Inqubo yokufaka nokucushwa kwe- ngempama, kanye nakho konke okunye okuboniswe kuzindatshana ezimbili ezedlule, ngaphandle kokukhiqizwa kwezitifiketi, kusebenza ku-Wheezy.
Sizosebenzisa isitayela se-console ikakhulukazi ngoba imayelana nemiyalo yekhonsoli. Sishiya yonke imiphumela ukuze sithole ukucaciseleka futhi sikwazi ukufunda ngokucophelela ukuthi iyiphi inqubo ebuyisa inqubo, okungenjalo cishe asikaze siyifunde ngokucophelela.
Ukunakekelwa okukhulu kakhulu okumele sibe nakho lapho besibuza:
Igama Elijwayelekile (isb. Iseva FQDN noma igama LAKHO) []:ubumnene.amigos.cu
futhi kufanele sibhale I-FQDN kusuka kuseva yethu ye-LDAP, esimweni sethu okuyi- ubumnene.amigos.cu. Ngaphandle kwalokho, isitifiketi ngeke sisebenze kahle.
Ukuthola izitifiketi, sizolandela inqubo elandelayo:
: ~ # mkdir / impande / myca : ~ # cd / impande / myca / : ~ / myca # / usr/lib/ssl/misc/CA.sh -newca Igama lefayela lesitifiketi se-CA (noma faka ukudala) Ukwenza isitifiketi se-CA ... Kukhiqiza ukhiye wangasese we-2048 bit RSA ................ +++ ......... ........................... +++ ukubhala ukhiye omusha wangasese ku './demoCA/private/./cakey.pem' Faka ibinzana lokudlula le-PEM:i-xeon Iyaqinisekisa - Faka ibinzana lokudlula le-PEM:xeon ----- Usuzocelwa ukuthi ufake imininingwane ezofakwa esicelweni sakho sesitifiketi. Lokho osuzokufaka yilokho okubizwa ngegama elihlukanisiwe noma i-DN. Kunezinkambu ezimbalwa impela kepha ungashiya okunye kungenalutho Kwamanye amasimu kuzoba nenani elizenzakalelayo, Uma ufaka u '.', Inkambu izoshiywa ingenalutho. ----- Igama Lezwe (ikhodi yezinhlamvu ezi-2) [AU]:CU Igama Lombuso noma Lesifundazwe (igama eligcwele) [Ezinye-Izwe]:Habana Igama Lendawo (isb., Idolobha) []:Habana Igama lenhlangano (isb., Inkampani) [Internet Widgits Pty Ltd]:Ama-Freekes Igama Leyunithi Yezinhlangano (isib., Isigaba) []:Ama-Freekes Igama Elijwayelekile (isb. Iseva FQDN noma igama LAKHO) []:ubumnene.amigos.cu Ikheli le-imeyili []:frodo@amigos.cu Sicela ufake izimfanelo ezilandelayo 'ezingeziwe' ezizothunyelwa nesicelo sakho sesitifiketi Iphasiwedi eyinselele []:i-xeon Igama lenkampani elingakhethwa []:Ama-Freekes asebenzisa ukumiswa kusuka ku / usr/lib/ssl/openssl.cnf Faka ibinzana lokudlula le- ./demoCA/private/./cakey.pem:xeon Bheka ukuthi isicelo sihambisana yini nesiginesha Imininingwane Yesitifiketi Ok: Isitifiketi senombolo: bb: 9c: 1b: 72: a7: 1d: d1: e1 Ukusebenza Not Ngaphambi: Nov 21 05:23:50 2013 GMT