ThinkPad560(VineLinux)(2001/6/20)
OpenSSLインストール
rpm -q openssl
http://www.modssl.orgからmod_ssl-2.8.3-1.3.19.tar.gzを取得
tar zxvf mod_ssl-2.8.3-1.3.19.tar.gz
cd mod_ssl-2.8.3-1.3.19
./configure --with-apxs=/usr/sbin/apxs --with-mm=SYSTEM
make
make install
cd /var/ssl
openssl req -config /var/ssl/openssl.cnf -new -nodes -keyout www.pem -out newreq.pem
Using configuration from /var/ssl/openssl.cnf
Generating a 1024 bit RSA private key
.........++++++
...............................................++++++
writing new private key to 'www.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:Kanagawa
Locality Name (eg, city) []:Kamakura
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Private
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:Yahagi Masaji
Email Address []:yahagi@masaji.org
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
mv www.pem private/
mv openssl.cnf openssl.cnf.org
cp openssl.cnf.org openssl.cnf
vi openssl.cnf で下記個所を修正
dir = /var/ssl/CA # Where everything is kept
mv misc/CA.sh misc/CA.sh.org
cp misc/CA.sh.org misc/CA.sh
vi misc/CA.sh で下記個所を修正
CATOP=/var/ssl/CA
export SSLEAY_CONFIG="-config /var/ssl/openssl.cnf"
misc/CA.sh -newca
CA certificate filename (or enter to create)
Making CA certificate ...
Using configuration from /var/ssl/openssl.cnf
Generating a 1024 bit RSA private key
.++++++
.................................++++++
writing new private key to '/var/ssl/CA/private/./cakey.pem'
Enter PEM pass phrase: <--- パスワードを決めて入力
Verifying password - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:Kanagawa
Locality Name (eg, city) []:Kamakura
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Private
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:Yahagi Masaji
Email Address []:yahagi@masaji.org
misc/CA.sh -sign
Using configuration from /var/ssl/openssl.cnf
Enter PEM pass phrase: <--- misc/CA.sh -newca実行時に入力した値
Check that the request matches the signature
Signature ok
The Subjects Distinguished Name is as follows
countryName :PRINTABLE:'JP'
stateOrProvinceName :PRINTABLE:'Kanagawa'
localityName :PRINTABLE:'Kamakura'
organizationName :PRINTABLE:'Private'
commonName :PRINTABLE:'Yahagi Masaji'
emailAddress :IA5STRING:'yahagi@masaji.org'
Certificate is to be certified until Jun 20 14:46:43 2002 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=JP, ST=Kanagawa, L=Kamakura, O=Private, CN=Yahagi Masaji/Email=yahagi@masaji.org
Validity
Not Before: Jun 20 14:46:43 2001 GMT
Not After : Jun 20 14:46:43 2002 GMT
Subject: C=JP, ST=Kanagawa, L=Kamakura, O=Private, CN=Yahagi Masaji/Email=yahagi@masaji.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
... 省略 ...
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
... 省略 ...
X509v3 Authority Key Identifier:
keyid: ... 省略 ...
DirName:/C=JP/ST=Kanagawa/L=Kamakura/O=Private/CN=Yahagi Masaji/Email=yahagi@masaji.org
serial:00
Signature Algorithm: md5WithRSAEncryption
... 省略 ...
-----BEGIN CERTIFICATE-----
... 省略 ...
-----END CERTIFICATE-----
Signed certificate is in newcert.pem
mv newcert.pem certs/www.pem