Puede crear las claves y certificados de cliente y servidor en el host PowerKVM.
Una solicitud de firma de certificado (CSR) es un mensaje que se utiliza para solicitar un certificado a una entidad emisora de certificados (CA). Normalmente contiene información de identificación (el sujeto del certificado) para el propietario del certificado (por ejemplo, el país, la organización, el país). Está firmada por el solicitante, con su clave privada.
El formato que utiliza la solicitud de firma de certificado que genera openssl se describe en el estándar PKCS#10.
Lleve a cabo los pasos siguientes:
# openssl genrsa -out serverkey.pem 2048
# openssl genrsa -out clientkey.pem 2048# openssl req -new -key serverkey.pem -out serverkey.csr \
-subj "/C=US/O=IBM/CN=kvmhost.company.org"# openssl req -new -key clientkey.pem -out clientkey.csr \
-subj "/C=US/O=IBM/OU=virtualization/CN=root"# openssl x509 -req -days 365 -in clientkey.csr -CA cacert.pem -CAkey cakey.pem \
-set_serial 1 -out clientcert.pem
# openssl x509 -req -days 365 -in serverkey.csr -CA cacert.pem -CAkey cakey.pem \
-set_serial 94345 -out servercert.pem# openssl rsa -noout -text -in clientkey.pem
# openssl rsa -noout -text -in serverkey.pem# openssl x509 -noout -text -in clientcert.pem
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 9434242 (0x8ff482)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, L=Austin, O=IBM, CN=my CA
Validity
Not Before: Jan 10 19:44:06 2012 GMT
Not After : Jan 9 19:44:06 2015 GMT
Subject: C=US, O=IBM, OU=virtualization, CN=root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c1:ef:30:8e:b3:73:3a:d6:72:a3:c5:44:1f:a2:
63:23:20:2b:b9:34:04:2a:1c:12:18:8e:e5:87:ec:
ff:28:ec:b1:62:e6:5e:ec:bb:67:cd:e9:18:68:c5:
51:f6:f6:fa:83:d0:0c:74:bd:72:f2:ac:a5:35:ce:
8c:84:1e:dc:a2:3d:bb:90:32:a8:14:48:2b:57:ae:
d5:91:14:5e:92:ad:85:78:92:35:81:02:d0:73:9f:
4e:68:52:d3:a9:24:d5:c0:0d:1f:2f:0d:c3:57:67:
42:a3:50:b7:9b:1e:c3:25:9e:f0:35:13:f8:9c:d5:
76:5e:c4:eb:a0:d2:42:01:0c:17:f1:59:78:0d:1c:
0a:b1:3d:61:3d:89:85:7c:cd:9a:a3:07:bc:79:e3:
05:5d:97:65:51:e7:9e:26:09:d8:6d:a9:86:03:13:
bd:36:af:66:fc:a7:7b:12:9a:cc:38:0d:d1:b4:a1:
9a:e7:13:50:9e:c2:b5:8e:df:b4:7c:74:6e:bb:07:
75:ef:07:8f:04:d3:2a:ee:e1:4b:ce:51:65:59:02:
3c:15:d9:d2:30:0a:0e:44:10:30:97:13:df:57:cf:
1e:df:5f:34:02:bf:8d:b8:ef:ba:25:3b:86:db:ec:
6b:d6:01:0c:09:e7:da:07:5f:47:af:27:fd:e1:a3:
58:2d
Exponent: 65537 (0x10001)
Signature Algorithm: sha1WithRSAEncryption
94:9c:05:53:39:7f:ae:3c:e9:14:b0:31:98:3f:df:af:05:dc:
67:73:10:bc:e5:7d:bd:20:38:af:1f:56:86:8f:e1:64:fb:ca:
df:94:80:7d:78:ec:f8:bb:4e:09:10:7e:d1:2d:50:04:dc:ea:
6d:db:e0:fb:02:da:07:67:e2:06:28:fe:10:ac:9b:37:a6:8d:
f3:45:07:61:18:d5:84:75:66:60:d8:fc:8d:8c:38:ce:c3:59:
d0:11:d7:9e:d0:a6:eb:1c:e2:ff:5d:6b:61:bd:30:fe:6f:61:
ff:2a:25:be:32:b0:31:91:be:3d:92:60:59:57:ec:9e:fd:20:
98:38:4f:6d:53:da:ce:2c:22:cd:61:de:6d:51:5b:b4:f0:91:
05:c6:e3:fe:e9:aa:43:45:a0:a8:ec:ed:4b:db:c1:fb:d0:13:
47:42:cb:38:6a:b0:10:60:ce:a7:80:ef:4b:ab:e8:0a:7e:d8:
40:7e:b4:3f:74:b3:de:d0:9c:97:31:dd:11:47:df:35:63:9f:
17:2c:e0:d7:f2:17:e1:44:50:e1:80:41:f3:54:00:3f:fe:fe:
7e:cf:c4:25:26:8a:ae:34:99:75:d6:90:52:4d:ac:ef:ea:74:
e9:f6:f0:42:35:b0:eb:1f:34:6d:a3:a7:f2:bc:5c:02:10:f0:
b8:e0:6a:3a
# openssl x509 -noout -text -in servercert.pem
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 94345 (0x17089)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, L=Austin, O=IBM, CN=my CA
Validity
Not Before: Jan 9 03:27:30 2012 GMT
Not After : Jan 8 03:27:30 2015 GMT
Subject: C=US, O=IBM, CN=kartoffel.stglabs.ibm.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c4:fb:0d:92:48:ae:d1:fb:e1:50:c3:32:8f:4d:
fd:de:83:07:a7:cf:02:ef:10:be:3c:ad:44:cd:df:
b7:52:97:fd:c2:ce:47:39:cc:e5:7d:50:4e:16:06:
48:c0:7f:12:35:b0:da:80:a9:67:7f:72:b2:c8:27:
65:f6:36:54:e1:3c:9c:2d:ac:6d:a1:a3:c1:ae:7f:
96:e1:9d:aa:56:05:85:ff:07:f5:09:29:27:d4:34:
99:3a:0b:f2:35:3a:36:dd:b0:f2:78:ca:cf:4c:21:
cb:79:bd:8b:23:d6:f6:62:4f:d4:44:67:62:e5:60:
47:da:05:ae:00:02:03:84:5e:ad:e6:12:ed:ef:27:
99:72:59:46:38:f1:b9:65:fa:47:7a:29:90:1d:14:
47:06:52:da:bd:5b:91:be:42:b3:36:79:de:b2:e6:
6a:4d:01:89:51:d1:a9:3c:7e:c4:7c:37:64:2f:76:
5b:7b:26:08:d8:cc:77:07:20:02:43:53:10:c4:02:
58:f8:53:7e:51:93:66:17:68:b7:35:85:fd:58:34:
5c:3e:1d:0e:74:cf:9c:4e:28:86:1e:b0:b7:16:98:
5c:8b:a8:4e:56:e1:46:f6:dc:66:b9:76:5f:33:dd:
0a:4e:ef:f2:d7:e6:c8:a9:3e:76:50:37:03:95:c3:
4b:c3
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
1a:a0:91:19:56:10:da:7c:9c:13:2a:2a:da:ae:12:15:60:71:
33:3a:2b:e0:84:f0:48:d8:d2:f7:f6:ba:08:f3:f9:9d:d8:50:
fd:54:c0:ee:60:99:8d:0b:7b:21:6a:d1:9a:aa:71:df:f8:69:
dd:44:96:74:2c:85:e8:b0:54:b2:7b:25:c6:06:1f:67:86:45:
0e:c6:6f:80:55:a7:43:d1:51:97:ab:80:17:16:a4:2b:ee:a1:
2b:ba:5c:7b:05:54:83:78:10:dd:42:30:68:40:7b:1c:7d:df:
60:9d:85:6e:16:ea:dc:74:3e:c6:c6:2b:17:30:0f:9c:37:bb:
c2:3c:f8:ed:ea:ca:1b:b4:a4:66:30:ad:a7:85:7a:f9:94:28:
b6:a5:f0:d8:af:80:5d:3a:3d:00:ee:32:6e:88:15:97:fa:ce:
ba:75:70:38:d9:30:91:a3:6e:c0:52:20:a3:4e:38:bf:5a:97:
60:f6:22:4d:46:a3:a0:f1:2b:99:40:ab:c0:b3:67:6e:47:5f:
0b:40:c7:85:b5:6f:a7:76:1c:0d:d3:dd:7e:02:b4:c4:cb:e6:
8a:35:f9:c2:10:6e:13:a7:c3:c3:ec:87:b2:cd:c5:a1:d9:8e:
b5:53:5c:d1:bd:d6:6d:19:44:f1:01:c3:7c:0d:a3:14:24:7e:
3e:b9:d3:f5