Not After: Nov 20 05 Isihloko: 23: 50 2016 GMT Isihloko: countryName = CU stateOrProvinceName = Habana organizationName = Freekes organisationalUnitName = Freekes commonName = mildap.amigos.cu emailAddress = frodo@amigos.cu X509v3 extensions: X509v3 Subject Key Identifier: 79: B3: B2: B7: B47: B67: B92: B9: B8: B2: B1: B3: B1 68: 4: 6: 7F: 40A: C9: 509C: 3C: 79A: 3: FD: D2: F7: D47: 67: 92A X9v8 Isikhombi Sokhiye Wamandla: keyid: 2: B1: B3: F1: 68: 4: 6: 7F: 40A: C9: 509C: 3C: 20A: 05: FD: D23: F50: D2016: 1095: 1A XXNUMXvXNUMX Izingqinamba Eziyisisekelo: CA: Isitifiketi SOKUQINISEKA kumele siqinisekiswe kuze kube nguNovemba XNUMX XNUMX:XNUMX:XNUMX XNUMX GMT ( Izinsuku eziyi-XNUMX) Bhala imininingo egciniwe enokufaka okusha okungu-XNUMX kweDatha Base Okubuyekeziwe # # ######################### ############################### # ##### : ~ / myca # openssl req -new -nodes -keyout newreq.pem -out newreq.pem Idala ukhiye wangasese we-2048 bit RSA ......... +++ ............................... +++ ubhala ukhiye omusha wangasese ku- 'newreq.pem' ----- Usuzocelwa ukuthi ufake imininingwane ezofakwa esicelweni sakho sesitifiketi. Lokho osuzokufaka yilokho okubizwa ngegama elihlukanisiwe noma i-DN. Kunezinkambu ezimbalwa impela kepha ungashiya okunye kungenalutho Kwamanye amasimu kuzoba nenani elizenzakalelayo, Uma ufaka u '.', Inkambu izoshiywa ingenalutho. ----- Igama Lezwe (ikhodi yezinhlamvu ezi-2) [AU]:CU Igama Lombuso noma Lesifundazwe (igama eligcwele) [Ezinye-Izwe]:Habana Igama Lendawo (isb., Idolobha) []:Habana Igama lenhlangano (isb., Inkampani) [Internet Widgits Pty Ltd]:Ama-Freekes Igama Leyunithi Yezinhlangano (isib., Isigaba) []:Ama-Freekes Igama Elijwayelekile (isb. Iseva FQDN noma igama LAKHO) []:ubumnene.amigos.cu Ikheli le-imeyili []:frodo@amigos.cu Sicela ufake izimfanelo ezilandelayo 'ezingeziwe' ezizothunyelwa nesicelo sakho sesitifiketi Iphasiwedi eyinselele []:i-xeon Igama lenkampani elingakhethwa []:Ama-Freekes ###################### # ############################### # ############################## : ~ / myca # / usr/lib/ssl/misc/CA.sh -sign Usebenzisa ukumiswa kusuka /usr/lib/ssl/openssl.cnf Faka ibinzana lokudlula le- ./demoCA/private/cakey.pem:xeon Bheka ukuthi isicelo sihambisana yini nesiginesha Imininingwane Yesitifiketi Ok: Isitifiketi senombolo: bb: 9c: 1b: 72: a7: 1d: d1: e2 Ukusebenza Not Ngaphambi: Nov 21 05:27:52 2013 GMT Hhayi Ngemuva: Nov 21 05 Isihloko: 27: 52 2014 GMT