반응형
쉽게 따라할 수 있는
openssl로 테스트용 인증서 생성 방법
[root@svr1] cert # openssl req -newkey rsa:2048 -nodes -out server.csr -keyout server.key // server 키와 csr 만들기
Generating a 2048 bit RSA private key
.....................................................................................+++
...................................+++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:KR // 나라
State or Province Name (full name) []:Seoul // 주
Locality Name (eg, city) [Default City]:Seoul // 도시명
Organization Name (eg, company) [Default Company Ltd]:LOL // 회사명
Organizational Unit Name (eg, section) []:LOL // 회사명
Common Name (eg, your name or your server's hostname) []:www.test.com // 인증서가 인증할 도메인 명 입력(ex> *.test.com, test.com 등)
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: // key password 입력
An optional company name []:
[root@svr1] cert # ls
server.csr server.key
[root@svr1] cert # openssl genrsa -aes256 -out ca.key 2048 // 테스트를 위한 개인용 CA 키 생성
Generating RSA private key, 2048 bit long modulus
..........+++
................................+++
e is 65537 (0x10001)
Enter pass phrase for ca.key: // key password 입력
Verifying - Enter pass phrase for ca.key: // key password 확인
[root@svr1] cert # ls
ca.key server.csr server.key
[root@svr1] cert # openssl req -new -x509 -days 365 -key ca.key -out ca.crt -sha256 // CA Certificate 생성(chain), 이 인증서를 브라우저의 신뢰하는 인증
기관에 등록해야지 테스트할 때 신뢰하는 인증기관으로 인식함.
Enter pass phrase for ca.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:KR
State or Province Name (full name) []:Seoul
Locality Name (eg, city) [Default City]:Seoul
Organization Name (eg, company) [Default Company Ltd]:LOL
Organizational Unit Name (eg, section) []:LOL
Common Name (eg, your name or your server's hostname) []:LOL CA // CA 이름 넣기
Email Address []:admin@test.com
[root@svr1] cert # ls
ca.crt ca.key server.csr server.key
[root@svr1] cert # openssl x509 -req -CA ca.crt -CAkey ca.key -days 365 -in server.csr -out serversha2.crt -sha256 -CAcreateserial // SHA2 해쉬 알고리즘용 Certificate 생성
Signature ok
Getting CA Private Key
Enter pass phrase for ca.key:
[root@svr1] cert # ls
ca.crt ca.key ca.srl server.csr server.key serversha2.crt
[root@svr1] cert # openssl x509 -req -CA ca.crt -CAkey ca.key -days 365 -in server.csr -out serversha1.crt -CAcreateserial // SHA1 해쉬 알고리즘용 Certificate 생성
Signature ok
Getting CA Private Key
Enter pass phrase for ca.key:
[root@svr1] cert # ls
ca.crt ca.key ca.srl server.csr server.key serversha1.crt serversha2.crt
[root@svr1] cert # openssl x509 -fingerprint -sha256 -req -CA ca.crt -CAkey ca.key -days 365 -in server.csr -out serversha2_fingerprintsha2.crt -CAcreateserial // 지문을 sha2사용하는 SHA2 해쉬 알고리즘용 Certificate 생성
Signature
ok
SHA256 Fingerprint=29:B7:72:3B:6F:4B:F2:AE:0C:89:E2:C7:B8:6D:B6:9C:A0:4B:C4:2F:61:44:F4:FB:DF:26:F7:89:72:C8:4B:EE
Getting CA Private Key
Enter pass phrase for ca.key:
[root@svr1] cert # ls
ca.crt ca.key ca.srl server.csr server.key serversha1.crt serversha2.crt serversha2_fingerprintsha2.crt
반응형
'IT' 카테고리의 다른 글
| 윈도우에서 리눅스 명령어를 사용해보자 (0) | 2020.06.16 |
|---|---|
| APM6 Tool에 SSL 설정하기 (0) | 2020.06.16 |
| 아이폰과 구글 캘린더 연동 및 동기화 하기 (0) | 2020.04.21 |
| 인증서 변환 방법(ver.리눅스) (0) | 2020.04.21 |
| NTP 상태 확인 시 출력된 값의 항목별 의미 (0) | 2020.04.21 |
댓글