Linux Memo/Openssl
をテンプレートにして作成
[
トップ
] [
新規
|
一覧
|
検索
|
最終更新
|
ヘルプ
]
開始行:
*Openssl [#ibe0ab75]
RIGHT:更新日&lastmod();
Vine4.xでrpmインストールされたOpnesslでApache等で使用する...
**認証局の作成 [#hd57e44a]
# cd root
# mkdir sslfiles
# cd sslfiles
# /usr/share/ssl/misc/CA -newca
CA certificate filename (or enter to create) <== Enter
Making CA certificate ...
Generating a 1024 bit RSA private key
.............++++++
...............................................++++++
writing new private key to './demoCA/private/./cakey.pem'
Enter PEM pass phrase:****** <===(1)
Verifying - Enter PEM pass phrase: ****** <==(1)と同じ...
-----
You are about to be asked to enter information that will...
into your certificate request.
What you are about to enter is what is called a Distingu...
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:JA
State or Province Name (full name) [Some-State]:XXX Pref
Locality Name (eg, city) []:XXX City
Organization Name (eg, company) [Internet Widgits Pty Lt...
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:wwwism.dyndns.org
Email Address []:xxxx@wwwism.dyndns.org
''作成されファイルの確認''
# ls
demoCA/
# ls -l demoCA/
合計 24
-rw-r--r-- 1 root root 1257 3月12日 09:47 cacert.pem
drwxr-xr-x 2 root root 4096 3月12日 09:46 certs/
drwxr-xr-x 2 root root 4096 3月12日 09:46 crl/
-rw-r--r-- 1 root root 0 3月12日 09:46 index.txt
drwxr-xr-x 2 root root 4096 3月12日 09:46 newcerts/
drwxr-xr-x 2 root root 4096 3月12日 09:46 private/
-rw-r--r-- 1 root root 3 3月12日 09:46 serial
# ls -l demoCA/newcerts
合計 0
**サーバーキーの作成(秘密キー)の作成 [#o5b2c7d8]
# /usr/share/ssl/misc/CA -newreq
Generating a 1024 bit RSA private key
....++++++
......++++++
writing new private key to 'newkey.pem'
Enter PEM pass phrase: ****** <==まぎらわしいので(1)と同じ
Verifying - Enter PEM pass phrase: ****** 上と同じ
-----
You are about to be asked to enter information that will...
into your certificate request.
What you are about to enter is what is called a Distingu...
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:JA
State or Province Name (full name) [Some-State]:XXX Pref
Locality Name (eg, city) []:XXX City
Organization Name (eg, company) [Internet Widgits Pty Lt...
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:wwwism.dyndns.org
Email Address []:xxxx@wwwism.dyndns.org
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: <=== Enter
An optional company name []: <=== Enter
Request is in newreq.pem, private key is in newkey.pem
これで&color(red){''newkey.pemという秘密キー''};が作成さ...
''作成されたファイルの確認''
# ls
demoCA/ newkey.pem newreq.pem
# ls -l demoCA/
合計 24
-rw-r--r-- 1 root root 1257 3月12日 09:47 cacert.pem
drwxr-xr-x 2 root root 4096 3月12日 09:46 certs/
drwxr-xr-x 2 root root 4096 3月12日 09:46 crl/
-rw-r--r-- 1 root root 0 3月12日 09:46 index.txt
drwxr-xr-x 2 root root 4096 3月12日 09:46 newcerts/ <==...
drwxr-xr-x 2 root root 4096 3月12日 09:46 private/
-rw-r--r-- 1 root root 3 3月12日 09:46 serial
**公開キーの作成 [#x0cb4642]
# /usr/share/ssl/misc/CA -sign
Using configuration from /usr/share/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem: ***** ...
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Mar 12 00:36:31 2007 GMT
Not After : Mar 11 00:36:31 2008 GMT
Subject:
countryName = JA
stateOrProvinceName = XXX Pref
localityName = XXX City
organizationName = JE2ISM
commonName = wwwism.dyndns.org
emailAddress = xxxx@wwwism.dynd...
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
C3:07:A3:D8:87:F1:**:E5:**:**:**:AF:41:1...
X509v3 Authority Key Identifier:
keyid:**:33:1B:D4:**:**:**:**:5B:34:70:*...
DirName:/C=JA/ST=Mie Pref/L=Ise/O=JE2ISM...
serial:88:48:11:5C:D1:55:6B:8B
Certificate is to be certified until Mar 11 00:36:31 200...
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=JA, ST=Mie Pref, L=Ise, O=JE2ISM, CN=w...
Validity
Not Before: Mar 12 00:36:31 2007 GMT
Not After : Mar 11 00:36:31 2008 GMT
Subject: C=JA, ST=Mie Pref, L=Ise, O=JE2ISM, CN=...
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:bc:fb:0e:f0:f5:0f:3d:1f:41:c5:e7:...
