/l3/users/10-12-2007/unix-win/fbsd1.net.nt/root :1 :2 :3 :4 :5 :6 :7 :8 :9 :10 :11 :12 :13 :14 :15 :16 :17 :18 :19 :20 :21 :22 :23 :24 :25 :26 :27 :28 :29 :30 :31 :32
[ править ]

Журнал лабораторных работ

Содержание

Журнал

Понедельник (12/10/07)

/dev/ttyp9
13:55:16
#opemssl ca 
bash: opemssl: command not found
13:57:39
#openssl ca 
Using configuration from /etc/ssl/openssl.cnf
Error opening CA private key ./demoCA/private/cakey.pem
32595:error:02001002:system library:fopen:No such file or directory:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:278:fopen('./demoCA/private/cakey.pem','r')
32595:error:20074002:BIO routines:FILE_CTRL:system lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:280:
unable to load CA private key
13:57:39
#openssl ca 
Using configuration from /etc/ssl/openssl.cnf
Error opening CA private key ./demoCA/private/cakey.pem
32595:error:02001002:system library:fopen:No such file or directory:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:278:fopen('./demoCA/private/cakey.pem','r')
32595:error:20074002:BIO routines:FILE_CTRL:system lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:280:
unable to load CA private key
13:57:39
#openssl ca 
Using configuration from /etc/ssl/openssl.cnf
Error opening CA private key ./demoCA/private/cakey.pem
32595:error:02001002:system library:fopen:No such file or directory:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:278:fopen('./demoCA/private/cakey.pem','r')
32595:error:20074002:BIO routines:FILE_CTRL:system lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:280:
unable to load CA private key
13:57:39
#openssl ca 
Using configuration from /etc/ssl/openssl.cnf
Error opening CA private key ./demoCA/private/cakey.pem
32595:error:02001002:system library:fopen:No such file or directory:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:278:fopen('./demoCA/private/cakey.pem','r')
32595:error:20074002:BIO routines:FILE_CTRL:system lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:280:
unable to load CA private key
13:57:39
#openssl ca 
Using configuration from /etc/ssl/openssl.cnf
Error opening CA private key ./demoCA/private/cakey.pem
32595:error:02001002:system library:fopen:No such file or directory:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:278:fopen('./demoCA/private/cakey.pem','r')
32595:error:20074002:BIO routines:FILE_CTRL:system lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:280:
unable to load CA private key
13:57:42
#openssl ca dd 
unknown option dd
usage: ca args
 -verbose        - Talk alot while doing things
 -config file    - A config file
 -name arg       - The particular CA definition to use
 -gencrl         - Generate a new CRL
 -crldays days   - Days is when the next CRL is due
 -crlhours hours - Hours is when the next CRL is due
 -startdate YYMMDDHHMMSSZ  - certificate validity notBefore
 -enddate YYMMDDHHMMSSZ    - certificate validity notAfter (overrides -days)
...
 -batch          - Don't ask questions
 -msie_hack      - msie modifications to handle all those universal strings
 -revoke file    - Revoke a certificate (given in file)
 -subj arg       - Use arg instead of request's subject
 -extensions ..  - Extension section (override value in config file)
 -extfile file   - Configuration file with X509v3 extentions to add
 -crlexts ..     - CRL extension section (override value in config file)
 -engine e       - use engine e, possibly a hardware device.
 -status serial  - Shows certificate status given the serial number
 -updatedb       - Updates db for expired certificates
13:57:42
#openssl ca dd 
unknown option dd
usage: ca args
 -verbose        - Talk alot while doing things
 -config file    - A config file
 -name arg       - The particular CA definition to use
 -gencrl         - Generate a new CRL
 -crldays days   - Days is when the next CRL is due
 -crlhours hours - Hours is when the next CRL is due
 -startdate YYMMDDHHMMSSZ  - certificate validity notBefore
 -enddate YYMMDDHHMMSSZ    - certificate validity notAfter (overrides -days)
