阿里云SLB服务器SSL证书部署

00761708 · 郜兴晔 · 0a685028 · 00761708
Commit 00761708 authored Jul 09, 2015 by 郜兴晔
Hide whitespace changes
Inline Side-by-side

Showing with 46 additions and 0 deletions

ssl_ca.md ssl_ca.md +46 -0

No files found.
--- a/ssl_ca.md
+++ b/ssl_ca.md
+#SSL_CA 安装
+- 生成私钥申请CA：
+        参考http://docs.aliyun.com/?spm=5176.7189909.0.0.H2Ofhg#/pub/slb/faq/cert-faq
+
+- 登陆godaddy.com下载CA证书
+
+- 解压CA包： 
+        unzip XXXX.zip
+        ls 
+        eae08d8596e983ce.crt    gd_bundle-g2-g1.crt
+        
+- 验证CA证书(错误可忽略)： 
+        openssl verify  gd_bundle-g2-g1.crt
+        gd_bundle-g2-g1.crt: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
+        error 20 at 0 depth lookup:unable to get local issuer certificate
+        
+        openssl verify eae08d8596e983ce.crt
+        eae08d8596e983ce.crt: /OU=Domain Control Validated/CN=*.gengmei.cc
+        error 20 at 0 depth lookup:unable to get local issuer certificate
+        
+        openssl verify -CAfile gd_bundle-g2-g1.crt  gd_bundle-g2-g1.crt
+        gd_bundle-g2-g1.crt: OK
+        
+        openssl verify -CAfile gd_bundle-g2-g1.crt eae08d8596e983ce.crt
+        eae08d8596e983ce.crt: OK
+
+- 转换CA证书格式：
+        openssl x509 -in gd_bundle-g2-g1.crt -out  gengmei_gd.pem
+        openssl x509 -in eae08d8596e983ce.crt -out  gengmei_cc.pem
+        cat gengmei_cc.pem  gengmei_gd.pem  >  gengmei_ca.pem
+
+- 验证CA证书：
+        openssl x509 -x509toreq -in  gengmei_ca.pem  -out gengmei.csr  -signkey gengmei.key
+        Getting request Private Key
+        Enter pass phrase for gengmei.key:
+        ＃输入创建私钥的密码
+        Generating certificate request
+
+- 转换私钥证书格式（可选）：
+        openssl rsa -in gengmei.key -text > gengmei_pri.pem
+        Enter pass phrase for gengmei.key:
+        ＃输入创建私钥的密码
+        writing RSA key
+
+- 在负载均衡SLB上创建证书
+        参考http://docs.aliyun.com/?spm=5176.7189909.0.0.H2Ofhg#/pub/slb/faq/cert-faq