Lync 项目经验-33-分配公网证书 For 负载均衡-Keepalived-Haproxy / 憋错料

241-HaproxyKA01

242-HaproxyKA02

同样配置。

// 0. 删除文件

//删除旧证书:

ll certificates/

rm -f certificates/*.* //删除所有

ll certificates/

//删除证书

ll /etc/ssl/certs/

rm -f /etc/ssl/certs/exchange_certificate_and_key_nopassword.pem //删除此文件

ll /etc/ssl/certs/

// 1.下载 CA 证书（根证书）

root_i-x-Cloud.cer

上传到 /root/

ls *.cer -l

mv *.cer certificates/

cd certificates

[[email protected] ~]# ll

total 1660

-rw-------. 1 root root 1030 Dec 13 2015 anaconda-ks.cfg

drwxr-xr-x 2 root root 6 Feb 24 17:18 certificates

drwxrwxr-x 9 root root 4096 Oct 6 2016 haproxy-1.5.4

-rw-r--r-- 1 root root 1336140 May 12 2016 haproxy-1.5.4.tar.gz

drwxr-xr-x 7 1000 1000 4096 Oct 7 2016 keepalived-1.2.13

-rw-r--r-- 1 root root 341956 May 13 2014 keepalived-1.2.13.tar.gz

-rw-r--r-- 1 root root 1174 Feb 24 16:02 root_i_x_Cloud.cer

[[email protected] ~]# mv *.cer certificates/

[[email protected] ~]# cd certificates/

[[email protected] certificates]# ll

total 4

-rw-r--r-- 1 root root 1174 Feb 24 16:02 root_i_x_Cloud.cer

// 2. 将cer转为pem (根证书)

openssl x509 -in root_i-x-Cloud.cer -inform der -outform pem -out root_i-x-Cloud.pem

[[email protected] certificates]# openssl x509 -in root_i-x-Cloud.cer -inform der -outform pem -out root_i-x-Cloud.pem

[[email protected] certificates]# ll

total 8

-rw-r--r-- 1 root root 1174 Feb 24 16:02 root_i-x-Cloud.cer

-rw-r--r-- 1 root root 1647 Feb 24 17:21 root_i-x-Cloud.pem

[[email protected] certificates]#

// 3. 重新生成hash

[[email protected] certificates]# c_rehash .

Doing .

root_i-x-Cloud.pem => 2e5ac55d.0

[[email protected] certificates]# ll

total 8

lrwxrwxrwx 1 root root 18 Mar 1 20:23 2e5ac55d.0 -> root_i-x-Cloud.pem

-rw-r--r-- 1 root root 846 Mar 1 12:48 root_i-x-Cloud.cer

-rw-r--r-- 1 root root 1200 Mar 1 20:19 root_i-x-Cloud.pem

[[email protected] certificates]# ll /etc/pki/tls/certs/

total 12

lrwxrwxrwx 1 root root 49 May 10 2016 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

lrwxrwxrwx 1 root root 55 May 10 2016 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt

-rwxr-xr-x 1 root root 610 May 9 2016 make-dummy-cert

-rw-r--r-- 1 root root 2388 May 9 2016 Makefile

-rwxr-xr-x 1 root root 829 May 9 2016 renew-dummy-cert

[[email protected] certificates]#

// 4. 导出证书（设置密码：Aa123456）//密码不能为1.

i-x-Cloud.com.pfx

上传证书:/root/certificates/

[[email protected] certificates]# ll

total 12

lrwxrwxrwx 1 root root 18 Mar 1 20:23 2e5ac55d.0 -> root_i-x-Cloud.pem

-rw-r--r-- 1 root root 3869 Feb 28 22:33 i-x-Cloud.com.pfx

-rw-r--r-- 1 root root 846 Mar 1 12:48 root_i-x-Cloud.cer

-rw-r--r-- 1 root root 1200 Mar 1 20:19 root_i-x-Cloud.pem

[[email protected] certificates]#

// 5. 将pfx转为pem

openssl pkcs12 -in i-x-Cloud.com.pfx -nocerts -out exchange_private_key_passwordprotected.pem

Aa123456

[[email protected] certificates]# ll

total 12

lrwxrwxrwx 1 root root 18 Mar 1 20:23 2e5ac55d.0 -> root_i-x-Cloud.pem

-rw-r--r-- 1 root root 3869 Feb 28 22:33 i-x-Cloud.com.pfx

-rw-r--r-- 1 root root 846 Mar 1 12:48 root_i-x-Cloud.cer

-rw-r--r-- 1 root root 1200 Mar 1 20:19 root_i-x-Cloud.pem

[[email protected] certificates]# openssl pkcs12 -in i-x-Cloud.com.pfx -nocerts -out exchange_private_key_passwordprotected.pem