...
 -batch          - Don't ask questions
 -msie_hack      - msie modifications to handle all those universal strings
 -revoke file    - Revoke a certificate (given in file)
 -subj arg       - Use arg instead of request's subject
 -extensions ..  - Extension section (override value in config file)
 -extfile file   - Configuration file with X509v3 extentions to add
 -crlexts ..     - CRL extension section (override value in config file)
 -engine e       - use engine e, possibly a hardware device.
 -status serial  - Shows certificate status given the serial number
 -updatedb       - Updates db for expired certificates
13:57:42
#openssl ca dd 
unknown option dd
usage: ca args
 -verbose        - Talk alot while doing things
 -config file    - A config file
 -name arg       - The particular CA definition to use
 -gencrl         - Generate a new CRL
 -crldays days   - Days is when the next CRL is due
 -crlhours hours - Hours is when the next CRL is due
 -startdate YYMMDDHHMMSSZ  - certificate validity notBefore
 -enddate YYMMDDHHMMSSZ    - certificate validity notAfter (overrides -days)
...
 -batch          - Don't ask questions
 -msie_hack      - msie modifications to handle all those universal strings
 -revoke file    - Revoke a certificate (given in file)
 -subj arg       - Use arg instead of request's subject
 -extensions ..  - Extension section (override value in config file)
 -extfile file   - Configuration file with X509v3 extentions to add
 -crlexts ..     - CRL extension section (override value in config file)
 -engine e       - use engine e, possibly a hardware device.
 -status serial  - Shows certificate status given the serial number
 -updatedb       - Updates db for expired certificates
13:57:42
#openssl ca dd 
unknown option dd
usage: ca args
 -verbose        - Talk alot while doing things
 -config file    - A config file
 -name arg       - The particular CA definition to use
 -gencrl         - Generate a new CRL
 -crldays days   - Days is when the next CRL is due
 -crlhours hours - Hours is when the next CRL is due
 -startdate YYMMDDHHMMSSZ  - certificate validity notBefore
 -enddate YYMMDDHHMMSSZ    - certificate validity notAfter (overrides -days)
...
 -batch          - Don't ask questions
 -msie_hack      - msie modifications to handle all those universal strings
 -revoke file    - Revoke a certificate (given in file)
 -subj arg       - Use arg instead of request's subject
 -extensions ..  - Extension section (override value in config file)
 -extfile file   - Configuration file with X509v3 extentions to add
 -crlexts ..     - CRL extension section (override value in config file)
 -engine e       - use engine e, possibly a hardware device.
 -status serial  - Shows certificate status given the serial number
 -updatedb       - Updates db for expired certificates
13:57:42
#openssl ca dd 
unknown option dd
usage: ca args
 -verbose        - Talk alot while doing things
 -config file    - A config file
 -name arg       - The particular CA definition to use
 -gencrl         - Generate a new CRL
 -crldays days   - Days is when the next CRL is due
 -crlhours hours - Hours is when the next CRL is due
 -startdate YYMMDDHHMMSSZ  - certificate validity notBefore
 -enddate YYMMDDHHMMSSZ    - certificate validity notAfter (overrides -days)
...
 -batch          - Don't ask questions
 -msie_hack      - msie modifications to handle all those universal strings
 -revoke file    - Revoke a certificate (given in file)
 -subj arg       - Use arg instead of request's subject
 -extensions ..  - Extension section (override value in config file)
 -extfile file   - Configuration file with X509v3 extentions to add
 -crlexts ..     - CRL extension section (override value in config file)
 -engine e       - use engine e, possibly a hardware device.
 -status serial  - Shows certificate status given the serial number
 -updatedb       - Updates db for expired certificates
13:57:45
#openssl ca -days 3650 -out freesrv.crt -in freesrv.csr 










