Moni!
Tapanga bwino malo athu opangira ziphaso. Kodi zingakhale zothandiza bwanji pa zolinga zathu?
Pogwiritsa ntchito maulamuliro a certification akumaloko, titha kupereka ziphaso ndikutsimikiziranso siginecha pamasatifiketi awa.
Popereka satifiketi kwa wogwiritsa ntchito, akuluakulu otsimikizira amagwiritsa ntchito pempho lapadera popereka satifiketi ya Pkcs#10, yomwe ili ndi fayilo ya '.csr'. Pempholi lili ndi ndondomeko yotsatiridwa yomwe wotsogolera ziphaso amadziwa kulongosola molondola. Pempholi lili ndi makiyi a anthu onse a wogwiritsa ntchito komanso deta yopangira satifiketi (mindandanda yolumikizana yokhudzana ndi wogwiritsa ntchito).
Tidzawona momwe tingalandirire pempho la chiphaso m'nkhani yotsatira, ndipo m'nkhaniyi ndikufuna kupereka malamulo akuluakulu a certification ulamuliro omwe angatithandize kumaliza ntchito yathu kumbali yakumbuyo.
Kotero choyamba tiyenera kupanga satifiketi. Kuti tichite izi timagwiritsa ntchito lamulo:
openssl ca -batch -in user.csr -out user.crt
ca ndiye lamulo la openSSL lomwe likukhudzana ndi olamulira a certification,
-batch - imaletsa zopempha zotsimikizira popanga satifiketi.
user.csr - pemphani kupanga satifiketi (fayilo mumtundu wa .csr).
user.crt - satifiketi (zotsatira za lamulo).
Kuti lamuloli ligwire ntchito, oyang'anira certification ayenera kukonzedwa ndendende momwe afotokozedwera . Kupanda kutero, muyenera kufotokozeranso komwe kuli chiphaso chaulamuliro wa certification.
Lamulo lotsimikizira satifiketi:
openssl cms -verify -in authenticate.cms -inform PEM -CAfile /Users/β¦β¦/demoCA/ca.crt -out data.filecms ndi lamulo lotseguka la SSL lomwe limagwiritsidwa ntchito kusaina, kutsimikizira, kubisa deta ndi ntchito zina zachinsinsi pogwiritsa ntchito openSSL.
-tsimikizirani - munkhaniyi, timatsimikizira chiphaso.
authenticate.cms - fayilo yomwe ili ndi deta yolembedwa ndi satifiketi yomwe idaperekedwa ndi lamulo lapitalo.
-dziwitsani PEM - PEM mawonekedwe amagwiritsidwa ntchito.
-CAfile /Users/β¦β¦/demoCA/ca.crt - njira yopita ku satifiketi ya mizu. (popanda izi lamulo silinagwire ntchito kwa ine, ngakhale njira zopita ku ca.crt zinalembedwa mu fayilo ya openssl.cfg)
-out data.file - Ndimatumiza zomwe zasungidwa ku fayilo ya data.file.
Algorithm yogwiritsira ntchito ulamuliro wa certification kumbali yakumbuyo ndi motere:
- Kulembetsa kwa ogwiritsa ntchito:
- Timalandila pempho loti tipange satifiketi ndikusunga ku fayilo ya user.csr.
- Timasunga lamulo loyamba la nkhaniyi ku fayilo yokhala ndi extension .bat kapena .cmd. Timayendetsa fayiloyi kuchokera pamakhodi, popeza tidasunga kale pempho lopanga satifiketi ku fayilo ya user.csr. Timalandila fayilo yokhala ndi satifiketi ya user.crt.
- Timawerenga fayilo ya user.crt ndikutumiza kwa kasitomala.
- Chilolezo cha ogwiritsa:
- Timalandila zidziwitso zosainidwa kuchokera kwa kasitomala ndikuzisunga ku fayilo ya authenticate.cms.
- Sungani lamulo lachiwiri la nkhaniyi ku fayilo yokhala ndi zowonjezera .bat kapena .cmd. Timayendetsa fayiloyi kuchokera pamakhodi, tidasunga kale zomwe zidasaina kuchokera pa seva mu authenticate.cms. Timalandila fayilo yokhala ndi decrypted data.file.
- Timawerenga data.file ndikuyang'ana kuti izi ndi zoona. Zomwe muyenera kuyang'ana zikufotokozedwa . Ngati deta ili yovomerezeka, ndiye kuti chilolezo cha ogwiritsa ntchito chimaonedwa kuti ndi chopambana.
Kuti mugwiritse ntchito ma aligorivimuwa, mutha kugwiritsa ntchito chilankhulo chilichonse cha pulogalamu chomwe chimagwiritsidwa ntchito polemba kumbuyo.
M'nkhani yotsatira tiwona momwe tingagwiritsire ntchito pulogalamu yowonjezera ya Retoken.
Zikomo chifukwa cha chidwi chanu!
Source: www.habr.com