「ほっ」と。キャンペーン

What Would Jesus Do?

独自CAを利用してSSL証明書を作成2

前回CSRを作成しましたので、今回はCAの作成方法を書きます。


・CA用秘密鍵の作成
[root@ip-10-150-175-70 SAGYO]# openssl genrsa -des3 -out ca.key -rand rand.dat 2048
2738 semi-random bytes loaded
Generating RSA private key, 2048 bit long modulus
....+++
...................................................................+++
Enter pass phrase for ca.key: ←パスフレーズ
Verifying - Enter pass phrase for ca.key: ←パスフレーズ


・CA用証明書の作成
[root@ip-10-150-175-70 SAGYO]# openssl req -new -x509 -days 365 -key ca.key -out ca.crt
Enter pass phrase for ca.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:JP ←国名
State or Province Name (full name) [Berkshire]:Tokyo ←都道府県
Locality Name (eg, city) [Newbury]:Minato-ku ←市町村 
Organization Name (eg, company) [My Company Ltd]:IRET ←会社名
Organizational Unit Name (eg, section) []:cloudpack ←部門
Common Name (eg, your name or your server's hostname) []:ssl.cloudpack.jp ←サーバ名
Email Address []:


サーバ用証明書の作成はmod_sslのsign.shを利用します。
(9/12時点での最新版は2.8.31-1.3.41)になります。

wget http://www.modssl.org/source/mod_ssl-2.8.31-1.3.41.tar.gz


・サーバ用証明書の作成
[root@ip-10-150-175-70 SAGYO]# ./mod_ssl-2.8.31-1.3.41/pkg.contrib/sign.sh secure.cimacoppi.biz.csr
CA signing: secure.cimacoppi.biz.csr -> secure.cimacoppi.biz.crt:
Using configuration from ca.config
Enter pass phrase for ./ca.key:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'JP'
stateOrProvinceName :PRINTABLE:'Tokyo'
localityName :PRINTABLE:'Minato-ku'
organizationName :PRINTABLE:'Umiyama inc'
organizationalUnitName:PRINTABLE:'support'
commonName :PRINTABLE:'secure.cimacoppi.biz'
Certificate is to be certified until Sep 11 04:18:16 2012 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
CA verifying: secure.cimacoppi.biz.crt <-> CA cert
secure.cimacoppi.biz.crt: OK

実際に作成されたファイルは下記になります。

・CA用証明書
a0173028_17331087.jpg


・サーバ用証明書
a0173028_17333877.jpg

[PR]



by cimacoppi | 2011-09-12 17:35 | Linux

クラウド・ノイズ
by cimacoppi
プロフィールを見る
画像一覧

検索

最新の記事

mod_line_editを..
at 2012-12-14 22:25
nagiosでOracleの..
at 2012-12-13 12:25
s3cmdでmultipar..
at 2012-12-06 15:59
tcpservr をssl化する
at 2012-03-10 21:50
telnetコマンドでpop..
at 2012-03-06 15:59

最新のトラックバック

ファン

ブログジャンル

画像一覧