13:57:45




#openssl ca -days 3650 -out freesrv.crt -in freesrv.csr















13:57:45




#openssl ca -days 3650 -out freesrv.crt -in freesrv.csr















13:57:45




#openssl ca -days 3650 -out freesrv.crt -in freesrv.csr















13:57:45




#openssl ca -days 3650 -out freesrv.crt -in freesrv.csr












13:58:25




#history 10





  151  set prompt#
  152  openssl ca -days 3650 -out freesrv.crt -in freesrv.csr -extensions server
  153  openssl ca -days 3650 -out freesrv.crt -in freesrv.csr
  154  openssl ca -days 3650 -out freesrv.crt -in freesrv.csr
  155  opemssl ca
  156  openssl ca
  157  openssl ca dd
  158  openssl ca -cert ca.crt days 3650 -out freesrv.crt -in freesrv.csr
  159  openssl ca -cert ca.crt days 3650 -out freesrv.crt -in freesrv.csr
  160  history 10











13:58:25




#history 10





  151  set prompt#
  152  openssl ca -days 3650 -out freesrv.crt -in freesrv.csr -extensions server
  153  openssl ca -days 3650 -out freesrv.crt -in freesrv.csr
  154  openssl ca -days 3650 -out freesrv.crt -in freesrv.csr
  155  opemssl ca
  156  openssl ca
  157  openssl ca dd
  158  openssl ca -cert ca.crt days 3650 -out freesrv.crt -in freesrv.csr
  159  openssl ca -cert ca.crt days 3650 -out freesrv.crt -in freesrv.csr
  160  history 10











13:58:25




#history 10





  151  set prompt#
  152  openssl ca -days 3650 -out freesrv.crt -in freesrv.csr -extensions server
  153  openssl ca -days 3650 -out freesrv.crt -in freesrv.csr
  154  openssl ca -days 3650 -out freesrv.crt -in freesrv.csr
  155  opemssl ca
  156  openssl ca
  157  openssl ca dd
  158  openssl ca -cert ca.crt days 3650 -out freesrv.crt -in freesrv.csr
  159  openssl ca -cert ca.crt days 3650 -out freesrv.crt -in freesrv.csr
  160  history 10











13:58:25




#history 10





  151  set prompt#
  152  openssl ca -days 3650 -out freesrv.crt -in freesrv.csr -extensions server
  153  openssl ca -days 3650 -out freesrv.crt -in freesrv.csr
  154  openssl ca -days 3650 -out freesrv.crt -in freesrv.csr
  155  opemssl ca
  156  openssl ca
  157  openssl ca dd
  158  openssl ca -cert ca.crt days 3650 -out freesrv.crt -in freesrv.csr
  159  openssl ca -cert ca.crt days 3650 -out freesrv.crt -in freesrv.csr
  160  history 10











13:58:25




#history 10


  151  set prompt#
  152  openssl ca -days 3650 -out freesrv.crt -in freesrv.csr -extensions server
  153  openssl ca -days 3650 -out freesrv.crt -in freesrv.csr
  154  openssl ca -days 3650 -out freesrv.crt -in freesrv.csr
  155  opemssl ca
  156  openssl ca
  157  openssl ca dd
  158  openssl ca -cert ca.crt days 3650 -out freesrv.crt -in freesrv.csr
  159  openssl ca -cert ca.crt days 3650 -out freesrv.crt -in freesrv.csr
  160  history 10











13:58:29




#openssl ca dd















13:58:29




#opemssl ca















13:58:29




#openssl ca dd















13:58:29




#opemssl ca















13:58:29




#openssl ca dd















13:58:29




#opemssl ca















13:58:29




#openssl ca dd















13:58:29




#opemssl ca















13:58:29




#openssl ca dd















13:58:29




#opemssl ca















13:58:29




#openssl ca dd















13:58:29




#opemssl ca












13:58:51




#history 10





Using configuration from /etc/ssl/openssl.cnf
Error opening CA private key ./demoCA/private/cakey.pem
32658:error:02001002:system library:fopen:No such file or directory:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:278:fopen('./demoCA/private/cakey.pem','r')
32658:error:20074002:BIO routines:FILE_CTRL:system lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:280:
unable to load CA private key











13:58:51




#openssl ca dd















13:58:51




#openssl ca dd





unknown option dd
usage: ca args
 -verbose        - Talk alot while doing things
 -config file    - A config file
 -name arg       - The particular CA definition to use
 -gencrl         - Generate a new CRL
 -crldays days   - Days is when the next CRL is due
 -crlhours hours - Hours is when the next CRL is due
 -startdate YYMMDDHHMMSSZ  - certificate validity notBefore
 -enddate YYMMDDHHMMSSZ    - certificate validity notAfter (overrides -days)
...
 -batch          - Don't ask questions
 -msie_hack      - msie modifications to handle all those universal strings
 -revoke file    - Revoke a certificate (given in file)
 -subj arg       - Use arg instead of request's subject
 -extensions ..  - Extension section (override value in config file)
 -extfile file   - Configuration file with X509v3 extentions to add
 -crlexts ..     - CRL extension section (override value in config file)
 -engine e       - use engine e, possibly a hardware device.
 -status serial  - Shows certificate status given the serial number
 -updatedb       - Updates db for expired certificates











