vault签发根证书、中间证书、ca证书流程记录

时间:2021-7-4 作者:qvyue

接上两篇
Vault—机密信息管理工具安装及常用示例
Vault机密管理工具集群配置示例

在上面两篇安装配置好vault之后,本文记录下利用vault签发证书的流程,可参考官网的命令行步骤:
https://www.vaultproject.io/docs/secrets/pki

根据官网上的命令行教程
利用pki引擎生成证书的大体思路为:
1、创建root证书的pki引擎
2、生成root证书(或导入已知的证书)
3、在root证书的pki引擎下创建role
4、在role下生成ca证书(此证书为root证书直接签发,一般不会这么用,一旦root证书泄露就玩完)

利用中间证书生成证书的大体思路为:
1、创建root证书的pki引擎
2、生成root证书(或导入已知的证书)
3、创建中间证书的pki-int引擎
4、在pki-int引擎中生成中间证书csr
5、在root证书的pki引擎中根据刚刚生成的csr签发中间证书:sign-intermediate
6、在pki-int引擎中把刚刚在pki引擎里签发的中间证书set-signed到pki-int引擎里
7、在pki-int引擎里创建role
8、在pki-int引擎里根据这个role生成ca证书,包括证书和私钥。

以下在vault提供的图形界面上展示第二种签发方式,看懂第二种,第一种也是很简单,就不写了。

利用中间证书生成CA证书

创建root证书的pki引擎
vault签发根证书、中间证书、ca证书流程记录
点击创建引擎

vault签发根证书、中间证书、ca证书流程记录
勾选pki引擎点击下一步

vault签发根证书、中间证书、ca证书流程记录
填写pki引擎路径并设置过期时间点击确定

上图可以看到这里设置了100年的过期时间,可以根据实际情况设置。

配置生成root证书
vault签发根证书、中间证书、ca证书流程记录
点击配置root证书

vault签发根证书、中间证书、ca证书流程记录
点击配置ca

vault签发根证书、中间证书、ca证书流程记录
配置root-ca证书设置过期时间

上图的URLS和CRL以后可以根据需求自己更改,这里先不填,主要是用来远程吊销证书和服务器证书保持通讯用。
Common Name可填写域名信息
这里的Upload PEM bundle是可以直接导入已有根证书的,我们这里用vault生成就好。
其他条件保持默认点击下一步

vault签发根证书、中间证书、ca证书流程记录
root-ca证书生成成功

如此,就成功生成了root证书(私钥被安全的存到了vault里,这里不显示),有以下信息

Certificate
-----BEGIN CERTIFICATE-----
MIIDNzCCAh+gAwIBAgIUCq5N7PhZhCukagt5y2u4TzbqsoswDQYJKoZIhvcNAQEL
BQAwFjEUMBIGA1UEAxMLZXhhbXBsZS5jb20wIBcNMjEwNzAyMTMxNDA0WhgPMjEy
MTA2MDcxMzE0MzRaMBYxFDASBgNVBAMTC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyFj6gBqe8L/QuDdNsbEinZ6VESTmtZGqVyHD
mLCyMvM2zJI3LVmzS09vYPD5RZ9AEt7NBRue1wyMdHSSpLJz2NgYYe3qKR+BSSb1
QrLQySOUrN4CDzPsYr6mffCnCx0PtyzTOR+U3obcubNm+GSNHAkQs0am3hQSohw5
EqWk8Ep/u3iJd1ibb59lRtHwhabtjV/yhFRlzu2IKnB7Q20z2xcUUbQ+RGe3coYf
Odp6vueNwrfG8/CIbK3875onNisa9oTx+gJ9JFy0iX66b+wgWkaSBwmWbn9ZXq8j
m0OSwKcpzdWfwAVdbihbqKG70HdtXIZ18xVFSoVLQgaCY7Y2YQIDAQABo3sweTAO
BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUOLCznLeC
r/3ufRyH3/k4k3htykEwHwYDVR0jBBgwFoAUOLCznLeCr/3ufRyH3/k4k3htykEw
FgYDVR0RBA8wDYILZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADggEBAAUUNkzu
635E7Y8BeZLKThzkFljTJxKP5GFfVOHRK40xKmIiHzI2KynYomm0Mc+NJciksScr
CbE4YfbJDoDs4pszKgFQiECtUHxjX9mN0b5mQTHYuPDHWJCfvxqvYIFFs/OSTfom
PE+8XoRNOStOtwm5vsfDKfu17cXz4KOz7UvyJreyI+AVhy9b70o08BtPaqAmX48Y
9DtzngfUqQakH4zugu7VLv/7D8CiT7WAZ5flfklk4If6pZkM/ux8wjVFVnryByxU
v5tssrX0IJRsIryyjhdPypfMnfFvBhJ9CKmCWMzipmyezseDyi9oUlMnCZbyYfCc
ieIO7wePP2IYJq8=
-----END CERTIFICATE-----

