独自認証局を作成する

独自認証局を作成する手順例。

確認環境
  • Debian(etch)
  • openssl 0.9.8c-4etch4
手順
認証局用のディレクトリ及びファイルを作成
~# cd
~# pwd
/root
~# mkdir -p demoCA
~# mkdir -p demoCA/certs
~# mkdir -p demoCA/private
~# mkdir -p demoCA/crl
~# mkdir -p demoCA/newcerts
~# echo "01" > ./demoCA/seria
~# touch ./demoCA/index.txt
認証局証明書と秘密鍵を作成
~#  openssl req -new -x509 -newkey rsa:2048 -out ./demoCA/cacert.pem -keyout ./demoCA/private/cakey.pem -days 1825
...
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
...
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:KANTO
Locality Name (eg, city) []:KANAGAWA
Organization Name (eg, company) [Internet Widgits Pty Ltd]:NONE
Organizational Unit Name (eg, section) []:NONE
Common Name (eg, YOUR name) []:www33.atwiki.jp/nekonoshin
Email Address []:NONE
認証局証明書の確認
~# openssl x509 -in ./demoCA/cacert.pem -text
認証局の証明書をブラウザが読み込める形式に変更する
~# openssl x509 -inform PEM -outform DER -in ./demoCA/cacert.pem -out ./demoCA/cacert.der

コメント