CAに認証してもらう (pem)†[edit]
- openssl genrsa -out private/key.pem 2048
- openssl req -new -key private/key.pem -out csr.pem
- openssl req -new -newkey rsa:2048 -days 3650 -nodes -keyout private.pem -out server.csr
- openssl x509 -in server.csr -days 3650 -req -signkey private/key.pem -out server.pem
- openssl req -new -x509 -key private/key.pem -out server.crt -days 3650
- Cert バイナリ
openssl x509 -inform der -in cert.crt -text
- Cert Pem
openssl x509 -in cert.pem -text
- CSR
openssl req -in csr.pem -text
vi CA.sh
./CA.sh -newca # demoCA/cert.pem ができる.
enter
enter password
re-enter password
C = JP
ST = Chiba
L = Chiba
O = Metaverse Technology Study Group of Japan
OU = Japan Open Grid
CN = JOGRID.NET
emailAddress = fumi.hax@gmail.com
ca.conf[edit]
cd demoCA
mv cert.pem cacert.pem
mkdir conf
vi conf/ca.conf
CSR を作る[edit]
openssl genrsa -out key.pem 2048
openssl req -new -key key.pem -out csr.pem
サーバ証明書にサインする[edit]
openssl ca -batch -config demoCA/conf/ca.conf -out cert.pem -infiles csr.pem
pawssword
1.1.0e Install†[edit]
# tar xzfv openssl-1.1.0e.tar.gz
# cd openssl-1.1.0e
# ./config shared
# make
# make test
(perl-coreがないとすべてエラーとなる)
(Rootだと1件エラーになるが仕様らしい)
# make install
1.0.2o Install†[edit]
- /usr/local/ssl/lib がライブラリのディレクトリ
- pcファイルは /usr/local/ssl/lib/pkgconfig に保存される
# zcat openssl-1.0.2o.tar.gz |tar xfv -
# cd openssl-1.0.2u
# ./config shared
# make depend
# make
# make test
# make install
- /etc/ld.so.conf に /usr/local/ssl/lib を追加して ldconfig を実行する.
0.9.x Install†[edit]
# zcat openssl-0.9.8u.tar.gz |tar xfv -
# cd openssl-0.9.8u
# ./config shared
# make depend
# make
# make test
# make install
![[PukiWiki]](image/pukiwiki.png "[PukiWiki]")