9b:d9:6a:13:34:dc:56:cc:b3:e6:88:1c:...
(略)
fa:87:b9:8f:df:69:d2:e9:0a:2c:5c:d2:...
08:d6:16:76:df:bb:6e:b5:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
C3:07:A3:**:**:F1:6A:E5:**:26:**:**:**:4...
X509v3 Authority Key Identifier:
keyid:**:**:**:D4:0B:**:64:**:**:**:**:*...
DirName:/C=JA/ST=Mie Pref/L=Ise/O=JE2ISM...
serial:88:48:11:5C:D1:55:6B:8B
Signature Algorithm: md5WithRSAEncryption
69:be:bc:46:06:93:bb:15:0f:ab:ed:70:5d:39:bb:1e:...
d4:9e:33:72:4a:d2:90:1c:92:a5:cf:c2:a2:09:84:8a:...
(略)
d7:0c
-----BEGIN CERTIFICATE-----
MIIDlzCCAwCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBgzELMAkGA1UE...
(略)
ckrSkBySpc/CogmEioQ5xMADXevfCgYnayp1whrFTSmgrfZiD9H9fVM4...
Z9U86AOVwih2ScesIwXywGuGhycAo54vfNSmZjNBYHIpTdsb11QxWHPe...
XZGUk0XbMDya1ww=
-----END CERTIFICATE-----
Signed certificate is in newcert.pem
作成された&color(red){''公開キーファイルはnewcert.pem''};
''作成されファイルの確認''
# ls
demoCA/ newcert.pem newkey.pem newreq.pem
***再度公開キー作成には [#rfb260b8]
# rm newcert.pem
# cd demoCA
# rm index.txt.attr
# mv index.txt.old index.txt
***Apache起動時にパスワードを聞かれないようにするには [#t...
# openssl rsa -in newkey.pem -out site.key
Enter pass phrase for newkey.pem: ***** <==(1)と同じパス...
writing RSA key
パスワード解除された''秘密キーファイルはsite.key''
**Apacheに登録 [#s40e08e5]
作成したファイルをApacheにコピーして再起動
# cd /usr/local/apache2/conf
''サーバキー(秘密キー)''
# mkdir ssl.key
# cp ~/sslfiles/newkey.pem(or site.key) ssl.key/server.k...
# chmod go-r ssl.key/server.key
''公開キー''
# cp ~/sslfiles/newcert.pem ssl.crt/server.crt
# chmod go-r ssl.crt/server.crt
終了行:
*Openssl [#ibe0ab75]
RIGHT:更新日&lastmod();
Vine4.xでrpmインストールされたOpnesslでApache等で使用する...
**認証局の作成 [#hd57e44a]
# cd root
# mkdir sslfiles
# cd sslfiles
# /usr/share/ssl/misc/CA -newca
CA certificate filename (or enter to create) <== Enter
Making CA certificate ...
Generating a 1024 bit RSA private key
.............++++++
...............................................++++++
writing new private key to './demoCA/private/./cakey.pem'
Enter PEM pass phrase:****** <===(1)
Verifying - Enter PEM pass phrase: ****** <==(1)と同じ...
-----
You are about to be asked to enter information that will...
into your certificate request.
What you are about to enter is what is called a Distingu...
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:JA
State or Province Name (full name) [Some-State]:XXX Pref
Locality Name (eg, city) []:XXX City
Organization Name (eg, company) [Internet Widgits Pty Lt...
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:wwwism.dyndns.org
Email Address []:xxxx@wwwism.dyndns.org
''作成されファイルの確認''
# ls
demoCA/
# ls -l demoCA/
合計 24
-rw-r--r-- 1 root root 1257 3月12日 09:47 cacert.pem
drwxr-xr-x 2 root root 4096 3月12日 09:46 certs/
drwxr-xr-x 2 root root 4096 3月12日 09:46 crl/
-rw-r--r-- 1 root root 0 3月12日 09:46 index.txt
drwxr-xr-x 2 root root 4096 3月12日 09:46 newcerts/
drwxr-xr-x 2 root root 4096 3月12日 09:46 private/
-rw-r--r-- 1 root root 3 3月12日 09:46 serial
# ls -l demoCA/newcerts
合計 0
**サーバーキーの作成(秘密キー)の作成 [#o5b2c7d8]
# /usr/share/ssl/misc/CA -newreq
Generating a 1024 bit RSA private key
....++++++
......++++++
writing new private key to 'newkey.pem'
Enter PEM pass phrase: ****** <==まぎらわしいので(1)と同じ
Verifying - Enter PEM pass phrase: ****** 上と同じ
-----
You are about to be asked to enter information that will...
into your certificate request.
What you are about to enter is what is called a Distingu...
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:JA
State or Province Name (full name) [Some-State]:XXX Pref
Locality Name (eg, city) []:XXX City
Organization Name (eg, company) [Internet Widgits Pty Lt...
