Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
project:pki [2017/09/04 19:10] licho |
project:pki [2017/09/05 08:56] (current) licho [Linky] |
||
|---|---|---|---|
| Line 60: | Line 60: | ||
| Přepokládejme dva servery: | Přepokládejme dva servery: | ||
| * ca.labka.cz (192.168.1.11), na kterém provozujem Certifikační Autoritu [[https://www.openssl.org/|OpenSSL]], | * ca.labka.cz (192.168.1.11), na kterém provozujem Certifikační Autoritu [[https://www.openssl.org/|OpenSSL]], | ||
| - | * a ldap.labka.cz (192.168.1.12), na kterém provozujem LDAP Server [[http://directory.fedoraproject.org/|389 Directory Server]]. | + | * a ldap.labka.cz (192.168.1.12), na kterém provozujem LDAP Server [[http://directory.fedoraproject.org/|389 Directory Server]] nebo [[http://www.openldap.org/|OpenLDAP]]. |
| <code sh create-certs-CA.sh> | <code sh create-certs-CA.sh> | ||
| Line 68: | Line 68: | ||
| # 2> Vytvoř kořenovou CA: | # 2> Vytvoř kořenovou CA: | ||
| - | $ openssl req-x509 -newkey rsa:4096 -keyout myCA.key -out myCA.pem -days 3650 \ | + | $ openssl req -x509 -newkey rsa:4096 -keyout myCA.key -out myCA.pem -days 3650 \ |
| -subj "/C=CZ/L=Ostrava/O=Labka/OU=Infra/CN=ca.labka.cz/emailAddress=admin@admin" \ | -subj "/C=CZ/L=Ostrava/O=Labka/OU=Infra/CN=ca.labka.cz/emailAddress=admin@admin" \ | ||
| -passout file:passwd | -passout file:passwd | ||
| Line 126: | Line 126: | ||
| $ adtool list 'ou=People,dc=labka,dc=cz' | $ adtool list 'ou=People,dc=labka,dc=cz' | ||
| </code> | </code> | ||
| + | ==== Linky ==== | ||
| + | [[https://www.sans.org/reading-room/whitepapers/certificates/building-managing-pki-solution-small-medium-size-business-34445|]] | ||
| + | |||
| + | [[https://www.ejbca.org/repository.html|]] | ||
| + | |||
| + | [[http://henning.kropponline.de/2014/09/14/openldap-setup-w-ca-signed-certificate-centos/|]] | ||
| + | |||
| + | [[https://www.openssl.org/docs/man1.0.2/apps/x509v3_config.html|]] | ||
| + | |||
| + | [[http://jordaneunson.com/2009/10/openvpn-access-server-openldap-memberof/|]] | ||
| + | |||
| + | [[https://ripe71.ripe.net/presentations/32-Automated-Certificate-Management.pdf|]] | ||