{"id":1668,"date":"2006-05-29T13:50:01","date_gmt":"2006-05-29T04:50:01","guid":{"rendered":"http:\/\/www.sssg.org\/blogs\/hiro345\/archives\/1668.html"},"modified":"2006-05-29T13:53:52","modified_gmt":"2006-05-29T04:53:52","slug":"openssl","status":"publish","type":"post","link":"https:\/\/www.hiro345.net\/blogs\/hiro345\/archives\/1668.html","title":{"rendered":"OpenSSL"},"content":{"rendered":"<p>\nFedora Core 5 \u3067\u306f\u3000\/etc\/pki\/\u3000\u306b\u8a3c\u660e\u66f8\u95a2\u4fc2\u306e\u30d5\u30a1\u30a4\u30eb\u306f\u914d\u7f6e\u3055\u308c\u308b\u3088\u3046\u3067\u3059\u3002\u3053\u3053\u3067\u306f\u3001OpenSSL\u306b\u3088\u308b\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u306e\u767a\u884c\u306e\u624b\u9806\u3092\u307e\u3068\u3081\u3066\u307f\u307e\u3057\u305f\u3002\n<\/p>\n<h4>\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u7f72\u540d\u8981\u6c42\u3068\u79d8\u5bc6\u9375\u306e\u4f5c\u6210<\/h4>\n<p>\n\u3000\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3066\uff0c\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u7f72\u540d\u8981\u6c42(csr.pem)\u3068\u79d8\u5bc6\u9375(privkey.pem)\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<br \/>\n<code><br \/>\n  # openssl req -new -out csr.pem<br \/>\n<\/code>\n<\/p>\n<p>\n\u3000\u4f5c\u6210\u306b\u3042\u305f\u3063\u3066\u306f\u4e0b\u8a18\u306e\u9805\u76ee\u306b\u3064\u3044\u3066\u6c7a\u3081\u3066\u304a\u304f\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002\u3044\u304f\u3064\u304b\u306f\u7701\u7565\u53ef\u80fd\u306a\u306e\u3067\u305d\u306e\u307e\u307e\u30a8\u30f3\u30bf\u30fc\u30ad\u30fc\u3092\u62bc\u4e0b\u3059\u308b\u3053\u3068\u306b\u3057\u307e\u3059\u3002<\/p>\n<ul>\n<li>pass phrase:changeit<\/li>\n<li>Country Name (2 letter code) [GB]:JP<\/li>\n<li>State or Province Name (full name) [Berkshire]:Tokyo<\/li>\n<li>Locality Name (eg, city) [Newbury]:Ueno<\/li>\n<li>Organization Name (eg, company) [My Company Ltd]:sssg<\/li>\n<li>Organizational Unit Name (eg, section) [ ]:<\/li>\n<li>Common Name (eg, your name or your server&#8217;s hostname) [ ]:192.168.0.1<\/li>\n<li>Email Address [ ]:<\/li>\n<li>A challenge password [ ]:<\/li>\n<li>An optional company name [ ]:<\/li>\n<\/ul>\n<p>\n\u3000\u958b\u767a\u3067\u5229\u7528\u3059\u308b\u5834\u5408\u306b\u306f\u3001\u79d8\u5bc6\u9375(privkey.pem)\u304b\u3089\uff0c\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba\u3092\u524a\u9664\u3057\u305f\u79d8\u5bc6\u9375(server.key)\u304c\u6b32\u3057\u3044\u3053\u3068\u3082\u3042\u308b\u3067\u3057\u3087\u3046\u3002\u305d\u306e\u5834\u5408\u306f\u6b21\u306e\u3088\u3046\u306b\u3057\u307e\u3059\u3002\u3069\u3061\u3089\u306e\u30d5\u30a1\u30a4\u30eb\u3082\u79d8\u5bc6\u9375\u306e\u30d5\u30a1\u30a4\u30eb\u3068\u3057\u3066\u4f7f\u3046\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<br \/>\n<code><br \/>\n # openssl rsa -in privkey.pem \\<br \/>\n  -out \/etc\/pki\/tls\/private\/server.key<br \/>\n<\/code>\n<\/p>\n<h4>\u81ea\u5df1\u8a8d\u8a3c\u5c40\uff08\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8CA\uff09\u306e\u69cb\u7bc9<\/h4>\n<p>\n\u81ea\u5df1\u8a8d\u8a3c\u5c40\uff08\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8CA\uff09\u3092\u69cb\u7bc9\u3059\u308b\u306b\u306f\u3001\u6b21\u306e\u3088\u3046\u306a\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u307e\u3059\u3002\u6700\u521d\u306b\u4f5c\u6210\u3059\u308b\u30d5\u30a1\u30a4\u30eb\u540d\u3092\u6307\u5b9a\u3059\u308b\u30d7\u30ed\u30f3\u30d7\u30c8\u304c\u3067\u307e\u3059\u304c\u3001\u6307\u5b9a\u3057\u306a\u3044\u306e\u306a\u3089\u305d\u306e\u307e\u307e\u30a8\u30f3\u30bf\u30fc\u30ad\u30fc\u3092\u62bc\u4e0b\u3057\u307e\u3059\u3002\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u306f\u30ab\u30ec\u30f3\u30c8\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306b\u30d5\u30a1\u30a4\u30eb\u306f\u3067\u304d\u3042\u304c\u308a\u307e\u3059\u3002\u300c\/etc\/pki\/CA\u300d\u306a\u3069\u3078\u4f5c\u6210\u3057\u3066\u3082\u3044\u3044\u3067\u3057\u3087\u3046\u3002\n<\/p>\n<p><code><br \/>\n  # \/etc\/pki\/tls\/misc\/CA -newca<br \/>\n<\/code><\/p>\n<p>\n\u3000\u69cb\u7bc9\u306b\u3042\u305f\u3063\u3066\u306f\u4e0b\u8a18\u306e\u9805\u76ee\u306b\u3064\u3044\u3066\u6c7a\u3081\u3066\u304a\u304f\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002\u3044\u304f\u3064\u304b\u306f\u7701\u7565\u53ef\u80fd\u306a\u306e\u3067\u305d\u306e\u307e\u307e\u30a8\u30f3\u30bf\u30fc\u30ad\u30fc\u3092\u62bc\u4e0b\u3059\u308b\u3053\u3068\u306b\u3057\u307e\u3059\u3002CA\u306e\u69cb\u7bc9\u524d\u306b\u30c7\u30d5\u30a9\u30eb\u30c8\u8a2d\u5b9a\u5024\u3092\u5909\u66f4\u3057\u305f\u3044\u5834\u5408\u306f\/etc\/pki\/tls\/openssl.cnf\u3092\u7de8\u96c6\u3057\u307e\u3059\u3002\u305f\u3068\u3048\u3070\u3001\u6709\u52b9\u671f\u9593\u309230\u65e5\u306b\u6307\u5b9a\u3059\u308b\u306b\u306f\u300c default_days = 30 \u300d\u306e\u3088\u3046\u306b\u3057\u307e\u3059\u3002<\/p>\n<ul>\n<li>pass phrase:changeit<\/li>\n<li>Country Name (2 letter code) [GB]:JP<\/li>\n<li>State or Province Name (full name) [Berkshire]:Tokyo<\/li>\n<li>Locality Name (eg, city) [Newbury]:Ueno<\/li>\n<li>Organization Name (eg, company) [My Company Ltd]:sssg<\/li>\n<li>Organizational Unit Name (eg, section) [ ]:<\/li>\n<li>Common Name (eg, your name or your server&#8217;s hostname) [ ]:192.168.0.1<\/li>\n<li>Email Address [ ]:<\/li>\n<li>A challenge password [ ]:<\/li>\n<li>An optional company name [ ]:<\/li>\n<\/ul>\n<h4>\u30b5\u30fc\u30d0\u30fc\u8a3c\u660e\u66f8\u306e\u4f5c\u6210<\/h4>\n<p>\n\u3000\u81ea\u5df1\u8a8d\u8a3c\u5c40\u3092\u69cb\u7bc9\u3059\u308b\u3068\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u7f72\u540d\u8981\u6c42(csr.pem)\u304b\u3089\u3001\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u3092\u4f5c\u6210\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002\u305f\u3060\u3057\u3001\u3053\u3053\u3067\u306f\u81ea\u5df1\u8a8d\u8a3c\u5c40\u3092\u4f7f\u3063\u3066\u7f72\u540d\u3092\u3059\u308b\u305f\u3081\u3001\u81ea\u5df1\u7f72\u540d\u8a3c\u660e\u66f8\u306b\u306a\u308a\u307e\u3059\u3002<br \/>\n<code><br \/>\n  # openssl ca -out \/etc\/pki\/tls\/certs\/server.crt \\<br \/>\n     -infiles csr.pem<br \/>\n<\/code><\/p>\n<p>\u3000\u4f5c\u6210\u3057\u305f\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u306e\u30d5\u30a3\u30f3\u30ac\u30fc\u30d7\u30ea\u30f3\u30c8\u306f\u6b21\u306e\u30b3\u30de\u30f3\u30c9\u3067\u8868\u793a\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<br \/>\n<code><br \/>\n  # openssl x509 -fingerprint -noout \\<br \/>\n    -in \/etc\/pki\/tls\/certs\/server.crt<br \/>\n<\/code><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Fedora Core 5 \u3067\u306f\u3000\/etc\/pki\/\u3000\u306b\u8a3c\u660e\u66f8\u95a2\u4fc2\u306e\u30d5\u30a1\u30a4\u30eb\u306f\u914d\u7f6e\u3055\u308c\u308b\u3088\u3046\u3067\u3059\u3002\u3053\u3053\u3067\u306f\u3001OpenSSL\u306b\u3088\u308b\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u306e\u767a\u884c\u306e\u624b\u9806\u3092\u307e\u3068\u3081\u3066\u307f\u307e\u3057\u305f\u3002 \u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u7f72\u540d\u8981\u6c42\u3068\u79d8\u5bc6\u9375\u306e\u4f5c\u6210 \u3000\u30b3\u30de\u30f3\u30c9 &hellip; <a href=\"https:\/\/www.hiro345.net\/blogs\/hiro345\/archives\/1668.html\">\u7d9a\u304d\u3092\u8aad\u3080 <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-1668","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/posts\/1668","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/comments?post=1668"}],"version-history":[{"count":0,"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/posts\/1668\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/media?parent=1668"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/categories?post=1668"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/tags?post=1668"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}