怪しいデジタル証明書の発行の手順
Key用のディレクトリ作成
# mkdir -p /usr/local/ssl
# cp /usr/share/ssl/misc/CA /usr/local/ssl
# cd /usr/local/ssl
認証局 (CA) を作成
# ./CA -newca
CA certificate filename (or enter to create)
Enter PEM pass phrase: < 秘密鍵用パスフレーズ※1>
Verifying password – Enter PEM pass phrase: < 秘密鍵用パスフレーズ※1再>
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:Aichi
Locality Name (eg, city) []:Okazaki
Organization Name (eg, company) [Internet Widgits Pty Ltd]:< 適当な局名※2>
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server’s hostname) []:pecos.myhome.cx
Email Address []:xxx@pecos.myhome.cx
公開鍵を作成
# openssl genrsa -rand ./demoCA/cacert.pem -des3 -out serverkey.pem 1024
Enter PEM pass phrase: < 公開鍵用パスフレーズ>
Verifying password – Enter PEM pass phrase: < 公開鍵用パスフレーズ再>
# openssl rsa -in serverkey.pem -out serverkey.pem
Enter PEM pass phrase: < 公開鍵用パスフレーズ>
認証局への申請書 (CSR) を作成
# openssl req -new -days 365 -key serverkey.pem -out csr.pem
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:Aichi
Locality Name (eg, city) []:Okazaki
Organization Name (eg, company) [Internet Widgits Pty Ltd]:< 適当な局名※2>
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server’s hostname) []:pecos.myhome.cx
Email Address []:xxx@pecos.myhome.cx
A challenge password []:
An optional company name []:
証明書を作成
# openssl ca -in csr.pem -keyfile demoCA/private/cakey.pem -cert demoCA/cacert.pem -out cert.pem
Enter PEM pass phrase:< 秘密鍵用パスフレーズ※1>
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Apacheの設定
# vi /etc/apache2/conf.c/ssl.conf
<VirtualHost _default_:443>
ServerName pecos.myhome.cx:443
ServerAdmin xxx@pecos.myhome.cx
SSLCertificateFile /usr/local/ssl/cert.pem
SSLCertificateKeyFile /usr/local/ssl/serverkey.pem
# /etc/init.d/apache2 restart