13:58:51




#openssl ca dd





unknown option dd
usage: ca args
 -verbose        - Talk alot while doing things
 -config file    - A config file
 -name arg       - The particular CA definition to use
 -gencrl         - Generate a new CRL
 -crldays days   - Days is when the next CRL is due
 -crlhours hours - Hours is when the next CRL is due
 -startdate YYMMDDHHMMSSZ  - certificate validity notBefore
 -enddate YYMMDDHHMMSSZ    - certificate validity notAfter (overrides -days)
...
 -batch          - Don't ask questions
 -msie_hack      - msie modifications to handle all those universal strings
 -revoke file    - Revoke a certificate (given in file)
 -subj arg       - Use arg instead of request's subject
 -extensions ..  - Extension section (override value in config file)
 -extfile file   - Configuration file with X509v3 extentions to add
 -crlexts ..     - CRL extension section (override value in config file)
 -engine e       - use engine e, possibly a hardware device.
 -status serial  - Shows certificate status given the serial number
 -updatedb       - Updates db for expired certificates











13:58:51




#history 10















13:58:51




#openssl ca dd















13:58:51




#openssl ca dd





unknown option dd
usage: ca args
 -verbose        - Talk alot while doing things
 -config file    - A config file
 -name arg       - The particular CA definition to use
 -gencrl         - Generate a new CRL
 -crldays days   - Days is when the next CRL is due
 -crlhours hours - Hours is when the next CRL is due
 -startdate YYMMDDHHMMSSZ  - certificate validity notBefore
 -enddate YYMMDDHHMMSSZ    - certificate validity notAfter (overrides -days)
...
 -batch          - Don't ask questions
 -msie_hack      - msie modifications to handle all those universal strings
 -revoke file    - Revoke a certificate (given in file)
 -subj arg       - Use arg instead of request's subject
 -extensions ..  - Extension section (override value in config file)
 -extfile file   - Configuration file with X509v3 extentions to add
 -crlexts ..     - CRL extension section (override value in config file)
 -engine e       - use engine e, possibly a hardware device.
 -status serial  - Shows certificate status given the serial number
 -updatedb       - Updates db for expired certificates











13:58:51




#history 10















13:58:51




#openssl ca dd















13:58:51




#openssl ca dd





unknown option dd
usage: ca args
 -verbose        - Talk alot while doing things
 -config file    - A config file
 -name arg       - The particular CA definition to use
 -gencrl         - Generate a new CRL
 -crldays days   - Days is when the next CRL is due
 -crlhours hours - Hours is when the next CRL is due
 -startdate YYMMDDHHMMSSZ  - certificate validity notBefore
 -enddate YYMMDDHHMMSSZ    - certificate validity notAfter (overrides -days)
...
 -batch          - Don't ask questions
 -msie_hack      - msie modifications to handle all those universal strings
 -revoke file    - Revoke a certificate (given in file)
 -subj arg       - Use arg instead of request's subject
 -extensions ..  - Extension section (override value in config file)
 -extfile file   - Configuration file with X509v3 extentions to add
 -crlexts ..     - CRL extension section (override value in config file)
 -engine e       - use engine e, possibly a hardware device.
 -status serial  - Shows certificate status given the serial number
 -updatedb       - Updates db for expired certificates











13:58:51




#history 10















13:58:51




#openssl ca dd















13:58:51




#openssl ca dd





unknown option dd
usage: ca args
 -verbose        - Talk alot while doing things
 -config file    - A config file
 -name arg       - The particular CA definition to use
 -gencrl         - Generate a new CRL
 -crldays days   - Days is when the next CRL is due
 -crlhours hours - Hours is when the next CRL is due
 -startdate YYMMDDHHMMSSZ  - certificate validity notBefore
 -enddate YYMMDDHHMMSSZ    - certificate validity notAfter (overrides -days)
...
 -batch          - Don't ask questions
 -msie_hack      - msie modifications to handle all those universal strings
 -revoke file    - Revoke a certificate (given in file)
 -subj arg       - Use arg instead of request's subject
 -extensions ..  - Extension section (override value in config file)
 -extfile file   - Configuration file with X509v3 extentions to add
 -crlexts ..     - CRL extension section (override value in config file)
 -engine e       - use engine e, possibly a hardware device.
 -status serial  - Shows certificate status given the serial number
 -updatedb       - Updates db for expired certificates











