秘密鍵の作成
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
# cd /etc/httpd/conf/ssl # openssl md5 * > rand.dat # openssl genrsa -rand rand.dat -des3 2048 > 20170328-sslexample.com_r1.key 441 semi-random bytes loaded Generating RSA private key, 2048 bit long modulus ................................................................................................+++ ...................................................+++ e is 65537 (0x10001) Enter pass phrase:sslexample0721←入力 Verifying - Enter pass phrase:sslexample0511←入力 |
パスフレーズを秘密鍵から除去
1 2 3 4 |
# openssl rsa -in 20170328-sslexample.com_r1.key -out 20170328-sslexample.com_r1.key Enter pass phrase for 20170217-sslexamplehealthcare.com-server.key:sslexample0511 writing RSA key |
CSR発行
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
# openssl req -utf8 -new -key 20170328-sslexample.com_r1.key -out 20170328-sslexample.com_r1.csr 1325 semi-random bytes loaded Generating RSA private key, 2048 bit long modulus ....................+++ ........+++ e is 65537 (0x10001) Enter pass phrase: Verifying - Enter pass phrase: You have mail in /var/spool/mail/root [root@sslexample ssl]# openssl rsa -in 20170328-sslexample.com_r1.key -out 20170328-sslexample.com_r1.key Enter pass phrase for 20170328-sslexample.com_r1.key: writing RSA key [root@sslexample ssl]# openssl req -utf8 -new -key 20170328-sslexample.com_r1.key -out 20170328-sslexample.com_r1.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:JP State or Province Name (full name) []:Tokyo Locality Name (eg, city) [Default City]:Nakano-ku Organization Name (eg, company) [Default Company Ltd]:sslexample Co., Ltd. Organizational Unit Name (eg, section) []:Management Department Common Name (eg, your name or your server's hostname) []:www.sslexample.com Email Address []:postmaster@example.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: |
ここポイント wwwありなしの証明書にしたい場合はwww.ドメインの形でCommon Na …