Expiration  4778745274(时间戳)

Issuing CA(签发的CA证书,这里root自己签发自己,所以上下都一样)
-----BEGIN CERTIFICATE-----
MIIDNzCCAh+gAwIBAgIUCq5N7PhZhCukagt5y2u4TzbqsoswDQYJKoZIhvcNAQEL
BQAwFjEUMBIGA1UEAxMLZXhhbXBsZS5jb20wIBcNMjEwNzAyMTMxNDA0WhgPMjEy
MTA2MDcxMzE0MzRaMBYxFDASBgNVBAMTC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyFj6gBqe8L/QuDdNsbEinZ6VESTmtZGqVyHD
mLCyMvM2zJI3LVmzS09vYPD5RZ9AEt7NBRue1wyMdHSSpLJz2NgYYe3qKR+BSSb1
QrLQySOUrN4CDzPsYr6mffCnCx0PtyzTOR+U3obcubNm+GSNHAkQs0am3hQSohw5
EqWk8Ep/u3iJd1ibb59lRtHwhabtjV/yhFRlzu2IKnB7Q20z2xcUUbQ+RGe3coYf
Odp6vueNwrfG8/CIbK3875onNisa9oTx+gJ9JFy0iX66b+wgWkaSBwmWbn9ZXq8j
m0OSwKcpzdWfwAVdbihbqKG70HdtXIZ18xVFSoVLQgaCY7Y2YQIDAQABo3sweTAO
BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUOLCznLeC
r/3ufRyH3/k4k3htykEwHwYDVR0jBBgwFoAUOLCznLeCr/3ufRyH3/k4k3htykEw
FgYDVR0RBA8wDYILZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADggEBAAUUNkzu
635E7Y8BeZLKThzkFljTJxKP5GFfVOHRK40xKmIiHzI2KynYomm0Mc+NJciksScr
CbE4YfbJDoDs4pszKgFQiECtUHxjX9mN0b5mQTHYuPDHWJCfvxqvYIFFs/OSTfom
PE+8XoRNOStOtwm5vsfDKfu17cXz4KOz7UvyJreyI+AVhy9b70o08BtPaqAmX48Y
9DtzngfUqQakH4zugu7VLv/7D8CiT7WAZ5flfklk4If6pZkM/ux8wjVFVnryByxU
v5tssrX0IJRsIryyjhdPypfMnfFvBhJ9CKmCWMzipmyezseDyi9oUlMnCZbyYfCc
ieIO7wePP2IYJq8=
-----END CERTIFICATE-----

Serial number   0a:ae:4d:ec:f8:59:84:2b:a4:6a:0b:79:cb:6b:b8:4f:36:ea:b2:8b (vault里面保存的序列号)
创建中间证书的pki-int引擎

