac-certficTLSCerSCert-cert. Ifayile: / etc/ssl/private /mildap-key.pem :~/myca# ldapmodify -Y NGAPHANDLE -H ldapi:/// -f /root/myca/certinfo.ldif :~/myca# ukufaneleka kokufaka i-ssl-cert :~/myca# adduser openldap ssl-cert Ukongeza umsebenzisi `openldap' kwiqela `ssl-cert' ... Ukongeza umsebenzisi openldap kwiqela ssl-cert Kwenziwe. :~/myca# chgrp ssl-cert /etc/ssl/private/mildap-key.pem :~/myca# chmod g+r /etc/ssl/private/mildap-key.pem :~/myca# chmod okanye /etc/ssl/private/mildap-key.pem :~/myca# inkonzo slapd qala kwakhona [ok] Ukumisa i-OpenLDAP: qhwaba. [ok] Ukuqalisa i-OpenLDAP: slapd. :~/myca# umsila /var/log/syslog
Ngale ngcaciso kunye namanqaku angaphambili, ngoku sinokusebenzisa i-Wheezy njengenkqubo yokusebenza yeNkonzo yethu yoLawulo.
Qhubeka nathi kwisitolingi esilandelayo!!!.
Ndilubeka njani olu hlobo lwezatifikethi okanye i-https kwiwebhusayithi? ngaphandle kokubhenela kwinkampani, iqumrhu okanye iphepha langaphandle
Zeziphi ezinye iindlela esinazo isiqinisekiso sakho?
Ngokomzekelo, ifayile ye cacert.pem yesatifikethi kukuqalisa umjelo wonxibelelwano ofihliweyo phakathi komxhasi kunye nomncedisi, nokuba kumncedisi apho sine-OpenLDAP, okanye kumxhasi oqinisekisa ngokuchasene noMlawuli.
Kumncedisi kunye nomxhasi, kufuneka uchaze indawo yayo kwifayile /etc/ldap/ldap.conf, njengoko kuchaziwe kwinqaku elidlulileyo:
/etc/ldap/ldap.conf ifayile
ISISEKO dc=abahlobo,dc=cu
URI ldap://mildap.amigos.cu
#SIZELIMIT 12
#UMDA 15
#DEREF zange
# Izatifikethi ze-TLS (ezifunekayo kwi-GnuTLS)
TLS_CACERT /etc/ssl/certs/cacert.pem
Kunjalo, kwimeko yomxhasi, kufuneka ukhuphele loo fayile kwi/etc/ssl/certs folder. Ukususela ngoko, ungasebenzisa i-StartTLS ukunxibelelana neseva ye-LDAP. Ndikucebisa ukuba ufunde amanqaku angaphambili.
Phendula nge quote
Enkosi ngokwabelana ngolu lwazi Ndilulungisa njani uqhagamshelo lwezixhobo zomsindo zebluetooth kwiiWindows 10