1.產生RSA Private Key
設定環境變數(Optional)
set OPENSSL_CONF=c:\Program Files\Tableau\Tableau Server\packages\apache.
cd "c:\Program Files\Tableau\Tableau Server\packages\apache.
PS.依照安裝的版本openssl.exe在不同路徑
cd C:\Apache2.2\bin\
or
cd C:\Program Files\Git\usr\bin\
產生RSA Private Key
openssl.exe genrsa -out MyDomain.com.key 4096
未設定環境變數OPENSSL_CONF
openssl.exe genrsa -out MyDomain.com.key 4096 -config ..\conf\openssl.cnf
-out後面指定的是產生的檔案名稱,如果域名是MyDomain.com,則,可以用MyDomain.com.key
4096是Private key的金鑰長度(單位bit),建議最少2048 bit,不指定預設為512 bit
若 private key 想要加密-des or -des3,例如
openssl.exe genrsa -des3 -out MyDomain.com.key 4096
pass phrase for key: 輸入一組密碼
2.產生certificate signing request (CSR) file
openssl.exe req -new -key MyDomain.com.key -out MyDomain.com.csr
or
openssl.exe req -new -key MyDomain.com.key -out MyDomain.com.csr -config ..\conf\openssl.cnf
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:
Common Name 請輸入the URL that will be used to reach the Server
if you reach Server by typing webserver.MyDomain.com in the address bar of your browser, then webserver.MyDomain.com is the common name
3.產生CRT檔
有些服務需要PEM-encoded X509 certificates副檔名為crt的憑證檔 (例如Tableau Server)
openssl.exe x509 -in MyDomain.com.csr -out MyDomain.com.crt -req -signkey MyDomain.com.key -days 365
Configure SSL for External HTTP Traffic to and from Tableau Server
https://help.tableau.com/current/server/en-us/ssl_config.htm
Tableau Server Self signed certificate process for both web page and Tableau Desktop
https://greatsingapore.wordpress.com/2018/05/25/tableau-server-self-signed-certificate-process-for-both-web-page-and-tableau-desktop/
4.用戶端需安裝CRT憑證
MyDomain.com.crt
將憑證安裝到[受信任的根憑證授權單位] Trusted Root Certification Authorities
沒有留言:
張貼留言