OS X Server でのSSLの設定

LDAPサーバのサイト証明書署名要求(csr.pem)と秘密鍵(server.key)

root# cd /tmp
root# openssl req -new -out csr.pem
enerating a 1024 bit RSA private key
..++++++
................++++++
writing new private key to 'privkey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:Okinawa
Locality Name (eg, city) []:Nishihara
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Univ.of the Ryukyus
Organizational Unit Name (eg, section) []:Information Engineering
Common Name (eg, YOUR name) []:thrak.eva.ie.u-ryukyu.ac.jp.
Email Address []:admin@thrak.eva.ie.u-ryukyu.ac.jp

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

秘密鍵(privkey.pem)から,パスフレーズを削除した秘密鍵(server.key)を作成

root# openssl rsa -in /tmp/privkey.pem -out /etc/ssl/ssl.key/server.key
Enter pass phrase for /tmp/privkey.pem:
writing RSA key

自己認証局(プライベートCA)の構築とサーバ証明書の作成

root# cd /etc/ssl/ssl.crt
root# /System/Library/OpenSSL/misc/CA.sh -newca
CA certificate filename (or enter to create)

Making CA certificate ...
Generating a 1024 bit RSA private key
............++++++
..........................................................++++++
writing new private key to './demoCA/private/./cakey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:Okinawa
Locality Name (eg, city) []:Nishihara
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Univ.of the Ryukyus
Organizational Unit Name (eg, section) []:Information Engineering
Common Name (eg, YOUR name) []:thrak.eva.ie.u-ryukyu.ac.jp
Email Address []:admin@thrak.eva.ie.u-ryukyu.ac.jp

作成したサイト証明書署名要求(csr.pem)から,サーバ証明書(自己署名証明書)を作成

root# openssl ca -out /etc/ssl/ssl.crt/server.crt -infiles /tmp/csr.pem
Using configuration from /System/Library/OpenSSL/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem:
Check that the request matches the signature
Signature ok
ertificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Feb  9 12:54:10 2005 GMT
            Not After : Feb  9 12:54:10 2006 GMT
        Subject:
            countryName               = JP
            stateOrProvinceName       = Okinawa
            organizationName          = Univ.of the Ryukyus
            organizationalUnitName    = Information Engineering
            commonName                = thrak.eva.ie.u-ryukyu.ac.jp.
            emailAddress              = admin@thrak.eva.ie.u-ryukyu.ac.jp
        X509v3 extensions:
            X509v3 Basic Constraints: 
            CA:FALSE
            Netscape Comment: 
            OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
            XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
            X509v3 Authority Key Identifier: 
            keyid:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
            DirName:/C=JP/ST=Okinawa/L=Nishihara/O=Univ.of the Ryukyus/OU=Information Engineering/CN=thrak.eva.ie.u-ryukyu.ac.jp/emailAddress=admin@thrak.eva.ie.u-ryukyu.ac.jp
            serial:00

Certificate is to be certified until Feb  9 12:54:10 2006 GMT (365 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated



トップ   編集 凍結 差分 バックアップ 添付 複製 名前変更 リロード   新規 一覧 単語検索 最終更新   ヘルプ   最終更新のRSS
Last-modified: 2013-06-20 (木) 14:45:23 (2338d)