os: ubuntu 16.04
사전 요구 사항: ROOT CA 키 발급이 되어 있어야 함
개인키
1.
1 2 | # mkdir -p /etc/pki/tls/private | cs |
2.
1 2 3 4 5 6 7 8 | # openssl genrsa -aes256 -out /etc/pki/tls/private/server.key 2048 Generating RSA private key, 2048 bit long modulus .......................................................................+++ .......................................+++ e is 65537 (0x10001) Enter pass phrase for /etc/pki/tls/private/server.key: Verifying - Enter pass phrase for /etc/pki/tls/private/server.key: | cs |
3.
1 2 | # chmod 600 /etc/pki/tls/private/server.key | cs |
4.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | # openssl req -new -key /etc/pki/tls/private/server.key -out /etc/pki/tls/certs/server.csr Enter pass phrase for /etc/pki/tls/private/server.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:Kr State or Province Name (full name) [Some-State]: Locality Name (eg, city) []:Seoul Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []:DevOps Common Name (e.g. server FQDN or YOUR name) []:rabbit.kr Email Address []:admin@rabbit.kr Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: | cs |
5. root ca 개인키로 서명
1 2 3 4 5 6 | # openssl x509 -req -days 1825 -extensions v3_user -in /etc/pki/tls/certs/server.csr -CA /etc/pki/tls/certs/rootca.crt -CAcreateserial -CAkey /etc/pki/tls/private/rootca.key -out /etc/pki/tls/certs/server.crt Signature ok subject=/C=Kr/ST=Some-State/L=Seoul/O=Internet Widgits Pty Ltd/OU=DevOps/CN=rabbit.kr/emailAddress=admin@rabbit.kr Getting CA Private Key Enter pass phrase for /etc/pki/tls/private/rootca.key: | cs |
6. 생성 여부 확인
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | # openssl x509 -text -in /etc/pki/tls/certs/server.crt Certificate: Data: Version: 1 (0x0) Serial Number: 12213494513153143114 (0xa97f0c8cc2acf14a) Signature Algorithm: sha256WithRSAEncryption Issuer: C=Kr, ST=Some-State, L=Seoul, O=Internet Widgits Pty Ltd, OU=DevOps, CN=rabbit.kr/emailAddress=admin@rabbit.kr Validity Not Before: Jun 21 05:46:43 2018 GMT Not After : Jun 20 05:46:43 2023 GMT Subject: C=Kr, ST=Some-State, L=Seoul, O=Internet Widgits Pty Ltd, OU=DevOps, CN=rabbit.kr/emailAddress=admin@rabbit.kr Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: ... Exponent: 65537 (0x10001) Signature Algorithm: sha256WithRSAEncryption ... -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- | cs |
'Operating System > SSL & TLS' 카테고리의 다른 글
| ROOT CA 인증서 생성 (0) | 2018.06.21 |
|---|