本文是依據 GCA 官方網站1), 實際處理的過程所整理程序.
openssl genrsa -des3 -out server.key 1024 設定密碼
openssl req -new -days 1825 -key server.key -out server.csr
Country Name (2 letter code) [GB]:TW State or Province Name (full name) [Berkshire]:Taiwan Locality Name (eg, city) [Newbury]:Taipei Organization Name (eg, company) [My Company Ltd]:Ministry of Economic Affairs,R.O.C. Organizational Unit Name (eg, section) []:Information management center Common Name (eg, your name or your server's hostname) []:ed.moea.gov.tw Email Address []:[email protected] Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
openssl pkcs7 -in GRCA_GCA.p7b -inform DER -print_certs -out GRCA_GCA.pem
cp GRCA_GCA.pem /etc/pki/tls/certs/ca.crt
: SSLCertificateChainFile /etc/pki/tls/certs/ca.crt :
openssl x509 -in server.cer -inform DER -out server.pem openssl rsa -in server.key -out mycert.pem <- 輸入 PIN 碼
cp server.pem /etc/pki/tls/certs/server.crt cp mycert.pem /etc/pki/tls/private/mycert.pem
: SSLCertificateFile /etc/pki/tls/certs/server.crt : SSLCertificateKeyFile /etc/pki/tls/private/mycert.pem :
<OBJECT data="http://grca.nat.gov.tw/pse/InstallRootCert.html" type="text/html"> </OBJECT>