Beruflich Dokumente
Kultur Dokumente
/bin/bash
Cai_RootCA ()
{
yum install -y gcc-c++
yum install -y gcc-c++ openssl openssl-devel db4 db4-devel mysql mysql-server
mysql-devel expat-devel perl-XML-Parser httpd mod_ssl perl-ExtUtils-MakeMaker perl-
DBIx-Simple perl-DBI.i686 openldap openldap-devel libxml2 libxml2-devel -y
groupadd openca
useradd -g openca -u 1201 openca
### For Mysql 5.7
### /etc/init.d/mysqld stop
### mysqld_safe --skip-grant-tables &
### use mysql;
### UPDATE mysql.user
### update user set password=PASSWORD("Abc.123456") where user='root';
### mysql -u root -pAbc.123456 -e "grant all privileges on dbrootca.* to
'openca'@'localhost' identified by 'Abc.123456';"
## mysql -u root -p
##
## mysql>show databases;
## mysql>create database dbrootca;
## mysql>grant all privileges on dbrootca.* to 'openca'@'localhost' identified by
'Abc.123456';
## mysql>FLUSH PRIVILEGES;
## mysql>exit;
## mysql -u root -p
#### Sửa file hosts: Sửa file /etc/hosts thêm vào cuối file như sau
### diachiipcuamay diachi.local diachi
#Ví dụ : 192.168.1.2 rootca.kmm rootca
## Download openca-tools:
wget https://netix.dl.sourceforge.net/project/openca/openca-
ocspd/releases/v3.1.2/sources/openca-ocspd-3.1.2.tar.gz
wget https://netix.dl.sourceforge.net/project/openca/openca-
tools/releases/v1.3.1/sources/openca-tools-1.3.1.tar.gz
wget https://svwh.dl.sourceforge.net/project/openca/openca-
base/releases/v1.5.1/sources/openca-base-1.5.1.tar.gz
wget https://ftp.openca.org/libpki/releases/v0.8.9/sources/libpki-0.8.9.tar.gz
## Giải nén openca-tools
tar -xzvf openca-tools-1.3.1.tar.gz openca-base-1.5.1.tar.gz
## OpenCA sẽ được cài đặt vào /opt/openca. Sử dụng cơ sở dữ liệu MySQL với
## database openca, user là openca password Abc.123456. Web quản trị được lưu
## tại thư mục /var/www/pki
cp /opt/openca/lib/openca/perl_modules/perl5/OpenCA/User.pm
/opt/openca/lib/openca/perl_modules/perl5/OpenCA/User.pm.bk
cp User.pm /opt/openca/lib/openca/perl_modules/perl5/OpenCA/
##
## #
cp /opt/openca/lib/openca/functions/initServer
/opt/openca/lib/openca/functions/initServer.bk
cp initServer /opt/openca/lib/openca/functions/
##
## Chọn yes để thay thế file cũ.
cd /opt/openca/etc/openca
#
cp access_control/node.xml.template access_control/node.xml.template.bk
#vim access_control/node.xml.template
## Trong thẻ:
##
## <channel>
## ..
## <protocol>ssl</protocol> ----> <protocol>.*</protocol>
sed -i 's_<protocol>ssl</protocol>_<protocol>.*</protocol>_g'
/opt/openca/etc/openca/access_control/node.xml.template
## ..
## <symmetric_keylength>128</symmetric_keylength> ---->
<symmetric_keylength>0</symmetric_keylength>
sed -i
's#<symmetric_keylength>128</symmetric_keylength>#<symmetric_keylength>0</symmetric
_keylength>#g' /opt/openca/etc/openca/access_control/node.xml.template
## ..
## </channel>
##
## /opt/openca/var/openca/tmp/
## <name>dataexchange_device_down</name>
## <value>/dev/fd0</value> ---> <value>/tmp/openca_down</value>
#sed -i 's#<value>/dev/fd0</value>#<value>/tmp/openca_down</value>#'
/opt/openca/etc/openca/config.xml
sed -i
0,/'<value>\/dev\/fd0<\/value>'/{s/'<value>\/dev\/fd0<\/value>/<value>\/tmp\/openca
