ProHoster > Блог > Whakahaerenga > He wheako ki te whakamahi hangarau Rutoken mo te rehita me te whakamana i nga kaiwhakamahi ki te punaha (waahanga 3)
He wheako ki te whakamahi hangarau Rutoken mo te rehita me te whakamana i nga kaiwhakamahi ki te punaha (waahanga 3)
Te ahiahi pai!
I te wahanga o mua Kua angitu ta matou hanga i ta matou ake pokapū tohu. Me pehea e whai hua ai mo o tatou kaupapa?
Ma te whakamahi i tetahi mana tiwhikete rohe, ka taea e matou te whakaputa tiwhikete me te manatoko ano i nga hainatanga ki enei tiwhikete.
Ina tukuna he tiwhikete ki tetahi kaiwhakamahi, ka whakamahia e te mana tiwhikete tetahi tono motuhake mo te tuku tiwhikete Pkcs#10, kei a ia te whakatakotoranga kōnae '.csr'. Kei roto i tenei tono he raupapa whakawaehere e mohio ana te mana tiwhikete ki te wetewete tika. Kei roto i te tono te taviri a te kaiwhakamahi me nga raraunga mo te hanga tiwhikete (he huinga hono me nga raraunga mo te kaiwhakamahi).
Ka titiro tatou me pehea te whiwhi tono mo te tiwhikete i roto i te tuhinga e whai ake nei, a i roto i tenei tuhinga e hiahia ana ahau ki te tuku i nga whakahau matua o te mana tohu ka awhina i a maatau ki te whakaoti i ta maatau mahi i te taha o muri.
Na ko te tuatahi me hanga he tiwhikete. Hei mahi i tenei ka whakamahia e matou te whakahau:
openssl ca -batch -in user.csr -out user.crt
ca ko te whakahau openSSL e pa ana ki te mana tohu,
-patch - ka whakakore i nga tono whakau i te wa e whakaputa tiwhikete ana.
user.csr — tono ki te hanga i te tiwhikete (kōnae i roto i te hōputu .csr).
user.crt - tiwhikete (hua o te whakahau).
Kia mahi ai tenei whakahau, me whirihora te mana tohu kia rite ki te korero i te wahanga o mua o te tuhinga. Ki te kore, me tohu ano e koe te waahi o te tiwhikete pakiaka o te mana tohu.
Ko te cms he whakahau openSSL e whakamahia ana mo te hainatanga, manatoko, whakamuna raraunga me etahi atu mahi cryptographic ma te whakamahi i te openSSL.
-manatoko - i tenei keehi, ka whakamanahia e matou te tiwhikete.
authenticate.cms - he konae kei roto nga raraunga kua hainatia me te tiwhikete i tukuna e te whakahau o mua.
-inform PEM - Kei te whakamahia te whakatakotoranga PEM.
-CAfile /Users/……/demoCA/ca.crt - ara ki te tiwhikete pakiaka. (ki te kore tenei kaore te whakahau i pai ki ahau, ahakoa i tuhia nga huarahi ki te ca.crt ki te konae openssl.cfg)
-out data.file - Ka tukuna e ahau nga raraunga wetemuna ki te file data.file.
Ko te algorithm mo te whakamahi i te mana tiwhikete ki te taha o muri ko enei e whai ake nei:
Rehitatanga kaiwhakamahi:
Ka tae mai he tono kia waihangahia he tiwhikete ka penapena ki te konae user.csr.
Ka tiakina e matou te whakahau tuatahi o tenei tuhinga ki tetahi konae me te toronga .bat, .cmd ranei. Ka whakahaerehia e matou tenei konae mai i te waehere, na te mea i tiakina i mua te tono ki te hanga tiwhikete ki te konae user.csr. Ka whiwhi matou i tetahi konae me te tiwhikete user.crt.
Ka panuihia e matou te kōnae user.crt ka tukuna ki te kiritaki.
Whakaaetanga Kaiwhakamahi:
Ka whiwhi matou i nga raraunga kua hainatia mai i te kiritaki ka tiakina ki te konae authenticate.cms.
Tiakina te whakahau tuarua o tenei tuhinga ki tetahi konae me te toronga .bat, .cmd ranei. Ka whakahaerehia e matou tenei konae mai i te waehere, kua tiakina i mua i nga raraunga kua hainatia mai i te tūmau i roto i authenticate.cms. Ka whiwhi matou i tetahi konae me nga raraunga raraunga wetemuna.file.
Ka panuihia e matou te data.file me te tirotiro i enei raraunga mo te mana. Ko nga mea hei tirotiro ka whakaahuahia i roto i te tuhinga tuatahi. Mena he tika nga raraunga, ka kiia ko te whakamanatanga kaiwhakamahi kua angitu.
Hei whakatinana i enei algorithms, ka taea e koe te whakamahi i tetahi reo whakamaoritanga ka whakamahia hei tuhi i te tuara.
I roto i te tuhinga e whai ake nei ka titiro tatou ki te mahi me te Retoken mono.