#重新建立ca.crt後，重新執行，生成成功
[[email protected] ca]# openssl ca -in ../server.csr -out ../server.crt -cert ca.crt -keyfile ca.key 
Using configuration from /etc/pki/tls/openssl.cnf 
Enter pass phrase for ca.key: 
Check that the request matches the signature 
Signature ok 
Certificate Details: 
Serial Number: 0 (0x0) 
Validity 
Not Before: May 22 08:16:25 2015 GMT 
Not After : May 21 08:16:25 2016 GMT 
Subject: 
countryName = CN 
stateOrProvinceName = bj 
organizationName = homelink 
organizationalUnitName = homelink-lft 
commonName = lft 
X509v3 extensions: 
X509v3 Basic Constraints: 
CA:FALSE 
Netscape Comment: 
OpenSSL Generated Certificate 
X509v3 Subject Key Identifier: 
00:2C:34:0A:73:5C:1A:E6:39:48:28:6F:8F:02:F6:BC:58:6F:25:55 
X509v3 Authority Key Identifier: 
keyid:83:70:9D:4E:3F:39:01:3E:7A:CE:B9:2B:0E:1A:FB:00:2A:C3:11:D9 

Certificate is to be certified until May 21 08:16:25 2016 GMT (365 days) 
Sign the certificate? [y/n]:y 


1 out of 1 certificate requests certified, commit? [y/n]y 
Write out database with 1 new entries 
Data Base Updated 
[

[email protected] ca]# ls -lrt 
total 8 
-rw-r--r-- 1 root root 963 May 22 14:39 ca.key 
-rw-r--r-- 1 root root 944 May 22 16:16 ca.crt 
[[email protected] ca]# ls -lrt .. 
total 28 
-rw-r--r-- 1 root root 963 May 22 13:51 server.key 
-rw-r--r-- 1 root root 672 May 22 13:52 server.csr 
-rw-r--r-- 1 root root 963 May 22 14:36 client.key 
-rw-r--r-- 1 root root 672 May 22 14:37 client.csr 
drwxr-xr-x 2 root root 4096 May 22 14:40 ca 
-rw-r--r-- 1 root root 238 May 22 15:07 readme.txt 
-rw-r--r-- 1 root root 3036 May 22 16:16 server.crt