OpenSSLでの秘密鍵、CSRの生成
いつも忘れるこのコマンド。よって備忘録。
プラットフォームはCentOS4
$ which openssl /usr/bin/openssl $ openssl version OpenSSL 0.9.7a Feb 19 2003
秘密鍵の生成(パスフレーズあり)
$ openssl genrsa -des3 -out private.key 1024 Generating RSA private key, 1024 bit long modulus ............................++++++ .................++++++ e is 65537 (0x10001) Enter pass phrase for private.key: [Passphraseを入力] Verifying - Enter pass phrase for private.key: [Passphraseを入力]
CSR(証明書発行要求)の作成
上記の秘密鍵を用いて作成する。
$ openssl req -new -sha1 -key private.key -out my.csr Enter pass phrase for private.key: [上記Passphraseを入力] You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [GB]:JP State or Province Name (full name) [Berkshire]: [都道府県名を入力] Locality Name (eg, city) [Newbury]: [市町村名を入力] Organization Name (eg, company) [My Company Ltd]: [組織名を入力] Organizational Unit Name (eg, section) []: [部署名を入力] Common Name (eg, your name or your server's hostname) []: [コモンネームを入力:例 ssl.example.jp] Email Address []: [メールアドレスを入力] Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: $
CSRの確認
$ openssl req -noout -text -in private.csr