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:wwwism.dyndns.org
Email Address []:xxxx@wwwism.dyndns.org
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: <=== Enter
An optional company name []: <=== Enter
Request is in newreq.pem, private key is in newkey.pem
これで&color(red){''newkey.pemという秘密キー''};が作成さ...
''作成されたファイルの確認''
# ls
demoCA/ newkey.pem newreq.pem
# ls -l demoCA/
合計 24
-rw-r--r-- 1 root root 1257 3月12日 09:47 cacert.pem
drwxr-xr-x 2 root root 4096 3月12日 09:46 certs/
drwxr-xr-x 2 root root 4096 3月12日 09:46 crl/
-rw-r--r-- 1 root root 0 3月12日 09:46 index.txt
drwxr-xr-x 2 root root 4096 3月12日 09:46 newcerts/ <==...
drwxr-xr-x 2 root root 4096 3月12日 09:46 private/
-rw-r--r-- 1 root root 3 3月12日 09:46 serial
**公開キーの作成 [#x0cb4642]
# /usr/share/ssl/misc/CA -sign
Using configuration from /usr/share/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem: ***** ...
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Mar 12 00:36:31 2007 GMT
Not After : Mar 11 00:36:31 2008 GMT
Subject:
countryName = JA
stateOrProvinceName = XXX Pref
localityName = XXX City
organizationName = JE2ISM
commonName = wwwism.dyndns.org
emailAddress = xxxx@wwwism.dynd...
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
C3:07:A3:D8:87:F1:**:E5:**:**:**:AF:41:1...
X509v3 Authority Key Identifier:
keyid:**:33:1B:D4:**:**:**:**:5B:34:70:*...
DirName:/C=JA/ST=Mie Pref/L=Ise/O=JE2ISM...
serial:88:48:11:5C:D1:55:6B:8B
Certificate is to be certified until Mar 11 00:36:31 200...
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=JA, ST=Mie Pref, L=Ise, O=JE2ISM, CN=w...
Validity
Not Before: Mar 12 00:36:31 2007 GMT
Not After : Mar 11 00:36:31 2008 GMT
Subject: C=JA, ST=Mie Pref, L=Ise, O=JE2ISM, CN=...
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:bc:fb:0e:f0:f5:0f:3d:1f:41:c5:e7:...
9b:d9:6a:13:34:dc:56:cc:b3:e6:88:1c:...
(略)
fa:87:b9:8f:df:69:d2:e9:0a:2c:5c:d2:...
08:d6:16:76:df:bb:6e:b5:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
C3:07:A3:**:**:F1:6A:E5:**:26:**:**:**:4...
X509v3 Authority Key Identifier:
keyid:**:**:**:D4:0B:**:64:**:**:**:**:*...
DirName:/C=JA/ST=Mie Pref/L=Ise/O=JE2ISM...
serial:88:48:11:5C:D1:55:6B:8B
Signature Algorithm: md5WithRSAEncryption
69:be:bc:46:06:93:bb:15:0f:ab:ed:70:5d:39:bb:1e:...
d4:9e:33:72:4a:d2:90:1c:92:a5:cf:c2:a2:09:84:8a:...
(略)
d7:0c
-----BEGIN CERTIFICATE-----
MIIDlzCCAwCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBgzELMAkGA1UE...
(略)
ckrSkBySpc/CogmEioQ5xMADXevfCgYnayp1whrFTSmgrfZiD9H9fVM4...
Z9U86AOVwih2ScesIwXywGuGhycAo54vfNSmZjNBYHIpTdsb11QxWHPe...
XZGUk0XbMDya1ww=
-----END CERTIFICATE-----
Signed certificate is in newcert.pem
作成された&color(red){''公開キーファイルはnewcert.pem''};
''作成されファイルの確認''
# ls
demoCA/ newcert.pem newkey.pem newreq.pem
***再度公開キー作成には [#rfb260b8]
# rm newcert.pem
# cd demoCA
# rm index.txt.attr
# mv index.txt.old index.txt
***Apache起動時にパスワードを聞かれないようにするには [#t...
# openssl rsa -in newkey.pem -out site.key
Enter pass phrase for newkey.pem: ***** <==(1)と同じパス...
writing RSA key
パスワード解除された''秘密キーファイルはsite.key''
**Apacheに登録 [#s40e08e5]
作成したファイルをApacheにコピーして再起動
# cd /usr/local/apache2/conf
''サーバキー(秘密キー)''
# mkdir ssl.key
# cp ~/sslfiles/newkey.pem(or site.key) ssl.key/server.k...
# chmod go-r ssl.key/server.key
''公開キー''
# cp ~/sslfiles/newcert.pem ssl.crt/server.crt
# chmod go-r ssl.crt/server.crt
ページ名:
![[PukiWiki]](image/../localimages/Atom.gif "[PukiWiki]")