13:58:51




#history 10















13:58:51




#openssl ca dd















13:58:51




#openssl ca dd


unknown option dd
usage: ca args
 -verbose        - Talk alot while doing things
 -config file    - A config file
 -name arg       - The particular CA definition to use
 -gencrl         - Generate a new CRL
 -crldays days   - Days is when the next CRL is due
 -crlhours hours - Hours is when the next CRL is due
 -startdate YYMMDDHHMMSSZ  - certificate validity notBefore
 -enddate YYMMDDHHMMSSZ    - certificate validity notAfter (overrides -days)
...
 -batch          - Don't ask questions
 -msie_hack      - msie modifications to handle all those universal strings
 -revoke file    - Revoke a certificate (given in file)
 -subj arg       - Use arg instead of request's subject
 -extensions ..  - Extension section (override value in config file)
 -extfile file   - Configuration file with X509v3 extentions to add
 -crlexts ..     - CRL extension section (override value in config file)
 -engine e       - use engine e, possibly a hardware device.
 -status serial  - Shows certificate status given the serial number
 -updatedb       - Updates db for expired certificates











14:00:12




#ls





ca.crt          ca.key          dh1024.pem      freesrv.csr     freesrv.key











14:00:12




#ls





ca.crt          ca.key          dh1024.pem      freesrv.csr     freesrv.key











14:00:12




#ls





ca.crt          ca.key          dh1024.pem      freesrv.csr     freesrv.key











14:00:12




#ls





ca.crt          ca.key          dh1024.pem      freesrv.csr     freesrv.key











14:00:12




#ls


ca.crt          ca.key          dh1024.pem      freesrv.csr     freesrv.key











14:00:19




#cat /etc/ssl/openssl.cnf





# default: PrintableString, T61String, BMPString.
# pkix   : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
...
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always











14:00:19




#cat /etc/ssl/openssl.cnf





# default: PrintableString, T61String, BMPString.
# pkix   : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
...
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always











14:00:19




#cat /etc/ssl/openssl.cnf





# default: PrintableString, T61String, BMPString.
# pkix   : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
...
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always











14:00:19




#cat /etc/ssl/openssl.cnf





# default: PrintableString, T61String, BMPString.
# pkix   : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
...
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always











14:00:19




#cat /etc/ssl/openssl.cnf





# default: PrintableString, T61String, BMPString.
# pkix   : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
...
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always











14:00:19




#cat /etc/ssl/openssl.cnf


# default: PrintableString, T61String, BMPString.
# pkix   : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
...
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always











14:00:29




#openssl ca -cert ca.crt -days 3650 -out freesrv.crt -in freesr





v.csr -extensions server
Using configuration from /etc/ssl/openssl.cnf
Error opening CA private key ./demoCA/private/cakey.pem
32722:error:02001002:system library:fopen:No such file or directory:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:278:fopen('./demoCA/private/cakey.pem','r')
32722:error:20074002:BIO routines:FILE_CTRL:system lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:280:
unable to load CA private key











14:00:29




#openssl ca -cert ca.crt -days 3650 -out freesrv.crt -in freesr





v.csr -extensions server
Using configuration from /etc/ssl/openssl.cnf
Error opening CA private key ./demoCA/private/cakey.pem
32722:error:02001002:system library:fopen:No such file or directory:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:278:fopen('./demoCA/private/cakey.pem','r')
32722:error:20074002:BIO routines:FILE_CTRL:system lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:280:
unable to load CA private key











14:00:29




#openssl ca -cert ca.crt -days 3650 -out freesrv.crt -in freesr





v.csr -extensions server
Using configuration from /etc/ssl/openssl.cnf
Error opening CA private key ./demoCA/private/cakey.pem
32722:error:02001002:system library:fopen:No such file or directory:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:278:fopen('./demoCA/private/cakey.pem','r')
32722:error:20074002:BIO routines:FILE_CTRL:system lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:280:
unable to load CA private key











