CENT-SRV
#apt –y install apache2 tftpd-hpa
#vim /etc/default-tftpd-hpa
#systemctl restart tftpd-hpa
#chown tftp:tftp /var/www/html
EX-R
conf t
clock calendar-valid
ip domain-name skills2021.kr
crypto pki server ROOTCA
database url flash:
grant auto
database level complete
issuer-name CN=ROOTCA
hash sha256
no shutdown
※암호: korea2021##
exit
ip http server
WORK-R
conf t
clock calendar-valid
ip domain-name skills2021.kr
crypto key generate rsa mod 2048 label SKILLS-CA-KEY
crypto pki trustpoint SKILLS-CA
rsakeypair SKILLS-CA-KEY
enrollment url http://203.230.10.2
revocation-check none
hash sha256
crypto pki server SKILLS-CA
mode sub-cs
grant auto
database url flash:
database level complete
issuer-name CN=SKILLS-CA
hash sha256
no shut
※암호: korea2021##
[yes/no]: yes
※암호: korea2021##
exit
ip http server
EX-R
conf t
show crypto pki server ROOTCA requests
*요청이 온 것을 확인
crypto pki server ROOTCA grant all
WORK-R
*잠시 기다리면, CA 인증서가 설치되었고, CA 서버가 활성화되었다는 알림을 확인
show crypto pki server
WORK-R
conf t
crypto pki exprort SKILLS-CA pem terminal
나오는 것들 중 두번째 꺼를 notepad를 사용해 인증서로 만든다.
ip tftp source-interface tun0
exit
copy flash:SKILLS-CA.crl tftp://2001:10:202:2::1/
인증서 해지정보(crl)를 CENT-SRV 보냄
crypto pki trustpoint TEST
enrollment url http://203.230.10.1
revocation-check none
subject-name CN=TEST
exit
crypto pki authenticate TEST
crypto pki enroll TEST
*인증서가 발급되어야함.
no crypto pki trustpoint TEST
발급된 걸 확인하고 삭제
EX-R
conf t
crypto pki export ROOTCA pem url flash:
rootca의 인증서를 flash:로 복사 함.
tftp-server flash:ROOTCA.ca
CENT-R
conf t
ip tftp source-interface gig0/0/1
exit
copy tftp://107.58.65.1/ROOTCA.ca flash:
rootca의 인증서를 flash:로 복사 함.
conf t
ip tftp source-interface gig0/0/0
exit
copy flash:ROOTCA.ca tftp://172.16.0.1
복사가 완료되면 CENT-SRV에서 open-vm-tools를 이용해서 ROOTCA의 인증서와 SKILLS-CA의 인증서를 각 클라이언트에게 설치.
'물리서버' 카테고리의 다른 글
[21전국] 3과제 DHCP 및 LDAP 설정 (0) | 2021.11.11 |
---|---|
[21전국] 3과제 Site-to-Site VPN (0) | 2021.11.11 |
[21전국] 3과제 DNS 설정 (0) | 2021.11.10 |
[21전국] 3과제 라우팅 및 NTP (0) | 2021.11.10 |
[21전국] 3과제 기본 세팅 Basic Configuration (0) | 2021.11.10 |