Enter Import Password:

MAC verified OK

Enter PEM pass phrase:

Verifying - Enter PEM pass phrase:

[[email protected] certificates]# ll

total 16

lrwxrwxrwx 1 root root 18 Mar 1 20:23 2e5ac55d.0 -> root_i-x-Cloud.pem

-rw-r--r-- 1 root root 2088 Mar 1 20:34 exchange_private_key_passwordprotected.pem

-rw-r--r-- 1 root root 3913 Mar 1 20:33 i-x-Cloud.com.pfx

-rw-r--r-- 1 root root 846 Mar 1 12:48 root_i-x-Cloud.cer

-rw-r--r-- 1 root root 1200 Mar 1 20:19 root_i-x-Cloud.pem

[[email protected] certificates]#

// 6. 移出密码保护

openssl rsa -in exchange_private_key_passwordprotected.pem -out exchange_private_key_nopassword.pem

[[email protected] certificates]# openssl rsa -in exchange_private_key_passwordprotected.pem -out exchange_private_key_nopassword.pem

Enter pass phrase for exchange_private_key_passwordprotected.pem:

writing RSA key

[[email protected] certificates]# ll

total 20

lrwxrwxrwx 1 root root 18 Mar 1 20:23 2e5ac55d.0 -> root_i-x-Cloud.pem

-rw-r--r-- 1 root root 1679 Mar 1 20:36 exchange_private_key_nopassword.pem

-rw-r--r-- 1 root root 2088 Mar 1 20:34 exchange_private_key_passwordprotected.pem

-rw-r--r-- 1 root root 3913 Mar 1 20:33 i-x-Cloud.com.pfx

-rw-r--r-- 1 root root 846 Mar 1 12:48 root_i-x-Cloud.cer

-rw-r--r-- 1 root root 1200 Mar 1 20:19 root_i-x-Cloud.pem

[[email protected] certificates]#

// 7. 解压这个pfx文件，我们需要提供凭证。

openssl pkcs12 -in i-x-Cloud.com.pfx -clcerts -nokeys -out exchange_certificate.pem

[[email protected] certificates]# openssl pkcs12 -in i-x-Cloud.com.pfx -clcerts -nokeys -out exchange_certificate.pem

Enter Import Password:

MAC verified OK

[[email protected] certificates]# ll

total 24

lrwxrwxrwx 1 root root 18 Mar 1 20:23 2e5ac55d.0 -> root_i-x-Cloud.pem

-rw-r--r-- 1 root root 3040 Mar 1 20:38 exchange_certificate.pem

-rw-r--r-- 1 root root 1679 Mar 1 20:36 exchange_private_key_nopassword.pem

-rw-r--r-- 1 root root 2088 Mar 1 20:34 exchange_private_key_passwordprotected.pem

-rw-r--r-- 1 root root 3913 Mar 1 20:33 i-x-Cloud.com.pfx

-rw-r--r-- 1 root root 846 Mar 1 12:48 root_i-x-Cloud.cer

-rw-r--r-- 1 root root 1200 Mar 1 20:19 root_i-x-Cloud.pem

[[email protected] certificates]#

// 8. 通过将exchange_certificate.pem和exchange_private_key_nopassword.pem产生exchange_certificate_and_key_nopassword.pem。

cat exchange_certificate.pem exchange_private_key_nopassword.pem > exchange_certificate_and_key_nopassword.pem

[[email protected] certificates]# cat exchange_certificate.pem exchange_private_key_nopassword.pem > exchange_certificate_and_key_nopassword.pem

[[email protected]roxyKA01 certificates]# ll

total 32

lrwxrwxrwx 1 root root 18 Mar 1 20:23 2e5ac55d.0 -> root_i-x-Cloud.pem

-rw-r--r-- 1 root root 4719 Mar 1 20:40 exchange_certificate_and_key_nopassword.pem

-rw-r--r-- 1 root root 3040 Mar 1 20:38 exchange_certificate.pem

-rw-r--r-- 1 root root 1679 Mar 1 20:36 exchange_private_key_nopassword.pem

-rw-r--r-- 1 root root 2088 Mar 1 20:34 exchange_private_key_passwordprotected.pem