14:00:29




#openssl ca -cert ca.crt -days 3650 -out freesrv.crt -in freesr





v.csr -extensions server
Using configuration from /etc/ssl/openssl.cnf
Error opening CA private key ./demoCA/private/cakey.pem
32722:error:02001002:system library:fopen:No such file or directory:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:278:fopen('./demoCA/private/cakey.pem','r')
32722:error:20074002:BIO routines:FILE_CTRL:system lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:280:
unable to load CA private key











14:00:29




#openssl ca -cert ca.crt -days 3650 -out freesrv.crt -in freesr





v.csr -extensions server
Using configuration from /etc/ssl/openssl.cnf
Error opening CA private key ./demoCA/private/cakey.pem
32722:error:02001002:system library:fopen:No such file or directory:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:278:fopen('./demoCA/private/cakey.pem','r')
32722:error:20074002:BIO routines:FILE_CTRL:system lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:280:
unable to load CA private key











14:00:29




#openssl ca -cert ca.crt -days 3650 -out freesrv.crt -in freesr





v.csr -extensions server
Using configuration from /etc/ssl/openssl.cnf
Error opening CA private key ./demoCA/private/cakey.pem
32722:error:02001002:system library:fopen:No such file or directory:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:278:fopen('./demoCA/private/cakey.pem','r')
32722:error:20074002:BIO routines:FILE_CTRL:system lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:280:
unable to load CA private key











14:00:29




#openssl ca -cert ca.crt -days 3650 -out freesrv.crt -in freesr


v.csr -extensions server
Using configuration from /etc/ssl/openssl.cnf
Error opening CA private key ./demoCA/private/cakey.pem
32722:error:02001002:system library:fopen:No such file or directory:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:278:fopen('./demoCA/private/cakey.pem','r')
32722:error:20074002:BIO routines:FILE_CTRL:system lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:280:
unable to load CA private key











14:05:33




#openssl ca dd















14:05:33




#history 10















14:05:33




#openssl ca dd















14:05:33




#set prompt#















14:05:33




#ls -l















14:05:33




#openssl dhparam -out ./dh1024.pem 1024















14:05:33




#openssl dhparam -out ./dh1024.pem 1024















14:05:33




#openssl ca dd















14:05:33




#history 10















14:05:33




#openssl ca dd















14:05:33




#set prompt#















14:05:33




#ls -l















14:05:33




#openssl dhparam -out ./dh1024.pem 1024















14:05:33




#openssl dhparam -out ./dh1024.pem 1024















14:05:33




#openssl ca dd















14:05:33




#history 10















14:05:33




#openssl ca dd















14:05:33




#set prompt#















14:05:33




#ls -l















14:05:33




#openssl dhparam -out ./dh1024.pem 1024















14:05:33




#openssl dhparam -out ./dh1024.pem 1024















14:05:33




#openssl ca dd















14:05:33




#history 10















14:05:33




#openssl ca dd















14:05:33




#set prompt#















14:05:33




#ls -l















14:05:33




#openssl dhparam -out ./dh1024.pem 1024















14:05:33




#openssl dhparam -out ./dh1024.pem 1024















14:05:33




#openssl ca dd















14:05:33




#history 10















14:05:33




#openssl ca dd















14:05:33




#set prompt#















14:05:33




#ls -l















14:05:33




#openssl dhparam -out ./dh1024.pem 1024










Файлы
  • /etc/ssl/openssl.cnf
    • /etc/ssl/openssl.cnf
    

    >
    # default: PrintableString, T61String, BMPString.
# pkix   : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName                     = Country Name (2 letter code)
countryName_default             = AU
countryName_min                 = 2
countryName_max                 = 2
stateOrProvinceName             = State or Province Name (full name)
stateOrProvinceName_default     = Some-State
localityName                    = Locality Name (eg, city)
0.organizationName              = Organization Name (eg, company)
0.organizationName_default      = Internet Widgits Pty Ltd
# we can do this but it is not needed normally :-)
#1.organizationName             = Second Organization Name (eg, company)
#1.organizationName_default     = World Wide Web Pty Ltd
organizationalUnitName          = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName                      = Common Name (eg, YOUR name)
commonName_max                  = 64
emailAddress                    = Email Address
emailAddress_max                = 64
# SET-ex3                       = SET extension number 3
[ req_attributes ]
challengePassword               = A challenge password
challengePassword_min           = 4
challengePassword_max           = 20
unstructuredName                = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType                    = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment                       = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# An alternative to produce certificates that aren't
# deprecated according to PKIX.
# subjectAltName=email:move
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl              = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always