Isihloko: countryName = CU stateOrProvinceName = Habana localityName = Habana organizationName = Freekes organisationalUnitName = Freekes commonName = mildap.amigos.cu emailAddress = frodo@amigos.cu X509v3 extensions: X509v3 Imingcele Yezokuphepha: I-X509v3 Izingqinamba Eziyisisekelo: Izinkinga Zokuqala Zokuphepha: I-X80v62 Imingcele Yezokuphepha: I-X8v44 Imingcele Yezokuphepha: I-XRUMXC: Izimiso Eziyisisekelo ZaseCapeSEC: I-Basic Code: Isikhombi Sokhiye Wokhiye we-OpenSSL X5v5 Isihlonzi Sokhiye Wesihloko: 8: 67: 1C: 5: 3E: 50C: B29: 86: 4F: E15: C72: 34: 98: 509: BD: E3: 79: 3: 2: 7 X47v67 Ukhiye Wokugunyazwa Isikhombi: keyid: 92: B9: B8: F2: 1: 3: 1: 68F: 4A: C6: 7C: 40C: 9A: 21: FD: D05: F27: D52: 2014: 365A Isitifiketi kumele siqinisekiswe kuze kube ngu-Nov XNUMX XNUMX:XNUMX:XNUMX XNUMX GMT (izinsuku ezingama-XNUMX) Sayina isitifiketi? [y / n]:y Isicelo sesitifiketi esingu-1 kwezingu-1 siqinisekisiwe, yenza? [y / n]y Write out database with 1 new entries Data Base Updated Certificate: Data: Version: 3 (0x2) Serial Number: bb:9c:1b:72:a7:1d:d1:e2 Signature Algorithm: sha1WithRSAEncryption Issuer: C=CU, ST=Habana, O=Freekes, OU=Freekes, CN=mildap.amigos.cu/emailAddress=frodo@amigos.cu Validity Not Before: Nov 21 05:27:52 2013 GMT Not After : Nov 21 05:27:52 2014 GMT Subject: C=CU, ST=Habana, L=Habana, O=Freekes, OU=Freekes, CN=mildap.amigos.cu/emailAddress=frodo@amigos.cu Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:c7:52:49:72:dc:93:aa:bc:6c:59:00:5c:08:74: e1:7a:d9:f4:06:04:a5:b5:47:16:6a:ee:e8:37:86: 57:cb:a8:2e:87:13:27:23:ab:5f:85:69:fd:df:ad: db:00:83:43:4d:dc:4f:26:b8:62:d1:b7:5c:60:98: 61:89:ac:e5:e4:99:62:5d:36:cf:94:7d:59:b7:3b: be:dd:14:0d:2e:a3:87:3a:0b:8f:d9:69:58:ee:1e: 82:a8:95:83:80:4b:92:9c:76:8e:35:90:d4:53:71: b2:cf:88:2a:df:6f:17:d0:18:f3:a5:8c:1e:5f:5f: 05:7a:8d:1d:24:d8:cf:d6:11:50:0d:cf:18:2e:7d: 84:7c:3b:7b:20:b5:87:91:e5:ba:13:70:7b:79:3c: 4c:21:df:fb:c6:38:92:93:4d:a7:1c:aa:bd:30:4c: 61:e6:c8:8d:e4:e8:14:4f:75:37:9f:ae:b9:7b:31: 37:e9:bb:73:7f:82:c1:cc:92:21:fd:1a:05:ab:9e: 82:59:c8:f2:95:7c:6b:d4:97:48:8a:ce:c1:d1:26: 7f:be:38:0e:53:a7:03:c6:30:80:43:f4:f6:df:2e: 8f:62:48:a0:8c:30:6b:b6:ba:36:8e:3d:b9:67:a0: 48:a8:12:b7:c9:9a:c6:ba:f5:45:58:c7:a5:1a:e7: 4f:8b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 80:62:8C:44:5E:5C:B8:67:1F:E5:C3:50:29:86:BD:E4:15:72:34:98 X509v3 Authority Key Identifier: keyid:79:B3:B2:F7:47:67:92:9F:8A:C2:1C:3C:1A:68:FD:D4:F6:D7:40:9A