MySQL : Différence entre versions

De Wiki NCad
Aller à : navigation, rechercher
(Création du certificat auto-signé)
(SSL)
Ligne 1 : Ligne 1 :
 
== SSL ==
 
== SSL ==
  
=== Création de la clé privée ===
+
=== Autorité de certification ===
 +
 
 +
==== Création de la clé privée ====
  
 
* On se place dans le dossier '''/etc/ssl/private''' qui contient les clés et certificats privées :
 
* On se place dans le dossier '''/etc/ssl/private''' qui contient les clés et certificats privées :
Ligne 13 : Ligne 15 :
 
Cette clé va nous permettre de signer nos propres certificats.
 
Cette clé va nous permettre de signer nos propres certificats.
  
=== Création du certificat auto-signé ===
+
==== Création du certificat auto-signé ====
  
 
* On lance la création de certificat auto-signé :
 
* On lance la création de certificat auto-signé :
  
{{ Box Console | objet=openssl req -new -x509 -nodes -days 500 -key ca.key -out ca.crt<br />
+
{{ Box Console | objet=openssl req -new -x509 -nodes -days 365 -key ca.key -out ca.crt<br />
 
<font color=grey>You are about to be asked to enter information that will be incorporated<br />
 
<font color=grey>You are about to be asked to enter information that will be incorporated<br />
 
into your certificate request.<br />
 
into your certificate request.<br />
Ligne 32 : Ligne 34 :
 
Common Name (e.g. server FQDN or YOUR name) []:10.0.0.47<br />
 
Common Name (e.g. server FQDN or YOUR name) []:10.0.0.47<br />
 
Email Address []:tech@ncad.fr }}
 
Email Address []:tech@ncad.fr }}
 +
 +
=== Certificat serveur ===
 +
 +
{{ Box Console | objet=sudo openssl genrsa -out mysql.key 2048 }}
 +
 +
{{ Box Console | objet=sudo openssl req -new -key mysql.key -out mysql.csr<br />
 +
<font color=grey>You are about to be asked to enter information that will be incorporated<br />
 +
into your certificate request.<br />
 +
What you are about to enter is what is called a Distinguished Name or a DN.<br />
 +
There are quite a few fields but you can leave some blank<br />
 +
For some fields there will be a default value,<br />
 +
If you enter '.', the field will be left blank.<br />
 +
- - - - -<br /></font>
 +
Country Name (2 letter code) [AU]:FR<br />
 +
State or Province Name (full name) [Some-State]:Paris<br />
 +
Locality Name (eg, city) []:Paris<br />
 +
Organization Name (eg, company) [Internet Widgits Pty Ltd]:NCad Network<br />
 +
Organizational Unit Name (eg, section) []:Intranet Goulouxiou<br />
 +
Common Name (e.g. server FQDN or YOUR name) []:10.0.0.47<br />
 +
Email Address []:tech@ncad.fr<br />
 +
<br />
 +
Please enter the following 'extra' attributes<br />
 +
to be sent with your certificate request<br />
 +
A challenge password []:Le soleil est noir.<br />
 +
An optional company name []:NCad Network }}
 +
 +
{{ Box Console | objet=openssl x509 -req -in mysql.csr -days 365 -CA ca.crt -CAkey ca.key -set_serial 01 -out mysql.crt<br />
 +
Signature ok<br />
 +
subject=/C=FR/ST=Paris/L=Paris/O=NCad Network/OU=Intranet <br />Goulouxiou/CN=10.0.0.47/emailAddress=tech@ncad.fr<br />
 +
Getting CA Private Key }}

Version du 4 février 2014 à 17:35

SSL

Autorité de certification

Création de la clé privée

  • On se place dans le dossier /etc/ssl/private qui contient les clés et certificats privées :
ICON Terminal.png

cd /etc/ssl/private

  • On génère la clé privée :
ICON Terminal.png

sudo openssl genrsa -out ca.key 2048

Cette clé va nous permettre de signer nos propres certificats.

Création du certificat auto-signé

  • On lance la création de certificat auto-signé :
ICON Terminal.png

openssl req -new -x509 -nodes -days 365 -key ca.key -out ca.crt
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
- - - --
 Country Name (2 letter code) [AU]:FR
State or Province Name (full name) [Some-State]:Paris
Locality Name (eg, city) []:Paris
Organization Name (eg, company) [Internet Widgits Pty Ltd]:NCad Network
Organizational Unit Name (eg, section) []:Autorité de certification
Common Name (e.g. server FQDN or YOUR name) []:10.0.0.47
Email Address []:tech@ncad.fr

Certificat serveur

ICON Terminal.png

sudo openssl genrsa -out mysql.key 2048

ICON Terminal.png

sudo openssl req -new -key mysql.key -out mysql.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
- - - - -
 Country Name (2 letter code) [AU]:FR
State or Province Name (full name) [Some-State]:Paris
Locality Name (eg, city) []:Paris
Organization Name (eg, company) [Internet Widgits Pty Ltd]:NCad Network
Organizational Unit Name (eg, section) []:Intranet Goulouxiou
Common Name (e.g. server FQDN or YOUR name) []:10.0.0.47
Email Address []:tech@ncad.fr

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:Le soleil est noir.
An optional company name []:NCad Network

ICON Terminal.png

openssl x509 -req -in mysql.csr -days 365 -CA ca.crt -CAkey ca.key -set_serial 01 -out mysql.crt
Signature ok
subject=/C=FR/ST=Paris/L=Paris/O=NCad Network/OU=Intranet
Goulouxiou/CN=10.0.0.47/emailAddress=tech@ncad.fr
Getting CA Private Key

Récupérée de « http://wiki.ncad.fr/index.php?title=MySQL&oldid=1704 »