    Статистика
    Время первой команды журнала13:55:16 2007-12-10
    Время последней команды журнала14:05:33 2007-12-10
    Количество командных строк в журнале101
    Процент команд с ненулевым кодом завершения, %38.61
    Процент синтаксически неверно набранных команд, % 0.99
    Суммарное время работы с терминалом *, час 0.17
    Количество командных строк в единицу времени, команда/мин 9.82
    Частота использования команд
    openssl58|=========================================================| 57.43%
    history15|==============| 14.85%
    ls10|=========|  9.90%
    opemssl7|======|  6.93%
    cat6|=====|  5.94%
    set5|====|  4.95%
    ____
    *) Интервалы неактивности длительностью 30 минут и более не учитываются
    Справка
        Для того чтобы использовать LiLaLo, не нужно знать ничего особенного:
    всё происходит само собой.
    Однако, чтобы ведение и последующее использование журналов
    было как можно более эффективным, желательно иметь в виду следующее:
    
      
    
    1.  
    В журнал автоматически попадают все команды, данные в любом терминале системы.
    
      2. 
    
    2. 
    Для того чтобы убедиться, что журнал на текущем терминале ведётся, 
    и команды записываются, дайте команду w.
    В поле WHAT, соответствующем текущему терминалу, 
    должна быть указана программа script.
    
      3. 
    
    3. 
    Команды, при наборе которых были допущены синтаксические ошибки, 
    выводятся перечёркнутым текстом:

      

      


      $ l s-l
      

      bash: l: command not found

      
      		

      

      

      
    
      4. 
    
    4. 
    Если код завершения команды равен нулю, 
    команда была выполнена без ошибок.
    Команды, код завершения которых отличен от нуля, выделяются цветом.

      

      


      $ test 5 -lt 4
      

      		

      

      
    Обратите внимание на то, что код завершения команды может быть отличен от нуля
    не только в тех случаях, когда команда была выполнена с ошибкой.
    Многие команды используют код завершения, например, для того чтобы показать результаты проверки

      
    
      5. 
    
    5. 
    Команды, ход выполнения которых был прерван пользователем, выделяются цветом.

      

      


      $ find / -name abc
      

      find: /home/devi-orig/.gnome2: Keine Berechtigung
find: /home/devi-orig/.gnome2_private: Keine Berechtigung
find: /home/devi-orig/.nautilus/metafiles: Keine Berechtigung
find: /home/devi-orig/.metacity: Keine Berechtigung
find: /home/devi-orig/.inkscape: Keine Berechtigung
^C

      
      		

      

      

      
    
      6. 
    
    6. 
    Команды, выполненные с привилегиями суперпользователя,
    выделяются слева красной чертой.

      

      


      # id
      

      uid=0(root) gid=0(root) Gruppen=0(root)

      
      		

      

      
    
      
    
      7. 
    
    7. 
    Изменения, внесённые в текстовый файл с помощью редактора, 
    запоминаются и показываются в журнале в формате ed.
    Строки, начинающиеся символом "<", удалены, а строки,
    начинающиеся символом ">" -- добавлены.

      

      


      $ vi ~/.bashrc
      

      2a3,5
>    if [ -f /usr/local/etc/bash_completion ]; then
>         . /usr/local/etc/bash_completion
>        fi

      		

      

      
    
      
    
      8. 
    
    8. 
    Для того чтобы изменить файл в соответствии с показанными в диффшоте
    изменениями, можно воспользоваться командой patch.
    Нужно скопировать изменения, запустить программу patch, указав в
    качестве её аргумента файл, к которому применяются изменения,
    и всавить скопированный текст:

      

      


      $ patch ~/.bashrc
      
      		

      

      
    В данном случае изменения применяются к файлу ~/.bashrc
    
      9. 
    
    9. 
    Для того чтобы получить краткую справочную информацию о команде, 
    нужно подвести к ней мышь. Во всплывающей подсказке появится краткое
    описание команды.
    