Signature Algorithm: sha1WithRSAEncryption 66:20:5c:6f:58:c1:7d:d7:f6:a9:82:ab:2b:62:15:1f:31:5a: 56:82:0e:ff:73:4f:3f:9b:36:5e:68:24:b4:17:3f:fd:ed:9f: 96:43:70:f2:8b:5f:22:cc:ed:49:cf:84:f3:ce:90:58:fa:9b: 1d:bd:0b:cd:75:f3:3c:e5:fc:a8:e3:b7:8a:65:40:04:1e:61: de:ea:84:39:93:81:c6:f6:9d:cf:5d:d7:35:96:1f:97:8d:dd: 8e:65:0b:d6:c4:01:a8:fc:4d:37:2d:d7:50:fd:f9:22:30:97: 45:f5:64:0e:fa:87:46:38:b3:6f:3f:0f:ef:60:ca:24:86:4d: 23:0c:79:4d:77:fb:f0:de:3f:2e:a3:07:4b:cd:1a:de:4f:f3: 7a:03:bf:a6:d4:fd:20:f5:17:6b:ac:a9:87:e8:71:01:d7:48: 8f:9a:f3:ed:43:60:58:73:62:b2:99:82:d7:98:97:45:09:90: 0c:21:02:82:3b:2a:e7:c7:fe:76:90:00:d9:db:87:c7:e5:93: 14:6a:6e:3b:fd:47:fc:d5:cd:95:a7:cc:ea:49:c0:64:c5:e7: 55:cd:2f:b1:e0:2b:3d:c4:a1:18:77:fb:73:93:69:92:dd:9d: d8:a5:2b:5f:31:25:ea:94:67:49:4e:3f:05:bf:6c:97:a3:1b: 02:bf:2b:b0 -----BEGIN CERTIFICATE----- MIIECjCCAvKgAwIBAgIJALucG3KnHdHiMA0GCSqGSIb3DQEBBQUAMH0xCzAJBgNV BAYTAkNVMQ8wDQYDVQQIDAZIYXZhbmExEDAOBgNVBAoMB0ZyZWVrZXMxEDAOBgNV BAsMB0ZyZWVrZXMxGTAXBgNVBAMMEG1pbGRhcC5hbWlnb3MuY3UxHjAcBgkqhkiG 9w0BCQEWD2Zyb2RvQGFtaWdvcy5jdTAeFw0xMzExMjEwNTI3NTJaFw0xNDExMjEw NTI3NTJaMIGOMQswCQYDVQQGEwJDVTEPMA0GA1UECAwGSGF2YW5hMQ8wDQYDVQQH DAZIYXZhbmExEDAOBgNVBAoMB0ZyZWVrZXMxEDAOBgNVBAsMB0ZyZWVrZXMxGTAX BgNVBAMMEG1pbGRhcC5hbWlnb3MuY3UxHjAcBgkqhkiG9w0BCQEWD2Zyb2RvQGFt aWdvcy5jdTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMdSSXLck6q8 bFkAXAh04XrZ9AYEpbVHFmru6DeGV8uoLocTJyOrX4Vp/d+t2wCDQ03cTya4YtG3 XGCYYYms5eSZYl02z5R9Wbc7vt0UDS6jhzoLj9lpWO4egqiVg4BLkpx2jjWQ1FNx ss+IKt9vF9AY86WMHl9fBXqNHSTYz9YRUA3PGC59hHw7eyC1h5HluhNwe3k8TCHf +8Y4kpNNpxyqvTBMYebIjeToFE91N5+uuXsxN+m7c3+CwcySIf0aBaueglnI8pV8 a9SXSIrOwdEmf744DlOnA8YwgEP09t8uj2JIoIwwa7a6No49uWegSKgSt8maxrr1 RVjHpRrnT4sCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3Bl blNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFIBijEReXLhnH+XD UCmGveQVcjSYMB8GA1UdIwQYMBaAFHmzsvdHZ5KfisIcPBpo/dT210CaMA0GCSqG SIb3DQEBBQUAA4IBAQBmIFxvWMF91/apgqsrYhUfMVpWgg7/c08/mzZeaCS0Fz/9 7Z+WQ3Dyi18izO1Jz4TzzpBY+psdvQvNdfM85fyo47eKZUAEHmHe6oQ5k4HG9p3P Xdc1lh+Xjd2OZQvWxAGo/E03LddQ/fkiMJdF9WQO+odGOLNvPw/vYMokhk0jDHlN d/vw3j8uowdLzRreT/N6A7+m1P0g9RdrrKmH6HEB10iPmvPtQ2BYc2KymYLXmJdF CZAMIQKCOyrnx/52kADZ24fH5ZMUam47/Uf81c2Vp8zqScBkxedVzS+x4Cs9xKEY d/tzk2mS3Z3YpStfMSXqlGdJTj8Fv2yXoxsCvyuw -----END CERTIFICATE----- Signed certificate is in newcert.pem ################################################################### ################################################################### : ~ / myca # cp demoCA / cacert.pem / njll / ssl / izitifiketi / : ~ / myca # mv newcert.pem /etc/ssl/certs/mildap-cert.pem : ~ / myca # mv newreq.pem /etc/ssl/private/mildap-key.pem : ~ / myca # chmod 600 /etc/ssl/private/mildap-key.pem : ~ / myca # nano certinfo.ldif dn: cn = ukumisa engeza: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem - engeza: olcTLSCertificateFile olcTLSCertificateFile: /etc/ssl/certs/mildap-cert.pem - engeza: olcTLSCFertert/iletertet/certition/ilenc njll / mildap-key.pem : ~ / myca # ldapmodify -YANGAPHANDLE -H ldapi: /// -f /root/myca/certinfo.ldif : ~ / myca # ukufaneleka ukufaka i-ssl-cert : ~ / myca # adduser evulekile i-ssl-cert Ukungeza umsebenzisi `openldap 'eqenjini` ssl-cert' ... Ukungeza i-openldap yomsebenzisi eqenjini le-ssl-cert Kwenziwe. : ~ / myca # chgrp ssl-cert /etc/ssl/private/mildap-key.pem : ~ / myca # chmod g + r /etc/ssl/eyimfihlo/mildap-key.pem : ~ / myca # chmod noma /etc/ssl/private/mildap-key.pem : ~ / myca # service slapd restart [kulungile] Ukumisa i-OpenLDAP: slapd. [kulungile] Iqala i-OpenLDAP: slapd. : ~ / myca # umsila / var / log / syslog
Ngale ncazelo nangezindatshana ezandulele, manje sesingasebenzisa i-Wheezy njengohlelo lokusebenza lwe-Directory Service yethu.
Qhubeka nathi kwisitolimende esilandelayo !!!.
Ngingalubeka kanjani lolu hlobo lwesitifiketi noma ama-https kuwebhusayithi? ngaphandle kokusebenzisa inkampani, ibhizinisi noma ikhasi langaphandle
Yikuphi okunye ukusetshenziswa kwesitifiketi sakho?
Esibonelweni, ifayela le-cacert.pem lesitifiketi ukusebenzisa ishaneli yokuxhumana ebethelwe phakathi kweklayenti neseva, kungaba kuseva uqobo lapho sine-OpenLDAP, noma kwiklayenti eligunyaza ngokumelene ne-Directory.
Kwiseva nakwiklayenti, kufanele umemezele indawo yabo kufayela le / /etc/ldap/ldap.conf, njengoba kuchaziwe ku-athikili eyedlule:
/Etc/ldap/ldap.conf ifayela
BASE dc = abangane, dc = cu
I-ldap ye-URI: //mildap.amigos.cu
#SIZELIMIT 12
#ISIKHATHI 15
#DEREF akakaze
Izitifiketi ze- # TLS (ziyadingeka ku-GnuTLS)
I-TLS_CACERT /etc/ssl/certs/cacert.pem
Vele, esimweni seklayenti, kufanele ukopishe lelo fayela kufolda ye- / etc / ssl / certs. Kusukela lapho kuqhubeke, ungasebenzisa i-StartTLS ukuxhumana neseva ye-LDAP. Ngincoma ukuthi ufunde izindatshana ezandulele.
Phendula ngokucaphuna
Siyabonga ngokwabelana ngalolu lwazi Ngikulungisa kanjani ukuxhumana kwamadivayisi we-bluetooth ku-windows 10