Good rana!
Mun yi nasarar ƙirƙirar cibiyar ba da takaddun shaida. Ta yaya zai zama da amfani ga manufofinmu?
Yin amfani da ikon takaddun shaida na gida, za mu iya ba da takaddun shaida da kuma tabbatar da sa hannu kan waɗannan takaddun shaida.
Lokacin bayar da takaddun shaida ga mai amfani, hukumar ba da takaddun shaida tana amfani da buƙatu ta musamman don ba da takardar shedar Pkcs#10, wacce ke da tsarin fayil ɗin '.csr'. Wannan buƙatar tana ƙunshe da rufaffiyar jeri wanda hukumar ba da takaddun shaida ta san yadda ake tantancewa daidai. Buƙatar ta ƙunshi duka maɓallin jama'a na mai amfani da bayanai don ƙirƙirar takaddun shaida (tsarin haɗin gwiwa tare da bayanai game da mai amfani).
Za mu dubi yadda ake samun takardar shedar a cikin labarin na gaba, kuma a cikin wannan labarin ina so in ba da manyan umarni na hukumar ba da takardar shaida wanda zai taimaka mana mu kammala aikinmu a gefen baya.
Don haka da farko dole ne mu ƙirƙiri satifiket. Don yin wannan muna amfani da umarnin:
openssl ca -batch -in user.csr -out user.crt
ca shine umarnin bude SSL wanda ke da alaƙa da ikon takaddun shaida,
-batch - yana soke buƙatun tabbatarwa lokacin samar da takaddun shaida.
user.csr - buƙatar ƙirƙirar takaddun shaida (fayil a cikin tsarin .csr).
user.crt - takardar shaidar (sakamakon umarnin).
Domin wannan umarni ya yi aiki, dole ne a daidaita ikon tabbatarwa daidai kamar yadda aka bayyana . In ba haka ba, dole ne ka bugu da žari ƙayyade wurin tushen takaddun shaida na hukumar ba da takaddun shaida.
Umarnin tabbatar da takaddun shaida:
openssl cms -verify -in authenticate.cms -inform PEM -CAfile /Users/……/demoCA/ca.crt -out data.filecms umarni ne na bude SSL wanda ake amfani dashi don sa hannu, tabbatarwa, rufaffen bayanai da sauran ayyukan sirri ta amfani da openSSL.
-verify - a wannan yanayin, muna tabbatar da takaddun shaida.
authenticate.cms - fayil mai kunshe da bayanai da aka sanya hannu tare da takaddun shaida wanda umarnin da ya gabata ya bayar.
-sanar da PEM - Ana amfani da tsarin PEM.
-CAfile /Users/…/demoCA/ca.crt - hanya zuwa tushen takardar shaidar. (ba tare da wannan umarnin bai yi aiki a gare ni ba, kodayake an rubuta hanyoyin zuwa ca.crt a cikin fayil openssl.cfg)
-out data.file - Ina aika bayanan da aka ɓoye zuwa bayanan fayil ɗin.file.
Algorithm don amfani da ikon takaddun shaida a gefen baya shine kamar haka:
- Rijistar mai amfani:
- Muna karɓar buƙatu don ƙirƙirar takaddun shaida da adana ta zuwa fayil ɗin user.csr.
- Muna adana umarnin farko na wannan labarin zuwa fayil tare da tsawo .bat ko .cmd. Muna gudanar da wannan fayil ɗin daga lamba, bayan adana buƙatun don ƙirƙirar takaddun shaida ga fayil ɗin mai amfani.csr. Muna karɓar fayil tare da takardar shaidar mai amfani.crt.
- Muna karanta fayil ɗin user.crt kuma mu aika zuwa abokin ciniki.
- Izinin mai amfani:
- Muna karɓar bayanan sa hannu daga abokin ciniki kuma muna adana shi zuwa fayil ɗin authenticate.cms.
- Ajiye umarni na biyu na wannan labarin zuwa fayil tare da tsawo .bat ko .cmd. Muna gudanar da wannan fayil ɗin daga lambar, bayan adana bayanan da aka sanya hannu a baya daga uwar garken a cikin authenticate.cms. Muna karɓar fayil tare da ruɓaɓɓen bayanan bayanan.file.
- Mun karanta data.file kuma muna duba wannan bayanan don inganci. An bayyana ainihin abin da za a bincika . Idan bayanan suna da inganci, to ana ɗaukar izinin mai amfani da nasara.
Don aiwatar da waɗannan algorithms, zaku iya amfani da kowane yaren shirye-shirye da aka yi amfani da shi don rubuta bayanan baya.
A cikin labarin na gaba za mu dubi yadda ake aiki tare da Retoken plugin.
Na gode da hankali!
source: www.habr.com