      
    
      
    Если справочная информация о команде есть, 
    команда выделяется голубым фоном, например: vi.
    Если справочная информация отсутствует,
    команда выделяется розовым фоном, например: notepad.exe.
    Справочная информация может отсутствовать в том случае, 
    если (1) команда введена неверно; (2) если распознавание команды LiLaLo выполнено неверно;
    (3) если информация о команде неизвестна LiLaLo.
    Последнее возможно для редких команд.
    
      10. 
    
    10. 
    Большие, в особенности многострочные, всплывающие подсказки лучше 
    всего показываются браузерами KDE Konqueror, Apple Safari и Microsoft Internet Explorer.
    В браузерах Mozilla и Firefox они отображаются не полностью, 
    а вместо перевода строки выводится специальный символ.
    
      11. 
    
    11. 
    Время ввода команды, показанное в журнале, соответствует времени 
    начала ввода командной строки, которое равно тому моменту, 
    когда на терминале появилось приглашение интерпретатора
    
      12. 
    
    12. 
    Имя терминала, на котором была введена команда, показано в специальном блоке.
    Этот блок показывается только в том случае, если терминал
    текущей команды отличается от терминала предыдущей.
    
      13. 
    
    13. 
    Вывод не интересующих вас в настоящий момент элементов журнала,
    таких как время, имя терминала и других, можно отключить.
    Для этого нужно воспользоваться формой управления журналом
    вверху страницы.
    
      14. 
    
    14. 
    Небольшие комментарии к командам можно вставлять прямо из командной строки.
    Комментарий вводится прямо в командную строку, после символов #^ или #v.
    Символы ^ и v показывают направление выбора команды, к которой относится комментарий:
    ^ - к предыдущей, v - к следующей.
    Например, если в командной строке было введено:

      $ whoami

      

      user

      

      $ #^ Интересно, кто я?

      
    в журнале это будет выглядеть так:
    

      $ whoami

      

      user

      

      

        Интересно, кто я?
       
       
    
      15. 
    
    15. 
    Если комментарий содержит несколько строк,
    его можно вставить в журнал следующим образом:

      $ whoami

      

      user

      

      $ cat > /dev/null #^ Интересно, кто я?

      

      Программа whoami выводит имя пользователя, под которым 
мы зарегистрировались в системе.
-
Она не может ответить на вопрос о нашем назначении 
в этом мире.

      
    В журнале это будет выглядеть так:

      

      


      $ whoami
      

      user

      

      Интересно, кто я?
      
Программа whoami выводит имя пользователя, под которым
      
мы зарегистрировались в системе.
      

      
Она не может ответить на вопрос о нашем назначении
      
в этом мире.
      

      
      		

      

      
    Для разделения нескольких абзацев между собой
    используйте символ "-", один в строке.
    
      

      16. 
    
    16. 
    Комментарии, не относящиеся непосредственно ни к какой из команд, 
    добавляются точно таким же способом, только вместо симолов #^ или #v 
    нужно использовать символы #=
    
      17. 

    
    17. 
    Содержимое файла может быть показано в журнале.
    Для этого его нужно вывести с помощью программы cat.
    Если вывод команды отметить симоволами #!, 
    содержимое файла будет показано в журнале
    в специально отведённой для этого секции.
    
      18. 

    
      
    
    18. 
    Для того чтобы вставить скриншот интересующего вас окна в журнал,
    нужно воспользоваться командой l3shot.
    После того как команда вызвана, нужно с помощью мыши выбрать окно, которое
    должно быть в журнале.
    
      19. 
    
      

    
      
    
    19. 
    Команды в журнале расположены в хронологическом порядке.
    Если две команды давались одна за другой, но на разных терминалах,
    в журнале они будут рядом, даже если они не имеют друг к другу никакого отношения.

      1
    2
3   
    4

      
    Группы команд, выполненных на разных терминалах, разделяются специальной линией.
    Под этой линией в правом углу показано имя терминала, на котором выполнялись команды.
    Для того чтобы посмотреть команды только одного сенса, 
    нужно щёкнуть по этому названию.
    
      20. 
    
      

    

    О программе
        
    
    LiLaLo (L3) расшифровывается как Live Lab Log.
    
    Программа разработана для повышения эффективности обучения Unix/Linux-системам.
    
    (c) Игорь Чубин, 2004-2008
    
    
    
$Id$