类似于第一个的演示方式,去首页点击Enable New engine 选择pki引擎

vault签发根证书、中间证书、ca证书流程记录
创建pki-int引擎

点击enable生成

在pki-int引擎中配置生成中间证书csr

和上面配置的步骤类似,选择Configuration->Configure->Configure CA

vault签发根证书、中间证书、ca证书流程记录
配置生成中间证书csr

如上图,CA Type选择intermediate点击save。

vault签发根证书、中间证书、ca证书流程记录
生成csr成功

生成csr成功

CSR
-----BEGIN CERTIFICATE REQUEST-----
MIIChDCCAWwCAQAwFjEUMBIGA1UEAxMLZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDE4FhZkC8bAteZXbSPzBQf0mlTL1NtaUYj/fKF
EoK3NO7NUvyiL4eEzUMuza0Ntg9FJV09YvnZ0mOj4mcatcEqLRQAz9MnonRcyj5T
PpXsKB0bz9CEAaJ0kBspIOAmQ/xRQmbAIqlWbqFaXuRglpZr5kdiRPtisNBVnkLN
WuHq/05wyA4LE1yz8LTrFCpJd/hihBNydkqcru+v3oPdyRzWZoGtaEcQbzoazHjj
fYi4j6Pg7qP1w6FWB1ID3lP6mTCxZEhI6FoshfFHJFu49EB//w9OoVAmTH0ezDz/
zBBht+NCsRRglhr/Gb2hIHGIW4iP9Yu66QHhzqzkERcajPrNAgMBAAGgKTAnBgkq
hkiG9w0BCQ4xGjAYMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMA0GCSqGSIb3DQEB
CwUAA4IBAQCNRr6onXtcF5VXGbGLBHM8P959NF9Y5Si3n39Zk6DBp8BAYxOjvzBK
nzCsg170efD3TKrqTC1czBkBGWyP8kK0/isW/njorUc4HfGds08ZYOBpkAN66o/l
GZB+W8KsVGThgFJOOtwE6fpU4f6j5NCFRrQfRJyotgqJ4tNW/s7QESRnemSY/0mu
Ut66+Eczlgf2DNkZWalNzNlifRpDgymBelDdn9NF7u0fy0M6Lp/SNOYyMJkUGKBb
NS46+4Y3VK1zapmIh4E8/iFT1gw8yNYZ7oJANPoTerfDBY7WOLr+DtkxGMas7BBo
FLtSRDcMiR9K9zDtQsL2uJWwhY7PE5dv
-----END CERTIFICATE REQUEST-----
在root证书的pki引擎中根据刚刚生成的csr签发中间证书:sign-intermediate

在pki引擎中的配置页面点击sign-intermediate并把csr填进去,并设置过期时间,点击保存。

vault签发根证书、中间证书、ca证书流程记录
sign-intermediate

vault签发根证书、中间证书、ca证书流程记录
sign-intermediate填写信息

vault签发根证书、中间证书、ca证书流程记录
签发中间证书成功

如此,成功签发中间证书:

Certificate
-----BEGIN CERTIFICATE-----
MIIDNzCCAh+gAwIBAgIUGgFlxEoKCE9gi5vwlUZ6E9kYP+AwDQYJKoZIhvcNAQEL
BQAwFjEUMBIGA1UEAxMLZXhhbXBsZS5jb20wIBcNMjEwNzAyMTM1ODQ0WhgPMjEy
MTA2MDcxMzU5MTRaMBYxFDASBgNVBAMTC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxOBYWZAvGwLXmV20j8wUH9JpUy9TbWlGI/3y
hRKCtzTuzVL8oi+HhM1DLs2tDbYPRSVdPWL52dJjo+JnGrXBKi0UAM/TJ6J0XMo+
Uz6V7CgdG8/QhAGidJAbKSDgJkP8UUJmwCKpVm6hWl7kYJaWa+ZHYkT7YrDQVZ5C
zVrh6v9OcMgOCxNcs/C06xQqSXf4YoQTcnZKnK7vr96D3ckc1maBrWhHEG86Gsx4
432IuI+j4O6j9cOhVgdSA95T+pkwsWRISOhaLIXxRyRbuPRAf/8PTqFQJkx9Hsw8
/8wQYbfjQrEUYJYa/xm9oSBxiFuIj/WLuukB4c6s5BEXGoz6zQIDAQABo3sweTAO
BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUBcD5RddR
Al8PwbtFwRBL2wEdOOkwHwYDVR0jBBgwFoAUOLCznLeCr/3ufRyH3/k4k3htykEw
FgYDVR0RBA8wDYILZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADggEBABZeG4na
5Ahbh0XDPmi5pvaTRkmVDFpV0673GT0JQFGDOKUaA/H6e5LKLPh6qKn0Q+IYj3pV
M52ZddoUyjwKNfTiuHAbUITAlkWkva9g9rkuuGMTmv7SOENlCq5mc4i+KiIYh2cr
y1gindBA9T+56LZHbnIoC39dz8N+pUINhhiDlxAQhi+W/nu4ypDbjttq7tZinj/b
F7xwJDfVVGFwi+EtD/XE6QtN6TJqjY0JzaVcBiyoznQZ2sGgUoyAKoGdpw1Q4+7/
tcAhFK1/SJRabrRNStVIUqzgz0i4r3Lvx5cAzGEI7vYlfpLaV/f7YllSWPpm/kn8
Y413NY72qG68jRg=
-----END CERTIFICATE-----

