您可以使用組態檔來產生適用於 Mirage 閘道伺服器的憑證。
程序
- 在 C:\certs 中建立名為 server.conf 的組態檔。
- 將必要的資訊新增到組態檔。
變更以斜體表示的資訊以符合環境所需。
[ ca ]
default_ca = myca
[ crl_ext ]
authorityKeyIdentifier=keyid:always
[ myca ]
dir = ./
new_certs_dir = $dir
unique_subject = no
certificate = $dir/root.cer
database = $dir/certindex
private_key = $dir/privkey.pem
serial = $dir/certserial
default_days = #ofdays
default_md = sha512
policy = myca_policy
x509_extensions = myca_extensions
crlnumber = $dir/crlnumber
default_crl_days = #ofcrldays
[ myca_policy ]
commonName = supplied
stateOrProvinceName = optional
localityName = optional
countryName = optional
emailAddress = optional
organizationName = optional
organizationalUnitName = optional
[ myca_extensions ]
basicConstraints = CA:false
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always
keyUsage = digitalSignature,keyEncipherment,dataEncipherment
extendedKeyUsage = serverAuth
# 以 alt_names 定義的主體別名
# subjectAltName = @alt_names
[alt_names]
# if it contains dns type name, then it MUST be used and CN of subject MUST be ignored. Please refer to rfc2818 for details.
# following items as example:
#dns.1=*.miragedomain.com
#dns.2=*.example.com
#ofdays 是憑證的有效天數。
#ofcrldays 是下一個 CRL 之前的天數。
結果
Mirage 閘道伺服器的 OpenSSL 組態檔隨即建立。
