{"id":260,"date":"2011-05-06T18:07:08","date_gmt":"2011-05-06T09:07:08","guid":{"rendered":"http:\/\/systemdev.comsys-blog.com\/?p=260"},"modified":"2011-05-06T18:07:08","modified_gmt":"2011-05-06T09:07:08","slug":"centos5-%e3%81%a7%e8%87%aa%e5%89%8d%e3%81%aeca%e3%82%92%e4%bd%9c%e3%82%8a%e8%a8%bc%e6%98%8e%e6%9b%b8%e4%bd%9c%e6%88%90%e3%81%99%e3%82%8b","status":"publish","type":"post","link":"https:\/\/tamura.jp\/?p=260","title":{"rendered":"CentOS5 \u3067\u81ea\u524d\u306eCA\uff08\u8a8d\u8a3c\u5c40\uff09\u3092\u4f5c\u308a\u8a3c\u660e\u66f8\u3092\u4f5c\u6210\u3059\u308b"},"content":{"rendered":"<p>CA\u3092\u4f5c\u308b<\/p>\n<ol>\n<li>openssl.cnf\u3092\u4fee\u6b63\u3059\u308b\u306e\u3067\u30aa\u30ea\u30b8\u30ca\u30eb\u3092\u4fdd\u5b58\u3059\u308b#cp \/etc\/pki\/tls\/openssl.cnf \/etc\/pki\/tls\/openssl.cnf.org<br \/>\n\u3000<\/li>\n<li>\/etc\/pki\/tls\/openssl.cnf\u3092\u7de8\u96c6\u3059\u308b<br \/>\n[ req ]<br \/>\ndefault_bits\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 = 2048\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <span style=\"color: #ff0000\"><span style=\"color: #ff6600\"># 1024-&gt;2048<br \/>\n<\/span><br \/>\n<span style=\"color: #000000\">[ usr_cert ]<br \/>\n<\/span><\/span>basicConstraints=CA:TRUE\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <span style=\"color: #000080\"><span style=\"color: #ff6600\"># FALSE -&gt;TRUE\u3078\u5909\u66f4<br \/>\n<\/span><br \/>\n<\/span>nsCertType = server\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <span style=\"color: #ff6600\"># \u30b5\u30fc\u30d0\u30fc\u8a3c\u660e\u66f8\u3092\u4f5c\u6210\u3057\u307e\u3059<br \/>\n<\/span><br \/>\n[ v3_ca ]<br \/>\nnsCertType = sslCA, emailCA\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <span style=\"color: #ff6600\"># SSL\u304a\u3088\u3073\u96fb\u5b50\u30e1\u30fc\u30eb\u8a8d\u8a3c\u30b5\u30fc\u30d0\u30fc\u3092\u4f5c\u6210\u3057\u307e\u3059<br \/>\n<\/span><\/li>\n<li>\u8a3c\u660e\u66f8\u4f5c\u6210\u7528\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u306e\u30aa\u30ea\u30b8\u30ca\u30eb\u3092\u4fdd\u5b58\u3059\u308b<br \/>\n#cd \/etc\/pki\/tls\/misc<br \/>\n#cp CA CA.org<br \/>\n\u3000<\/li>\n<li>\u8a3c\u660e\u66f8\u4f5c\u6210\u7528\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u4fee\u6b63\u3059\u308b<br \/>\nif [ -z &#8220;$OPENSSL&#8221; ]; then OPENSSL=openssl; fi<br \/>\nSSLEAY_CONFIG=&#8221;-config ..\/openssl.cnf&#8221; <span style=\"color: #ff6600\"># \u30b3\u30f3\u30d5\u30a3\u30b0\u30ec\u30fc\u30b7\u30e7\u30f3\u30d5\u30a1\u30a4\u30eb\u306e\u4f4d\u7f6e\u3092\u4fee\u6b63<br \/>\n<\/span>DAYS=&#8221;-days 7300&#8243;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 #\u00a0<span style=\"color: #ff6600\">\u6709\u52b9\u671f\u9593\u309220\u5e74\u306b\u5909\u66f4<br \/>\n<\/span>CADAYS=&#8221;-days 7300&#8243;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 # <span style=\"color: #ff6600\">\u6709\u52b9\u671f\u9593\u309220\u5e74\u306b\u5909\u66f4<br \/>\n<\/span>REQ=&#8221;$OPENSSL req $SSLEAY_CONFIG&#8221;<br \/>\n\u3000<\/li>\n<li>CA\uff08\u30b9\u30af\u30ea\u30d7\u30c8\uff09\u3092\u5b9f\u884c\u3059\u308b<br \/>\n#.