Issuing CA(签发的那个ca证书,即根证书)
-----BEGIN CERTIFICATE-----
MIIDNzCCAh+gAwIBAgIUCq5N7PhZhCukagt5y2u4TzbqsoswDQYJKoZIhvcNAQEL
BQAwFjEUMBIGA1UEAxMLZXhhbXBsZS5jb20wIBcNMjEwNzAyMTMxNDA0WhgPMjEy
MTA2MDcxMzE0MzRaMBYxFDASBgNVBAMTC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyFj6gBqe8L/QuDdNsbEinZ6VESTmtZGqVyHD
mLCyMvM2zJI3LVmzS09vYPD5RZ9AEt7NBRue1wyMdHSSpLJz2NgYYe3qKR+BSSb1
QrLQySOUrN4CDzPsYr6mffCnCx0PtyzTOR+U3obcubNm+GSNHAkQs0am3hQSohw5
EqWk8Ep/u3iJd1ibb59lRtHwhabtjV/yhFRlzu2IKnB7Q20z2xcUUbQ+RGe3coYf
Odp6vueNwrfG8/CIbK3875onNisa9oTx+gJ9JFy0iX66b+wgWkaSBwmWbn9ZXq8j
m0OSwKcpzdWfwAVdbihbqKG70HdtXIZ18xVFSoVLQgaCY7Y2YQIDAQABo3sweTAO
BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUOLCznLeC
r/3ufRyH3/k4k3htykEwHwYDVR0jBBgwFoAUOLCznLeCr/3ufRyH3/k4k3htykEw
FgYDVR0RBA8wDYILZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADggEBAAUUNkzu
635E7Y8BeZLKThzkFljTJxKP5GFfVOHRK40xKmIiHzI2KynYomm0Mc+NJciksScr
CbE4YfbJDoDs4pszKgFQiECtUHxjX9mN0b5mQTHYuPDHWJCfvxqvYIFFs/OSTfom
PE+8XoRNOStOtwm5vsfDKfu17cXz4KOz7UvyJreyI+AVhy9b70o08BtPaqAmX48Y
9DtzngfUqQakH4zugu7VLv/7D8CiT7WAZ5flfklk4If6pZkM/ux8wjVFVnryByxU
v5tssrX0IJRsIryyjhdPypfMnfFvBhJ9CKmCWMzipmyezseDyi9oUlMnCZbyYfCc
ieIO7wePP2IYJq8=
-----END CERTIFICATE-----

Serial number  1a:01:65:c4:4a:0a:08:4f:60:8b:9b:f0:95:46:7a:13:d9:18:3f:e0
在pki-int引擎中把刚刚在pki引擎里签发的中间证书set-signed到pki-int引擎里

返回pki-int引擎的配置页面,点击set-signed

vault签发根证书、中间证书、ca证书流程记录
set-signed

填入上面签发的中间证书,点击save

vault签发根证书、中间证书、ca证书流程记录
set-signed保存
在pki-int引擎里创建role
vault签发根证书、中间证书、ca证书流程记录
pki-int引擎创建role并设置过期时间
vault签发根证书、中间证书、ca证书流程记录
pki-int引擎创建role允许子域名设置
vault签发根证书、中间证书、ca证书流程记录
pki-int引擎创建role3

