計算機設定/openssl - PukiWiki

計算機設定

Openssl (電子証明書の作成)

2008/01/31

サーバー証明書

  • 秘密鍵(と公開鍵)の作成
    openssl genrsa -des 1024 > key.pem
    openssl rsa -in key.pem -out private_key.pem
    chmod 600 private_key.pem
    rm key.pem
    • 秘密鍵をテキストファイルで見る
      openssl rsa -in private_key.pem -text
  • 申請書の作成 (公開鍵)
    ※ Common Name がサーバーホスト名と同じであることが必要.
    openssl req -new -key private_key.pem -out math_cert.pem
       Country Name (2 letter code) [AU]: JP
       State or Province Name (full name) [Some-State]: Fukuoka
       Locality Name (eg, city) []: Fukuoka
       Organization Name  : Kyushu University
       Organizational Unit Name : Faculty of Mathematics
       Common Name: www2.math.kyushu-u.ac.jp
       Email Address : mathematics@math.kyushu-u.ac.jp
         Please enter the following 'extra' attributes
         to be sent with your certificate request
       A challenge password []:. 
       An optional company name []:.
  • 証明書の作成 (電子署名) -- 自己署名
    openssl x509 -in math_cert.pem -out math_httpsd.pem 
           -req -days 3650 -signkey private_key.pem
    • 完成した電子証明書をテキストファイルで見る
      openssl x509 -in math_httpsd.pem -text
  • 認証局で電子署名

個人証明書

  • 秘密鍵の作成
    openssl genrsa -des 1024 > ym.pem
    openssl rsa -in ym.pem -out ym_private_key.pem
    chmod 600 ym_private_key.pem
    rm ym.pem
  • 申請書の作成
    openssl req -new -days 365 -key ym_private_key.pem -out ym_req.pem
     You are about to be asked to enter information that will be incorporated
     into your certificate request.
     What you are about to enter is what is called a Distinguished Name or a DN.
     There are quite a few fields but you can leave some blank
     For some fields there will be a default value,
     If you enter '.', the field will be left blank.
     -----
     Country Name (2 letter code) [AU]:JP
     State or Province Name (full name) [Some-State]:Fukuoka
     Locality Name (eg, city) []:Fukuoka
     Organization Name (eg, company) [Internet Widgits Pty Ltd]:Kyushu University
     Organizational Unit Name (eg, section) []:Faculty of Mathematics
     Common Name (eg, YOUR name) []:Yoshihiro Mizoguchi
     Email Address []:ym@math.kyushu-u.ac.jp
     Please enter the following 'extra' attributes to be sent with your certificate request
     A challenge password []:
     An optional company name []:
  • 秘密鍵と申請書を一度に作る
    openssl req -new -days 365 -newkey rsa:bits 
      -out sample_req.pem -keyout sample_key.pem
  • 証明書の作成 (電子署名) -- Webサーバの鍵で署名
    openssl x509 -req -days 365 -in ym_req.pem -CAkey private_key.pem
      -CA math_httpsd.pem -out ym_crt.pem -set_serial 101
  • 配布用pkcs12形式ファイルの作成
    openssl pkcs12 -export -in ym_crt.pem -inkey ym_private_key.pem
      -certfile  math_httpsd.pem -out ym.p12
     Enter Export Password:
     Verifying - Enter Export Password:

電子証明書の確認

  • HTTP over SSL
    openssl s_client -connect localhost:443 -showcerts
  • SMTP over SSL
    openssl s_client -connect localhost:465 -showcerts
    
    220 mail.math.kyushu-u.ac.jp ESMTP Postfix
  • IMAP over SSL
    openssl s_client -connect localhost:993 -showcerts
    
    * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT
     THREAD=REFERENCES SORT QUOTA IDLE AUTH=PLAIN ACL ACL2=UNION] Courier-IMAP ready.
     Copyright 1998-2005 Double Precision, Inc.  See COPYING for distribution information.
  • POP3 over SSL
    openssl s_client -connect localhost:995 -showcerts
    
    +OK Hello there.

計算機設定/(ymken)/openssl (内部資料)

Counter: 1683, today: 2, yesterday: 0

トップ   編集 凍結 差分 バックアップ 添付 複製 名前変更 リロード   新規 一覧 単語検索 最終更新   ヘルプ   最終更新のRSSPDF
Last-modified: 2011-03-24 (木) 04:22:44 (2985d)