独自CAを利用してSSL証明書を作成2

前回、独自CAを利用してSSL証明書を作成にてCSRを作成しましたので、今回はCAの作成方法を紹介します。

・CA用秘密鍵の作成

[root@ip-10-150-175-70 SAGYO]# openssl genrsa -des3 -out ca.key -rand rand.dat 2048
2738 semi-random bytes loaded
Generating RSA private key, 2048 bit long modulus
....+++
...................................................................+++
Enter pass phrase for ca.key: ←パスフレーズ
Verifying - Enter pass phrase for ca.key:　←パスフレーズ

・CA用証明書の作成

[root@ip-10-150-175-70 SAGYO]# openssl req -new -x509 -days 365 -key ca.key -out ca.crt
Enter pass phrase for ca.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:JP　←国名
State or Province Name (full name) [Berkshire]:Tokyo　←都道府県
Locality Name (eg, city) [Newbury]:Minato-ku　←市町村　
Organization Name (eg, company) [My Company Ltd]:IRET　←会社名
Organizational Unit Name (eg, section) []:cloudpack　←部門
Common Name (eg, your name or your server's hostname) []:ssl.cloudpack.jp　←サーバ名
Email Address []:

サーバ用証明書の作成はmod_sslのsign.shを利用します。
(2011年9月12日時点での最新版は2.8.31-1.3.41)になります。

wget http://www.modssl.org/source/mod_ssl-2.8.31-1.3.41.tar.gz

・サーバ用証明書の作成

[root@ip-10-150-175-70 SAGYO]# ./mod_ssl-2.8.31-1.3.41/pkg.contrib/sign.sh secure.cimacoppi.biz.csr
CA signing: secure.cimacoppi.biz.csr -> secure.cimacoppi.biz.crt:
Using configuration from ca.config
Enter pass phrase for ./ca.key:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'JP'
stateOrProvinceName :PRINTABLE:'Tokyo'
localityName :PRINTABLE:'Minato-ku'
organizationName :PRINTABLE:'Umiyama inc'
organizationalUnitName:PRINTABLE:'support'
commonName :PRINTABLE:'secure.cimacoppi.biz'
Certificate is to be certified until Sep 11 04:18:16 2012 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
CA verifying: secure.cimacoppi.biz.crt  CA cert
secure.cimacoppi.biz.crt: OK

実際に作成されたファイルは下記になります。

・CA用証明書

・サーバ用証明書

こちらの記事はなかの人（be_hase）監修のもと掲載しています。
元記事は、こちら