如上图,其他保持默认,点击创建。

在pki-int引擎里根据这个role生成ca证书,包括证书和私钥。

点进去role里面生成ca证书

vault签发根证书、中间证书、ca证书流程记录
利用中间证书签发ca证书

vault签发根证书、中间证书、ca证书流程记录
中间证书签发ca成功

大功告成,保存生成的ca证书信息,包括私钥。

Certificate
-----BEGIN CERTIFICATE-----
MIIDTzCCAjegAwIBAgIUMO55tzVxpk4C3OPoRF5cwKsg17cwDQYJKoZIhvcNAQEL
BQAwFjEUMBIGA1UEAxMLZXhhbXBsZS5jb20wIBcNMjEwNzAyMTQxMzAwWhgPMjEx
NzA0MjgxNDEzMzBaMBoxGDAWBgNVBAMTD2FwaS5leGFtcGxlLmNvbTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBANY8aEPwbJRDzljF1WNls205zr1u5sfv
v5j2QQX4zeQHtvixwY29FEbiIVi2mdUuKXr+NEAl9MLPUSaxPbP4iZ5EQraMn1xE
kamUa68/GGC2gcQ6xjTGfbTSK81mypgoGRmnS3F9bnwMzrpVWYMnHxoTQ/iRtGpC
0nQPWVHys7GYVadmN8COhZFrW0AK2NImXjBoQgD8Knajx/PCVzhGpZEJ323tKJDM
h1O2/1q91GSAHo6X04Evf9joT8eoik8v5cZa79huW1x2D3/oHQ4+9UCto6eQir3T
5AICvjqG41Q0UGWMouz14HuqH4BPXmhNNdIWhplRBxZsaT37AhcQlKMCAwEAAaOB
jjCBizAOBgNVHQ8BAf8EBAMCA6gwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
BwMCMB0GA1UdDgQWBBTd5snRLB/H/OkzlexvWtrGcEoiQTAfBgNVHSMEGDAWgBQF
wPlF11ECXw/Bu0XBEEvbAR046TAaBgNVHREEEzARgg9hcGkuZXhhbXBsZS5jb20w
DQYJKoZIhvcNAQELBQADggEBAK3dHKzsGy93so7RplDW9A9+W+cs0Qe5QZw6UA1/
IqWsDfnSeazJM7GRIKyvs+2lTaqWiIhXBCzZVwVg+/q7QkBiIUQrcG0kIUK22K1M
2LFhwA18pEIiIMGHkd17xM0SOfJNbZugxgtd/DsHjhYAcTbJ0gtCL2buoaKeu9R7
dkLucWCIWA6hrUY/1PFqIKnsMDO23fbCH2TgrIZh7RhE+/o7JYJR939qVzk+sJKo
elhmLxr+Sgtkh9/xwq2WPjrP/ylc6CtYedDTmsHVHbunFZFwfDTvcC5as/znk6fG
y2JFFtPFtGFyISaniATz+N57747cPtkPHm5yyp/ryGDxJyg=
-----END CERTIFICATE-----

