아이에스디네트웍스

[태그:] self-signed

  • OpenSSL 사용하여 자체 서명 인증서 생성

    • KEY
    openssl genrsa -out `hostname`-key.pem 2048

chmod 400 `hostname`-key.pem
    • CA:CONFIG
    [ req ]
default_bits       = 2048
default_md         = sha1
default_keyfile    = `hostname`-key.pem
distinguished_name = req_distinguished_name
extensions         = v3_ca
req_extensions     = v3_ca

[ v3_ca ]
basicConstraints     = critical, CA:TRUE, pathlen:0
subjectKeyIdentifier = hash
keyUsage             = keyCertSign, cRLSign
nsCertType           = sslCA, emailCA, objCA

[ req_distinguished_name ]
countryName                    = Country Name (2 letter code)
countryName_default            = KR
countryName_min                = 2
countryName_max                = 2

stateOrProvinceName            = State or Province Name (full name)
stateOrProvinceName_default    = Gyeonggi-do

localityName                   = Locality Name (eg, city)
localityName_default           = Gwangmyeong-si

organizationName               = Organization Name (eg, company)
organizationName_default       = ISDNETWORKS

organizationalUnitName         = Organizational Unit Name (eg, section)
organizationalUnitName_default = ISDNETWORKS

commonName                     = Common Name (eg, your name or your server's hostname)
commonName_default             = ISDNETWORKS

emailAddress                   = Email Address
emailAddress_default           = [email protected]
    • CA:CSR
    openssl req -new -key `hostname`-key.pem -out `hostname`-rootca.csr -config RootCA.conf
    • CA:CRT
    openssl x509 -req -days 3653 -extensions v3_ca -set_serial 1 -in `hostname`-rootca.csr -signkey `hostname`-key.pem -out `hostname`-rootca.crt -extfile RootCA.conf
    • CA:CRT TEST
    openssl x509 -text -in `hostname`-rootca.crt
    • CERT:CONFIG
    [ req ]
default_bits       = 2048
default_md         = sha1
default_keyfile    = `hostname`-key.pem
distinguished_name = req_distinguished_name
extensions         = v3_user

[ v3_user ]
basicConstraints       = CA:FALSE
authorityKeyIdentifier = keyid, issuer
subjectKeyIdentifier   = hash
keyUsage               = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage       = serverAuth, clientAuth
subjectAltName         = @alt_names

[ alt_names ]
IP.1   = 127.0.0.1
IP.2   = `192.168.1.2`
IP.3   = `123.45.67.89`
DNS.1  = localhost
DNS.2  = `hostname`
DNS.3  = *.local
DNS.4  = *.isdnetworks.local
DNS.5  = *.isdnetworks.pe.kr

[ req_distinguished_name ]
countryName                    = Country Name (2 letter code)
countryName_default            = KR
countryName_min                = 2
countryName_max                = 2

stateOrProvinceName            = State or Province Name (full name)
stateOrProvinceName_default    = Gyeonggi-do

localityName                   = Locality Name (eg, city)
localityName_default           = Gwangmyeong-si

organizationName               = Organization Name (eg, company)
organizationName_default       = ISDNETWORKS

organizationalUnitName         = Organizational Unit Name (eg, section)
organizationalUnitName_default = ISDNETWORKS

commonName                     = Common Name (eg, your name or your server's hostname)
commonName_default             = ISDNETWORKS

emailAddress                   = Email Address
emailAddress_default           = [email protected]
    • CERT:CSR
    openssl req -new -key `hostname`-key.pem -out `hostname`-cert.csr -config Cert.conf
    • CERT:CRT
    openssl x509 -req -days 1826 -extensions v3_user -in `hostname`-cert.csr -CA `hostname`-rootca.crt -CAcreateserial -CAkey `hostname`-key.pem -out `hostname`-cert.crt -extfile Cert.conf
    • CERT:CRT TEST
    openssl x509 -text -in `hostname`-cert.crt