Tag: Apache/オレオレ証明書でSSL
ファイル名 | 機能 |
server.key | 秘密鍵 (Private Key) |
server.csr | 証明書署名要求 (CSR) |
server.crt | サーバ証明書(CRT) |
# openssl genrsa 2048 > server.key
openssl req -new -key server.key > server.csr
Country Name (2 letter code) [XX]:JP State or Province Name (full name) []:Tokyo Locality Name (eg, city) [Default City]:Kanda,Chiyoda-ku Organization Name (eg, company) [Default Company Ltd]:Akihabara Inc. Organizational Unit Name (eg, section) []:Akihabara Development Division Common Name (eg, your name or your server's hostname) []:akihabara.development.com Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
openssl x509 -in server.csr -days 365 -req -signkey server.key > server.crt
DocumentRoot "/home/swww" SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /etc/httpd/conf/keys/server.crt SSLCertificateKeyFile /etc/httpd/conf/keys/server.key
openssl genrsa -out client.key 1024
openssl req -new -key client.key -out client.csr -sha1
openssl x509 -in client.pem -out client.crt -req -signkey client.key -days 365 -sha1
openssl pkcs12 -export -inkey server.key -in server.crt -out server.p12