-rw-r--r-- 1 root root 3913 Mar 1 20:33 i-x-Cloud.com.pfx

-rw-r--r-- 1 root root 846 Mar 1 12:48 root_i-x-Cloud.cer

-rw-r--r-- 1 root root 1200 Mar 1 20:19 root_i-x-Cloud.pem

[[email protected] certificates]#

// 9. 复制到文件夹中

ll /etc/ssl/certs/

rm -f /etc/ssl/certs/exchange_certificate_and_key_nopassword.pem

mv exchange_certificate_and_key_nopassword.pem /etc/ssl/certs/

ll /etc/ssl/certs/

[[email protected] certificates]# ll /etc/ssl/certs/

total 12

lrwxrwxrwx 1 root root 49 May 10 2016 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

lrwxrwxrwx 1 root root 55 May 10 2016 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt

-rwxr-xr-x 1 root root 610 May 9 2016 make-dummy-cert

-rw-r--r-- 1 root root 2388 May 9 2016 Makefile

-rwxr-xr-x 1 root root 829 May 9 2016 renew-dummy-cert

[[email protected] certificates]# mv exchange_certificate_and_key_nopassword.pem /etc/ssl/certs/

[[email protected] certificates]# ll /etc/ssl/certs/

total 20

lrwxrwxrwx 1 root root 49 May 10 2016 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

lrwxrwxrwx 1 root root 55 May 10 2016 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt

-rw-r--r-- 1 root root 4719 Mar 1 20:40 exchange_certificate_and_key_nopassword.pem

-rwxr-xr-x 1 root root 610 May 9 2016 make-dummy-cert

-rw-r--r-- 1 root root 2388 May 9 2016 Makefile

-rwxr-xr-x 1 root root 829 May 9 2016 renew-dummy-cert

[[email protected] certificates]# ll

total 24

lrwxrwxrwx 1 root root 18 Mar 1 20:23 2e5ac55d.0 -> root_i-x-Cloud.pem

-rw-r--r-- 1 root root 3040 Mar 1 20:38 exchange_certificate.pem

-rw-r--r-- 1 root root 1679 Mar 1 20:36 exchange_private_key_nopassword.pem

-rw-r--r-- 1 root root 2088 Mar 1 20:34 exchange_private_key_passwordprotected.pem

-rw-r--r-- 1 root root 3913 Mar 1 20:33 i-x-Cloud.com.pfx

-rw-r--r-- 1 root root 846 Mar 1 12:48 root_i-x-Cloud.cer

-rw-r--r-- 1 root root 1200 Mar 1 20:19 root_i-x-Cloud.pem

[[email protected] certificates]#

// 10. 测试

[[email protected] ~]# ip a | grep "inet 10"

inet 10.1.1.241/24 brd 10.1.1.255 scope global eth0

inet 10.1.1.135/32 scope global eth0

inet 10.1.1.150/32 scope global eth0

inet 10.1.1.120/32 scope global eth0

[[email protected] ~]#

[[email protected] ~]# ip a | grep "inet 10"

inet 10.1.1.242/24 brd 10.1.1.255 scope global eth0

[[email protected] ~]#

[[email protected] ~]# ip a | grep "inet 10"

inet 10.1.1.241/24 brd 10.1.1.255 scope global eth0

[[email protected] ~]#

[[email protected] ~]# ip a | grep "inet 10"

inet 10.1.1.242/24 brd 10.1.1.255 scope global eth0

[[email protected] ~]# ip a | grep "inet 10"

inet 10.1.1.242/24 brd 10.1.1.255 scope global eth0

inet 10.1.1.135/32 scope global eth0

inet 10.1.1.150/32 scope global eth0

inet 10.1.1.120/32 scope global eth0

[[email protected] ~]#

原文地址：http://blog.51cto.com/dynamic/2082160

时间： 2024-10-18 08:05:33

Lync 项目经验-33-分配公网证书 For 负载均衡-Keepalived-Haproxy

Lync 项目经验-33-分配公网证书 For 负载均衡-Keepalived-Haproxy的相关文章

Lync 项目经验-36-分配公网证书 For SFB 2015-前端服务器(图解)

Lync 项目经验-34-分配公网证书 For Office Web App Server 2013

Lync 项目经验-38-分配公网证书 For SFB 2015-边缘服务器(图解)

Lync 项目经验-35-分配公网证书 For Exchange Server 2016(图解)

Lync 项目经验-04-共存迁移-Lync 2013-TO-SFB 2015-Godaddy-更新公网证书

Lync 项目经验-12-为某上市企业Skype for Business购买Godday证书

Lync 项目经验-09-用Lync 2013或Skype for Business 2015抢春运火车票

Lync 项目经验-08-Polycom CX700-4.0.X-能登录SFB 2015-能更新为中文

Lync 项目经验-14-为某客户用Exchange 2016 UM作为总机的问题