아이에스디네트웍스

OpenSSL 사용하여 자체 서명 인증서 생성

작성자

디지털디자인

in"의 한국어 번역은 "안"입니다.

  • KEY
openssl genrsa -out `hostname`-key.pem 2048

chmod 400 `hostname`-key.pem
  • CA:CONFIG
[ req ]
default_bits       = 2048
default_md         = sha1
default_keyfile    = `hostname`-key.pem
distinguished_name = req_distinguished_name
extensions         = v3_ca
req_extensions     = v3_ca

[ v3_ca ]
basicConstraints     = critical, CA:TRUE, pathlen:0
subjectKeyIdentifier = hash
keyUsage             = keyCertSign, cRLSign
nsCertType           = sslCA, emailCA, objCA

[ req_distinguished_name ]
countryName                    = Country Name (2 letter code)
countryName_default            = KR
countryName_min                = 2
countryName_max                = 2

stateOrProvinceName            = State or Province Name (full name)
stateOrProvinceName_default    = Gyeonggi-do

localityName                   = Locality Name (eg, city)
localityName_default           = Gwangmyeong-si

organizationName               = Organization Name (eg, company)
organizationName_default       = ISDNETWORKS

organizationalUnitName         = Organizational Unit Name (eg, section)
organizationalUnitName_default = ISDNETWORKS

commonName                     = Common Name (eg, your name or your server's hostname)
commonName_default             = ISDNETWORKS

emailAddress                   = Email Address
emailAddress_default           = [email protected]
  • CA:CSR
openssl req -new -key `hostname`-key.pem -out `hostname`-rootca.csr -config RootCA.conf
  • CA:CRT
openssl x509 -req -days 3653 -extensions v3_ca -set_serial 1 -in `hostname`-rootca.csr -signkey `hostname`-key.pem -out `hostname`-rootca.crt -extfile RootCA.conf
  • CA:CRT TEST
openssl x509 -text -in `hostname`-rootca.crt
  • CERT:CONFIG
[ req ]
default_bits       = 2048
default_md         = sha1
default_keyfile    = `hostname`-key.pem
distinguished_name = req_distinguished_name
extensions         = v3_user

[ v3_user ]
basicConstraints       = CA:FALSE
authorityKeyIdentifier = keyid, issuer
subjectKeyIdentifier   = hash
keyUsage               = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage       = serverAuth, clientAuth
subjectAltName         = @alt_names

[ alt_names ]
IP.1   = 127.0.0.1
IP.2   = `192.168.1.2`
IP.3   = `123.45.67.89`
DNS.1  = localhost
DNS.2  = `hostname`
DNS.3  = *.local
DNS.4  = *.isdnetworks.local
DNS.5  = *.isdnetworks.pe.kr

[ req_distinguished_name ]
countryName                    = Country Name (2 letter code)
countryName_default            = KR
countryName_min                = 2
countryName_max                = 2

stateOrProvinceName            = State or Province Name (full name)
stateOrProvinceName_default    = Gyeonggi-do

localityName                   = Locality Name (eg, city)
localityName_default           = Gwangmyeong-si

organizationName               = Organization Name (eg, company)
organizationName_default       = ISDNETWORKS

organizationalUnitName         = Organizational Unit Name (eg, section)
organizationalUnitName_default = ISDNETWORKS

commonName                     = Common Name (eg, your name or your server's hostname)
commonName_default             = ISDNETWORKS

emailAddress                   = Email Address
emailAddress_default           = [email protected]
  • CERT:CSR
openssl req -new -key `hostname`-key.pem -out `hostname`-cert.csr -config Cert.conf
  • CERT:CRT
openssl x509 -req -days 1826 -extensions v3_user -in `hostname`-cert.csr -CA `hostname`-rootca.crt -CAcreateserial -CAkey `hostname`-key.pem -out `hostname`-cert.crt -extfile Cert.conf
  • CERT:CRT TEST
openssl x509 -text -in `hostname`-cert.crt

더 많은 게시물