_down<\/value>/}' /opt/openca/etc/openca/config.xml
## Thay the o lan gap thu 2: sed '0,/<value>\/dev\/fd0<\/value>/!
{0,/<value>\/dev\/fd0<\/value>/
s/<value>\/dev\/fd0<\/value>/<value>\/tmp\/openca_up<\/value>/}'
/opt/openca/etc/openca/config.xml
##
## Lưu lại.
##
## Tiếp theo sửa file: openssl/openssl.cnf.template
##
cp openssl/openssl.cnf.template openssl/openssl.cnf.template.bk
#vim openssl/openssl.cnf.template
##
## Trong [req] và [CA_defaut] tìm dòng:
##
## default_md = sha256 ---> đổi thành default_md = sha1
##
## Lưu lại.
##
### /opt/openca/etc/openca/openssl/openssl/User.conf
chown apache:apache /opt/openca/var/openca/log -R
#mysql>FLUSH PRIVILEGES;
#mysql>exit;
#### Sửa file hosts: Sửa file /etc/hosts thêm vào cuối file như sau
### diachiipcuamay diachi.local diachi
#Ví dụ : 192.168.1.2 rootca.kmm rootca
## Download openca-tools:
wget https://netix.dl.sourceforge.net/project/openca/openca-
ocspd/releases/v3.1.2/sources/openca-ocspd-3.1.2.tar.gz
wget https://netix.dl.sourceforge.net/project/openca/openca-
tools/releases/v1.3.1/sources/openca-tools-1.3.1.tar.gz
wget https://svwh.dl.sourceforge.net/project/openca/openca-
base/releases/v1.5.1/sources/openca-base-1.5.1.tar.gz
## Giải nén openca-tools
tar -xzvf openca-tools-1.3.1.tar.gz openca-base-1.5.1.tar.gz
## OpenCA sẽ được cài đặt vào /opt/openca. Sử dụng cơ sở dữ liệu MySQL với
## database openca, user là openca password Abc.123456. Web quản trị được lưu
## tại thư mục /var/www/pki
cp /opt/openca/lib/openca/perl_modules/perl5/OpenCA/User.pm
/opt/openca/lib/openca/perl_modules/perl5/OpenCA/User.pm.bk
cp User.pm /opt/openca/lib/openca/perl_modules/perl5/OpenCA/
##
## #
cp /opt/openca/lib/openca/functions/initServer
/opt/openca/lib/openca/functions/initServer.bk
cp initServer /opt/openca/lib/openca/functions/
##
## Chọn yes để thay thế file cũ.
cd /opt/openca/etc/openca
#
cp access_control/node.xml.template access_control/node.xml.template.bk
#vim access_control/node.xml.template
## Trong thẻ:
##
## <channel>
## ..
## <protocol>ssl</protocol> ----> <protocol>.*</protocol>
sed -i 's_<protocol>ssl</protocol>_<protocol>.*</protocol>_g'
/opt/openca/etc/openca/access_control/node.xml.template
## ..
## <symmetric_keylength>128</symmetric_keylength> ---->
<symmetric_keylength>0</symmetric_keylength>
sed -i
's#<symmetric_keylength>128</symmetric_keylength>#<symmetric_keylength>0</symmetric
_keylength>#g' /opt/openca/etc/openca/access_control/node.xml.template
## ..
## </channel>
##
## /opt/openca/var/openca/tmp/
## <name>dataexchange_device_down</name>
## <value>/dev/fd0</value> ---> <value>/tmp/openca_down</value>
#sed -i 's#<value>/dev/fd0</value>#<value>/tmp/openca_down</value>#'
/opt/openca/etc/openca/config.xml
sed -i
0,/'<value>\/dev\/fd0<\/value>'/{s/'<value>\/dev\/fd0<\/value>/<value>\/tmp\/openca
_down<\/value>/}' /opt/openca/etc/openca/config.xml
##
## Lưu lại.
##
## Tiếp theo sửa file: openssl/openssl.cnf.template
##
cp openssl/openssl.cnf.template openssl/openssl.cnf.template.bk
#vim openssl/openssl.cnf.template
##
## Trong [req] và [CA_defaut] tìm dòng:
##
## default_md = sha256 ---> đổi thành default_md = sha1
##
## Lưu lại.
##
### /opt/openca/etc/openca/openssl/openssl/User.conf
chown apache:apache /opt/openca/var/openca/log -R