Issuing CA
-----BEGIN CERTIFICATE-----
MIIDNzCCAh+gAwIBAgIUGgFlxEoKCE9gi5vwlUZ6E9kYP+AwDQYJKoZIhvcNAQEL
BQAwFjEUMBIGA1UEAxMLZXhhbXBsZS5jb20wIBcNMjEwNzAyMTM1ODQ0WhgPMjEy
MTA2MDcxMzU5MTRaMBYxFDASBgNVBAMTC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxOBYWZAvGwLXmV20j8wUH9JpUy9TbWlGI/3y
hRKCtzTuzVL8oi+HhM1DLs2tDbYPRSVdPWL52dJjo+JnGrXBKi0UAM/TJ6J0XMo+
Uz6V7CgdG8/QhAGidJAbKSDgJkP8UUJmwCKpVm6hWl7kYJaWa+ZHYkT7YrDQVZ5C
zVrh6v9OcMgOCxNcs/C06xQqSXf4YoQTcnZKnK7vr96D3ckc1maBrWhHEG86Gsx4
432IuI+j4O6j9cOhVgdSA95T+pkwsWRISOhaLIXxRyRbuPRAf/8PTqFQJkx9Hsw8
/8wQYbfjQrEUYJYa/xm9oSBxiFuIj/WLuukB4c6s5BEXGoz6zQIDAQABo3sweTAO
BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUBcD5RddR
Al8PwbtFwRBL2wEdOOkwHwYDVR0jBBgwFoAUOLCznLeCr/3ufRyH3/k4k3htykEw
FgYDVR0RBA8wDYILZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADggEBABZeG4na
5Ahbh0XDPmi5pvaTRkmVDFpV0673GT0JQFGDOKUaA/H6e5LKLPh6qKn0Q+IYj3pV
M52ZddoUyjwKNfTiuHAbUITAlkWkva9g9rkuuGMTmv7SOENlCq5mc4i+KiIYh2cr
y1gindBA9T+56LZHbnIoC39dz8N+pUINhhiDlxAQhi+W/nu4ypDbjttq7tZinj/b
F7xwJDfVVGFwi+EtD/XE6QtN6TJqjY0JzaVcBiyoznQZ2sGgUoyAKoGdpw1Q4+7/
tcAhFK1/SJRabrRNStVIUqzgz0i4r3Lvx5cAzGEI7vYlfpLaV/f7YllSWPpm/kn8
Y413NY72qG68jRg=
-----END CERTIFICATE-----

CA chain
-----BEGIN CERTIFICATE-----
MIIDNzCCAh+gAwIBAgIUGgFlxEoKCE9gi5vwlUZ6E9kYP+AwDQYJKoZIhvcNAQEL
BQAwFjEUMBIGA1UEAxMLZXhhbXBsZS5jb20wIBcNMjEwNzAyMTM1ODQ0WhgPMjEy
MTA2MDcxMzU5MTRaMBYxFDASBgNVBAMTC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxOBYWZAvGwLXmV20j8wUH9JpUy9TbWlGI/3y
hRKCtzTuzVL8oi+HhM1DLs2tDbYPRSVdPWL52dJjo+JnGrXBKi0UAM/TJ6J0XMo+
Uz6V7CgdG8/QhAGidJAbKSDgJkP8UUJmwCKpVm6hWl7kYJaWa+ZHYkT7YrDQVZ5C
zVrh6v9OcMgOCxNcs/C06xQqSXf4YoQTcnZKnK7vr96D3ckc1maBrWhHEG86Gsx4
432IuI+j4O6j9cOhVgdSA95T+pkwsWRISOhaLIXxRyRbuPRAf/8PTqFQJkx9Hsw8
/8wQYbfjQrEUYJYa/xm9oSBxiFuIj/WLuukB4c6s5BEXGoz6zQIDAQABo3sweTAO
BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUBcD5RddR
Al8PwbtFwRBL2wEdOOkwHwYDVR0jBBgwFoAUOLCznLeCr/3ufRyH3/k4k3htykEw
FgYDVR0RBA8wDYILZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADggEBABZeG4na
5Ahbh0XDPmi5pvaTRkmVDFpV0673GT0JQFGDOKUaA/H6e5LKLPh6qKn0Q+IYj3pV
M52ZddoUyjwKNfTiuHAbUITAlkWkva9g9rkuuGMTmv7SOENlCq5mc4i+KiIYh2cr
y1gindBA9T+56LZHbnIoC39dz8N+pUINhhiDlxAQhi+W/nu4ypDbjttq7tZinj/b
F7xwJDfVVGFwi+EtD/XE6QtN6TJqjY0JzaVcBiyoznQZ2sGgUoyAKoGdpw1Q4+7/
tcAhFK1/SJRabrRNStVIUqzgz0i4r3Lvx5cAzGEI7vYlfpLaV/f7YllSWPpm/kn8
Y413NY72qG68jRg=
-----END CERTIFICATE-----

