HTTPS/SSL | 優技録

秘密鍵の作成

# cd /etc/httpd/conf/ssl

# openssl md5 * > rand.dat

# openssl genrsa -rand rand.dat -des3 2048 > 20170328-sslexample.com_r1.key


441 semi-random bytes loaded
Generating RSA private key, 2048 bit long modulus
................................................................................................+++
...................................................+++
e is 65537 (0x10001)
Enter pass phrase:sslexample0721←入力
Verifying - Enter pass phrase:sslexample0511←入力

# cd /etc/httpd/conf/ssl

# openssl md5 * > rand.dat

# openssl genrsa -rand rand.dat -des3 2048 > 20170328-sslexample.com_r1.key

441 semi-random bytes loaded

Generating RSA private key, 2048 bit long modulus

................................................................................................+++

...................................................+++

e is 65537 (0x10001)

Enter pass phrase:sslexample0721←入力

Verifying - Enter pass phrase:sslexample0511←入力

パスフレーズを秘密鍵から除去

# openssl rsa -in 20170328-sslexample.com_r1.key -out 20170328-sslexample.com_r1.key

Enter pass phrase for 20170217-sslexamplehealthcare.com-server.key:sslexample0511
writing RSA key

# openssl rsa -in 20170328-sslexample.com_r1.key -out 20170328-sslexample.com_r1.key

Enter pass phrase for 20170217-sslexamplehealthcare.com-server.key:sslexample0511

writing RSA key

CSR発行

# openssl req -utf8 -new -key 20170328-sslexample.com_r1.key -out 20170328-sslexample.com_r1.csr

1325 semi-random bytes loaded
Generating RSA private key, 2048 bit long modulus
....................+++
........+++
e is 65537 (0x10001)
Enter pass phrase:
Verifying - Enter pass phrase:
You have mail in /var/spool/mail/root
[root@sslexample ssl]# openssl rsa -in 20170328-sslexample.com_r1.key -out 20170328-sslexample.com_r1.key
Enter pass phrase for 20170328-sslexample.com_r1.key:
writing RSA key
[root@sslexample ssl]# openssl req -utf8 -new -key 20170328-sslexample.com_r1.key -out 20170328-sslexample.com_r1.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:JP
State or Province Name (full name) []:Tokyo
Locality Name (eg, city) [Default City]:Nakano-ku
Organization Name (eg, company) [Default Company Ltd]:sslexample Co., Ltd.
Organizational Unit Name (eg, section) []:Management Department
Common Name (eg, your name or your server's hostname) []:www.sslexample.com
Email Address []:postmaster@example.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

# openssl req -utf8 -new -key 20170328-sslexample.com_r1.key -out 20170328-sslexample.com_r1.csr

1325 semi-random bytes loaded

Generating RSA private key, 2048 bit long modulus

....................+++

........+++

e is 65537 (0x10001)

Enter pass phrase:

Verifying - Enter pass phrase:

You have mail in /var/spool/mail/root

[root@sslexample ssl]# openssl rsa -in 20170328-sslexample.com_r1.key -out 20170328-sslexample.com_r1.key

Enter pass phrase for 20170328-sslexample.com_r1.key:

writing RSA key

[root@sslexample ssl]# openssl req -utf8 -new -key 20170328-sslexample.com_r1.key -out 20170328-sslexample.com_r1.csr

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:JP

State or Province Name (full name) []:Tokyo

Locality Name (eg, city) [Default City]:Nakano-ku

Organization Name (eg, company) [Default Company Ltd]:sslexample Co., Ltd.

Organizational Unit Name (eg, section) []:Management Department

Common Name (eg, your name or your server's hostname) []:www.sslexample.com

Email Address []:postmaster@example.com

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

ここポイント wwwありなしの証明書にしたい場合はwww.ドメインの形でCommon Na …

の続きを読む

優技録

タグ: HTTPS/SSL

SSL証明書適用 Apache2.2系 CentOS6