Get request[root@tsghweb openssl]# openssl genrsa -des3 -out server.key 1024Generating RSA private key, 1024 bit long modulus ............++++++ ..........++++++ e is 65537 (0x10001) Enter pass phrase for server.key: Verifying - Enter pass phrase for server.key: [root@tsghweb openssl]# openssl req -new -key server.key -out server.csr Enter pass phrase for server.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [GB]: State or Province Name (full name) [Berkshire]: Locality Name (eg, city) [Newbury]: Organization Name (eg, company) [My Company Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []: Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: [root@tsghweb openssl]# … … Verify CA file[root@tsghweb openssl]# openssl verify -CAfile rootca.crt -purpose sslserver rootcaserver.crtrootcaserver.crt: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server CA - G2 error 20 at 0 depth lookup:unable to get local issuer certificate [root@tsghweb openssl]# [root@tsghweb openssl]# openssl rsa -noout -modulus -in server.key | openssl sha1 Enter pass phrase for server.key:hp0521 fa955c5e12ba90274553d879ba144afb6f7a3946 [root@tsghweb openssl]# [root@tsghweb openssl]# openssl verify -CAfile rootcaserver.crt -purpose sslserver rootca.crt rootca.crt: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server CA - G2 error 2 at 1 depth lookup:unable to get issuer certificate [root@tsghweb openssl]# … … Impot certification[root@tsghweb openssl]# openssl pkcs7 -in server.p7b -inform DER -print_certs -out server-chain.pem [root@tsghweb openssl]# cp server-chain.pem /etc/pki/tls/certs/server-chain.crt [root@tsghweb openssl]# [root@tsghweb openssl]# openssl x509 -in server.cer -inform DER -out server.pem [root@tsghweb openssl]# cp server.pem /etc/pki/tls/certs/server.crt [root@tsghweb openssl]# service httpd restart Stopping httpd: [ OK ] Starting httpd: Apache/2.2.3 mod_ssl/2.2.3 (Pass Phrase Dialog) Some of your private key files are encrypted for security reasons. In order to read them you have to provide the pass phrases. Server www.hpmtaiwan.tw:443 (RSA) Enter pass phrase: OK: Pass Phrase Dialog successful. [ OK ] [root@tsghweb openssl]# |