Cytat
:/usr/lib/ssl/misc# ./CA.pl -newca
CA certificate filename (or enter to create)
Making CA certificate ...
Generating a 1024 bit RSA private key
.....................................++++++
.........++++++
writing new private key to './demoCA/private/cakey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]
L
State or Province Name (full name) [Some-State]:Mazowieckie
Locality Name (eg, city) []:Miasto
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Serwer
Organizational Unit Name (eg, section) []:s
Common Name (eg, YOUR name) []:s
Email Address []:serwer@s.pl
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /usr/lib/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem:
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number:
ce:ff:fa:f3:aa:db:b4:be
Validity
Not Before: Jun 4 08:11:11 2010 GMT
Not After : Jun 3 08:11:11 2013 GMT
Subject:
countryName = PL
stateOrProvinceName = Mazowieckie
organizationName = Serwer
organizationalUnitName = s
commonName = sspr
emailAddress = serwer@s.pl
X509v3 extensions:
X509v3 Subject Key Identifier:
72:E0:76:CB:EA:98:20:76:E2:B2:E6:67:CC:2C:97:99:6E:13:20:16
X509v3 Authority Key Identifier:
keyid:72:E0:76:CB:EA:98:20:76:E2:B2:E6:67:CC:2C:97:99:6E:13:20:16
DirName:/C=PL/ST=Mazowieckie/O=Serwer Studencki Politechniki Radomskiej/OU=sspr/CN=sspr/emailAddress=serwer@pr.radom.pl
serial:CE:FF:FA:F3:AA:DB:B4:BE
X509v3 Basic Constraints:
CA:TRUE
Certificate is to be certified until Jun 3 08:11:11 2013 GMT (1095 days)
Write out database with 1 new entries
Data Base Updated
stu:/usr/lib/ssl/misc# openssl x509 -setalias "Serwer" -outform DER -in demoCA/cacert.pem -out cacert.der
stu:/usr/lib/ssl/misc# vi /usr/lib/ssl/openssl.cnf <-- odkomentowanie nsCertType = server
stu:/usr/lib/ssl/misc# ./CA.pl -newreq-nodes
Generating a 1024 bit RSA private key
.....................................................++++++
................++++++
writing new private key to 'newkey.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]L
State or Province Name (full name) [Some-State]:Mazowieckie
Locality Name (eg, city) []:Miasto
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Serwer
Organizational Unit Name (eg, section) []:s
Common Name (eg, YOUR name) []:s
Email Address []:serwer@s.pl
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Request is in newreq.pem, private key is in newkey.pem
stu:/usr/lib/ssl/misc# ./CA.pl -sign
Using configuration from /usr/lib/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem:
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number:
ce:ff:fa:f3:aa:db:b4:bf
Validity
Not Before: Jun 4 08:21:30 2010 GMT
Not After : Jun 4 08:21:30 2011 GMT
Subject:
countryName = PL
stateOrProvinceName = Mazowieckie
localityName = Miasto
organizationName = Serwer
organizationalUnitName = s
commonName = s
emailAddress = serwer@s.pl
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
FC:6E:24:85:37:44:93:A5:15:73:BF:08:24:32:EE:15:51:8E:66:73
X509v3 Authority Key Identifier:
keyid:72:E0:76:CB:EA:98:20:76:E2:B2:E6:67:CC:2C:97:99:6E:13:20:16
Certificate is to be certified until Jun 4 08:21:30 2011 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
Signed certificate is in newcert.pem
CA certificate filename (or enter to create)
Making CA certificate ...
Generating a 1024 bit RSA private key
.....................................++++++
.........++++++
writing new private key to './demoCA/private/cakey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]
LState or Province Name (full name) [Some-State]:Mazowieckie
Locality Name (eg, city) []:Miasto
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Serwer
Organizational Unit Name (eg, section) []:s
Common Name (eg, YOUR name) []:s
Email Address []:serwer@s.pl
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /usr/lib/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem:
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number:
ce:ff:fa:f3:aa:db:b4:be
Validity
Not Before: Jun 4 08:11:11 2010 GMT
Not After : Jun 3 08:11:11 2013 GMT
Subject:
countryName = PL
stateOrProvinceName = Mazowieckie
organizationName = Serwer
organizationalUnitName = s
commonName = sspr
emailAddress = serwer@s.pl
X509v3 extensions:
X509v3 Subject Key Identifier:
72:E0:76:CB:EA:98:20:76:E2:B2:E6:67:CC:2C:97:99:6E:13:20:16
X509v3 Authority Key Identifier:
keyid:72:E0:76:CB:EA:98:20:76:E2:B2:E6:67:CC:2C:97:99:6E:13:20:16
DirName:/C=PL/ST=Mazowieckie/O=Serwer Studencki Politechniki Radomskiej/OU=sspr/CN=sspr/emailAddress=serwer@pr.radom.pl
serial:CE:FF:FA:F3:AA:DB:B4:BE
X509v3 Basic Constraints:
CA:TRUE
Certificate is to be certified until Jun 3 08:11:11 2013 GMT (1095 days)
Write out database with 1 new entries
Data Base Updated
stu:/usr/lib/ssl/misc# openssl x509 -setalias "Serwer" -outform DER -in demoCA/cacert.pem -out cacert.der
stu:/usr/lib/ssl/misc# vi /usr/lib/ssl/openssl.cnf <-- odkomentowanie nsCertType = server
stu:/usr/lib/ssl/misc# ./CA.pl -newreq-nodes
Generating a 1024 bit RSA private key
.....................................................++++++
................++++++
writing new private key to 'newkey.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]
LState or Province Name (full name) [Some-State]:Mazowieckie
Locality Name (eg, city) []:Miasto
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Serwer
Organizational Unit Name (eg, section) []:s
Common Name (eg, YOUR name) []:s
Email Address []:serwer@s.pl
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Request is in newreq.pem, private key is in newkey.pem
stu:/usr/lib/ssl/misc# ./CA.pl -sign
Using configuration from /usr/lib/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem:
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number:
ce:ff:fa:f3:aa:db:b4:bf
Validity
Not Before: Jun 4 08:21:30 2010 GMT
Not After : Jun 4 08:21:30 2011 GMT
Subject:
countryName = PL
stateOrProvinceName = Mazowieckie
localityName = Miasto
organizationName = Serwer
organizationalUnitName = s
commonName = s
emailAddress = serwer@s.pl
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
FC:6E:24:85:37:44:93:A5:15:73:BF:08:24:32:EE:15:51:8E:66:73
X509v3 Authority Key Identifier:
keyid:72:E0:76:CB:EA:98:20:76:E2:B2:E6:67:CC:2C:97:99:6E:13:20:16
Certificate is to be certified until Jun 4 08:21:30 2011 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
Signed certificate is in newcert.pem
Mimo tego strona nie wchodzi mi przez https. Możecie mi podpowiedzieć co zrobiłem źle albo czego jeszcze nie zrobiłem ?