티스토리 뷰

OpenSUSE 11 Create SSL Certificates



Create SSL Certificates

  Create self signed SSL Certificates. However, If you use your server as a business, it had better buy and use a Formal Certificate from Verisigh and so on.


otaec:~ # cd /etc/ssl/private 

otaec:/etc/ssl/private # openssl genrsa -des3 -out server.key 2048 

Generating RSA private key, 2048 bit long modulus

...................+++

.....+++

e is 65537 (0x10001)

Enter pass phrase for server.key:     # set passphrase

Verifying - Enter pass phrase for server.key:     # confirm




# remove passphrase from private key

otaec:/etc/ssl/private # openssl rsa -in server.key -out server.key 

Enter pass phrase for server.key:     # passphrase

writing RSA key

otaec:/etc/ssl/private # openssl req -new -days 3650 -key server.key -out server.csr 

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:JP     # country

State or Province Name (full name) [Some-State]:Hiroshima     # state

Locality Name (eg, city) []:Hiroshima     # city

Organization Name (eg, company) [Internet Widgits Pty Ltd]:GTS     # company

Organizational Unit Name (eg, section) []:Server World     # department

Common Name (e.g. server FQDN or YOUR name) []:otaec.srv.world     # server's FQDN

Email Address []:xxx@srv.world     # admin email

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:


otaec:/etc/ssl/private # openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650 

Signature ok

subject=/C=JP/ST=Hiroshima/L=Hiroshima/O=GTS/OU=Server World/CN=otaec.srv.world/emailAddress=root@srv.world

Getting Private key


otaec:/etc/ssl/private # chmod 400 server.key

저작자 표시 비영리 변경 금지
신고
댓글