os: ubuntu 16.04
개인키
1.
1 2 | # mkdir -p /etc/pki/tls/private | cs |
2.
1 2 3 4 5 6 7 8 | # openssl genrsa -aes256 -out /etc/pki/tls/private/rootca.key 2048 Generating RSA private key, 2048 bit long modulus ......................+++ .............................................................................................+++ e is 65537 (0x10001) Enter pass phrase for /etc/pki/tls/private/rootca.key: Verifying - Enter pass phrase for /etc/pki/tls/private/rootca.key: | cs |
3.
1 2 | # chmod 600 /etc/pki/tls/private/rootca.key | cs |
공개키
4.
1 2 | # mkdir /etc/pki/tls/certs | cs |
5.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | # openssl req -new -key /etc/pki/tls/private/rootca.key -out /etc/pki/tls/certs/rootca.csr Enter pass phrase for /etc/pki/tls/private/rootca.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:Kr State or Province Name (full name) [Some-State]: Locality Name (eg, city) []:Seoul Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []:DevOps Common Name (e.g. server FQDN or YOUR name) []:rabbit.kr Email Address []:admin@rabbit.kr Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: | cs |
인증서 기한 및 self-signed 인증서 생성
6.
1 2 3 4 5 6 7 8 9 10 11 12 | # openssl x509 -req \ > -days 3650 \ > -extensions v3_ca \ > -set_serial 1 \ > -in /etc/pki/tls/certs/rootca.csr \ > -signkey /etc/pki/tls/private/rootca.key \ > -out /etc/pki/tls/certs/rootca.crt Signature ok subject=/C=Kr/ST=Some-State/L=Seoul/O=Internet Widgits Pty Ltd/OU=DevOps/CN=rabbit.kr/emailAddress=admin@rabbit.kr Getting Private key Enter pass phrase for /etc/pki/tls/private/rootca.key: | cs |
7. 생성 여부 확인
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | # openssl x509 -text -in /etc/pki/tls/certs/rootca.crt Certificate: Data: Version: 1 (0x0) Serial Number: 1 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: C=Kr, ST=Some-State, L=Seoul, O=Internet Widgits Pty Ltd, OU=DevOps, CN=rabbit.kr/emailAddress=admin@rabbit.kr Validity Not Before: Jun 21 05:26:14 2018 GMT Not After : Jun 18 05:26:14 2028 GMT Subject: C=Kr, ST=Some-State, L=Seoul, O=Internet Widgits Pty Ltd, OU=DevOps, CN=rabbit.kr/emailAddress=admin@rabbit.kr Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: ... Exponent: 65537 (0x10001) Signature Algorithm: sha256WithRSAEncryption ... -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- | cs |
'Operating System > SSL & TLS' 카테고리의 다른 글
| SSL 인증서 생성 (0) | 2018.06.21 |
|---|