cp ServerCA.crt /etc/pki/tls/certs/ cp ServerCA.key /etc/pki/tls/certs/ cp RootCA.crt /etc/pki/tls/certs/ cd /etc/pki/tls/certs/ chmod og-rwx ServerCA.crt chmod og-rwx ServerCA.key chmod og-rwx RootCA.crt
vi /etc/httpd/conf.d/ssl.conf
: LoadModule ssl_module modules/mod_ssl.so : SSLMutex default : SSLCertificateFile /etc/pki/tls/certs/ServerCA.crt SSLCertificateKeyFile /etc/pki/tls/certs/ServerCA.key SSLCACertificateFile /etc/pki/tls/certs/RootCA.crt : SSLVerifyClient require SSLVerifyDepth 1 :
openssl rsa -in /etc/pki/tls/certs/ServerCA.key -out /etc/pki/tls/certs/ServerCA.pem Enter pass phrase for private/svncert.key: <- 輸入 Pin Code writing RSA key <- 完成
vi /etc/httpd/conf.d/ssl.conf
: SSLCertificateKeyFile /etc/pki/tls/certs/ServerCA.pem :
: SSLCARevocationFile /etc/pki/tls/crl/ca-bundle-client.crl :
openssl crl -inform PEM -in trysoft.crl -text -CAfile /etc/pki/tls/certs/RootCA.crt > CRL.pem cat CRL.pem >> /etc/pki/tls/crl/ca-bundle-client.crl
[jonathan@pd920 certs]$ curl --cert ClientCA.pem https://mail.ichiayi.com/t.txt Enter PEM pass phrase: curl: (35) error:14094414:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate revoked
service httpd restart