如何为 azure vm 创建 TLS 证书?
[英]How to create TLS certificate for azure vm?
问题描述
I have 3 VM in azure .
我在azure中有3 个 VM 。 I would like to create TLS certificates for those VM.我想为这些虚拟机创建TLS证书。 can we do like that?我们可以这样做吗?
Is there any documentation which to create a certificates if yes can you please share是否有任何文件可以创建证书,如果是,请分享
1 个解决方案
解决方案1
0 2020-12-18 08:20:38
You don't specify context so I will assume all possibilities, ensure that you're familiar with bash scripting and openssl.您没有指定上下文,因此我将假设所有可能性,确保您熟悉 bash 脚本和 openssl。
Globally trusted: eg external user from internet can connect to your VM through https protocol, use Let's Encrypt or buy an SSL certificate
全球信任:例如来自互联网的外部用户可以通过 https 协议连接到您的虚拟机,使用 Let's Encrypt 或购买 SSL 证书For internal connection only, self-signed certificates to be shared among VMs
仅用于内部连接,在 VM 之间共享自签名证书
openssl req -x509 -days 365 \
-newkey rsa:4096 -nodes -keyout server.key \
-out server.crt \
-subj "/C=GB/ST=London/L=London/O=Global Security/OU=IT Department/CN=example.com"
cat server.crt
- For internal connection only, a recommended use case is to use PKI to grant certificates for every VM that join the network仅对于内部连接,推荐的用例是使用 PKI 为每个加入网络的 VM 授予证书
Example certificate signed by a CA由 CA 签署的示例证书
# Generate CA key and cert
openssl genrsa -out ca.key 2048
openssl req -x509 -new -key ca.key -days 3650 -out ca.crt \
-subj '/C=AA/ST=AA/L=AA/O=AA Ltd/OU=AA/CN=AA/emailAddress=aa@aa.com'
# Generate server key and CSR
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr \
-subj '/C=BB/ST=BB/L=BB/O=BB Ltd/OU=BB/CN=BB/emailAddress=bb@bb.com'
# Generate server cert signed by CA
openssl x509 -req -days 365 -CA ca.crt -CAkey ca.key \
-CAcreateserial -CAserial serial -in server.csr -out server.crt
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.