Private key
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA1jxoQ/BslEPOWMXVY2WzbTnOvW7mx++/mPZBBfjN5Ae2+LHB
jb0URuIhWLaZ1S4pev40QCX0ws9RJrE9s/iJnkRCtoyfXESRqZRrrz8YYLaBxDrG
NMZ9tNIrzWbKmCgZGadLcX1ufAzOulVZgycfGhND+JG0akLSdA9ZUfKzsZhVp2Y3
wI6FkWtbQArY0iZeMGhCAPwqdqPH88JXOEalkQnfbe0okMyHU7b/Wr3UZIAejpfT
gS9/2OhPx6iKTy/lxlrv2G5bXHYPf+gdDj71QK2jp5CKvdPkAgK+OobjVDRQZYyi
7PXge6ofgE9eaE010haGmVEHFmxpPfsCFxCUowIDAQABAoIBAGbbX8/mmarhlyuF
6DqttGSnkXvfyAuMLvgYmwVr/CYUEiP67AvKEPcrUIlQOjFg1WeIrrtxvb7eXH7w
L8i9dg03hrQwdb6N6UV6zey4pVKhrVHySgFCn032bjNSu8gr0ElByfX2G9qRJ5vM
qIpQeR1CzKqGAhHWfUZdrCutE9sagFpfwKGemsnEiRsUVJ+til5ROEIdeRmbes1X
Ura1StwuXNlUvBPkPl7wiOvmPosXSdPkvQd9GXc87b186zFuMk1LHfanR/pwl0Tr
/xygBSgxqWXRcyeOjAbeOPM6XSiYKJwJ1LmfWc/FSoBgSqGhHAlEp2WX27c9HlRR
x5xGP7kCgYEA8m/Kp2O0aFWPGxTqjAL7N4yxTTZ14SFSsrNsSPsaZ25dZQ0sHQix
7NcB6KtjrO75/vxA0gdclHObO794QGIJ6i3+lJVhxnflSSaRAhrF38jYxH5rafdj
IIAyBd+/UZJcKhGehbv2l8CHDZN1rg/cZe6mTcJ/O7o48JWow+SVAbUCgYEA4ji4
sNredJyYVQhIvyL34Jj+p4EZYDo1/q717ZSo0SAJLf3GTC78yGWw+yYtbUNwnteM
ZR2sm3seYsLKhqabGmC9T7gApBOxYNLRK3ZOrCuANinYkXmt9UeoMBz74X+r5W7u
FVpLiAlSxwcVI4L0GQD5gxQOqmRnTSJkrgStk/cCgYEA8K/b2eM6sHqA4LobQXWU
QsoDHEz9Ks0SdSd8Udg5loYTYsd5DDodqqyq0HuXMZDv0R5OnDWCzD8Z1m94yzKJ
9VxEau8Day6NC9qmDBjYahvUWP/JVCKu3w1mnD5OioVryrhDUTIS1wXlDq1fH7fP
b8NGh9yYxItVDEUIj7LX3CECgYAiL9A5adoUZVXgA9B6kh5DottZFPlwwVtHkck4
ji6069J3UNKW0MMCxdtpGOvkhzyNxKVC4qkjFggRhL52etcVtWjmkzgFk7RKnZFe
sBJTkn9dsBU6ZtkTKDESlE68VT70/T6dm3eupzoLOdbH9xJMdQk/9dgBiArUbU4p
vis9IQKBgGin09+ihsjrN56mKC6kL4tM823nGy8NJeXXyNFN27H40JdHpMBJ5+zI
28Q00IQ/6PpRrKENOTDXoQimx4qkrTQKKRxBLk9TnEGAdfpkdsqEMQCF0TtOMz3i
3hfgeILdDk+Ka0Fov3vDhCBPLJIbXM8h6gc8qeXWf/qotjGptySN
-----END RSA PRIVATE KEY-----

Private key type  rsa

Serial number  30:ee:79:b7:35:71:a6:4e:02:dc:e3:e8:44:5e:5c:c0:ab:20:d7:b7

如此,我们就得到了根证书、由根证书签发的中间证书、由中间证书签发的三级CA证书了。

声明:本文内容由互联网用户自发贡献自行上传,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任。如果您发现有涉嫌版权的内容,欢迎发送邮件至:qvyue@qq.com 进行举报,并提供相关证据,工作人员会在5个工作日内联系你,一经查实,本站将立刻删除涉嫌侵权内容。