\/CA -newca<br \/>\n\u5fc5\u8981\u306a\u60c5\u5831\u5165\u308c\u305f\u3089\u51fa\u6765\u4e0a\u304c\u308a<br \/>\n\/etc\/pki\/CA \u30d5\u30a9\u30eb\u30c0\u30fc\u304c\u51fa\u6765\u3066\u3044\u307e\u3059<br \/>\n\u3000<\/li>\n<li>openssl\u306e\u8a2d\u5b9a\u3092\u5143\u306b\u623b\u3057\u3066\u304a\u304d\u307e\u3059<br \/>\n#cp \/etc\/pki\/tls\/openssl.cnf.org \/etc\/pki\/tls\/openssl.cnf<br \/>\n\u3000<\/li>\n<li>CA\u306e\u79d8\u5bc6\u9375\u306e\u30d1\u30fc\u30df\u30c3\u30b7\u30e7\u30f3\u3092\u5909\u66f4\u3059\u308b<br \/>\n#chmod 0400 \/etc\/pki\/CA\/private\/cakey.pem<br \/>\n\u3000<\/li>\n<li>\u8a8d\u8a3c\u5c40\u306e\u8a3c\u660e\u66f8\u3092\u4f5c\u6210\u3059\u308b\uff08\u914d\u5e03\u7528\uff09<br \/>\ncd \/etc\/pki\/CA\/<br \/>\n# openssl x509 -inform PEM -in cacert.pem -outform DER -out cacert.der<\/li>\n<\/ol>\n<p>CA\u304c\u3067\u304d\u305f\u3089<\/p>\n<ol>\n<li>\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u8981\u6c42\u3092\u4f5c\u6210\u3059\u308b<br \/>\n# cd \/etc\/pki\/tls\/misc\/<br \/>\n# .\/CA -newreqnewkey.pem<br \/>\nnewreq.pem\u304c\u3067\u304d\u308b<br \/>\n\u3000<\/li>\n<li>\u30b5\u30a4\u30f3\u3059\u308b<br \/>\n# .\/CA -sign<br \/>\nnewcert.pem\u304c\u3067\u304d\u308b<br \/>\n\u3000<\/li>\n<li>\u30ad\u30fc\u30d5\u30a1\u30a4\u30eb\u306e\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba\u3092\u89e3\u9664\u3059\u308b<br \/>\n# openssl rsa -in newkey.pem -out newkey.pem<br \/>\n\u3000<\/li>\n<li>\u51fa\u6765\u4e0a\u304c\u3063\u305f\u8a3c\u660e\u66f8\u306e\u30d5\u30a1\u30a4\u30eb\u306e\u540d\u524d\u3092\u5909\u3048\u3066\u914d\u5099\u3059\u308b<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>CA\u3092\u4f5c\u308b openssl.cnf\u3092\u4fee\u6b63\u3059\u308b\u306e\u3067\u30aa\u30ea\u30b8\u30ca\u30eb\u3092\u4fdd\u5b58\u3059\u308b#cp \/etc\/pki\/tls\/openssl.cnf \/etc\/pki\/tls\/openssl.cnf.org \u3000 \/etc\/pki\/tls\/ope [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[19],"tags":[],"class_list":["post-260","post","type-post","status-publish","format-standard","hentry","category-19"],"_links":{"self":[{"href":"https:\/\/tamura.jp\/index.php?rest_route=\/wp\/v2\/posts\/260","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tamura.jp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tamura.jp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tamura.jp\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tamura.jp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=260"}],"version-history":[{"count":0,"href":"https:\/\/tamura.jp\/index.php?rest_route=\/wp\/v2\/posts\/260\/revisions"}],"wp:attachment":[{"href":"https:\/\/tamura.jp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=260"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tamura.jp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=260"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tamura.jp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=260"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}