MySQL : Différence entre versions
(→Création du certificat auto-signé) |
(→SSL) |
||
Ligne 1 : | Ligne 1 : | ||
== SSL == | == SSL == | ||
− | === Création de la clé privée === | + | === Autorité de certification === |
+ | |||
+ | ==== Création de la clé privée ==== | ||
* On se place dans le dossier '''/etc/ssl/private''' qui contient les clés et certificats privées : | * On se place dans le dossier '''/etc/ssl/private''' qui contient les clés et certificats privées : | ||
Ligne 13 : | Ligne 15 : | ||
Cette clé va nous permettre de signer nos propres certificats. | Cette clé va nous permettre de signer nos propres certificats. | ||
− | === Création du certificat auto-signé === | + | ==== Création du certificat auto-signé ==== |
* On lance la création de certificat auto-signé : | * On lance la création de certificat auto-signé : | ||
− | {{ Box Console | objet=openssl req -new -x509 -nodes -days | + | {{ Box Console | objet=openssl req -new -x509 -nodes -days 365 -key ca.key -out ca.crt<br /> |
<font color=grey>You are about to be asked to enter information that will be incorporated<br /> | <font color=grey>You are about to be asked to enter information that will be incorporated<br /> | ||
into your certificate request.<br /> | into your certificate request.<br /> | ||
Ligne 32 : | Ligne 34 : | ||
Common Name (e.g. server FQDN or YOUR name) []:10.0.0.47<br /> | Common Name (e.g. server FQDN or YOUR name) []:10.0.0.47<br /> | ||
Email Address []:tech@ncad.fr }} | Email Address []:tech@ncad.fr }} | ||
+ | |||
+ | === Certificat serveur === | ||
+ | |||
+ | {{ Box Console | objet=sudo openssl genrsa -out mysql.key 2048 }} | ||
+ | |||
+ | {{ Box Console | objet=sudo openssl req -new -key mysql.key -out mysql.csr<br /> | ||
+ | <font color=grey>You are about to be asked to enter information that will be incorporated<br /> | ||
+ | into your certificate request.<br /> | ||
+ | What you are about to enter is what is called a Distinguished Name or a DN.<br /> | ||
+ | There are quite a few fields but you can leave some blank<br /> | ||
+ | For some fields there will be a default value,<br /> | ||
+ | If you enter '.', the field will be left blank.<br /> | ||
+ | - - - - -<br /></font> | ||
+ | Country Name (2 letter code) [AU]:FR<br /> | ||
+ | State or Province Name (full name) [Some-State]:Paris<br /> | ||
+ | Locality Name (eg, city) []:Paris<br /> | ||
+ | Organization Name (eg, company) [Internet Widgits Pty Ltd]:NCad Network<br /> | ||
+ | Organizational Unit Name (eg, section) []:Intranet Goulouxiou<br /> | ||
+ | Common Name (e.g. server FQDN or YOUR name) []:10.0.0.47<br /> | ||
+ | Email Address []:tech@ncad.fr<br /> | ||
+ | <br /> | ||
+ | Please enter the following 'extra' attributes<br /> | ||
+ | to be sent with your certificate request<br /> | ||
+ | A challenge password []:Le soleil est noir.<br /> | ||
+ | An optional company name []:NCad Network }} | ||
+ | |||
+ | {{ Box Console | objet=openssl x509 -req -in mysql.csr -days 365 -CA ca.crt -CAkey ca.key -set_serial 01 -out mysql.crt<br /> | ||
+ | Signature ok<br /> | ||
+ | subject=/C=FR/ST=Paris/L=Paris/O=NCad Network/OU=Intranet <br />Goulouxiou/CN=10.0.0.47/emailAddress=tech@ncad.fr<br /> | ||
+ | Getting CA Private Key }} |
Version du 4 février 2014 à 17:35
Sommaire
SSL
Autorité de certification
Création de la clé privée
- On se place dans le dossier /etc/ssl/private qui contient les clés et certificats privées :
|
- On génère la clé privée :
|
Cette clé va nous permettre de signer nos propres certificats.
Création du certificat auto-signé
- On lance la création de certificat auto-signé :
|
Certificat serveur
|
|
|