티스토리 뷰

___리눅스

[리눅스] 사설인증서(SSL) 생성

변군 변군이글루 2020. 11. 17. 23:06

사설인증서(SSL) 생성

 

KEY 생성

openssl genrsa -out server.key 2048

root@2d2140e1fcb9:/usr/local/apache2/logs# openssl genrsa -out server.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
........................+++++
............+++++
e is 65537 (0x010001)

 

CSR 생성

openssl req -new -key server.key -out server.csr

-----
Country Name (2 letter code) [AU]:KR
State or Province Name (full name) [Some-State]:Seoul     
Locality Name (eg, city) []:Seoul
Organization Name (eg, company) [Internet Widgits Pty Ltd]:sangchul Ltd      
Organizational Unit Name (eg, section) []:Infrastructure Team

Common Name (e.g. server FQDN or YOUR name) []:sangchul.kr

Email Address []:iadmin@sangchul.kr

 

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:[Enter]
An optional company name []:[Enter]

root@2d2140e1fcb9:/usr/local/apache2/logs# openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:KR
State or Province Name (full name) [Some-State]:Seoul     
Locality Name (eg, city) []:Seoul
Organization Name (eg, company) [Internet Widgits Pty Ltd]:sangchul Ltd      
Organizational Unit Name (eg, section) []:Infrastructure Team
Common Name (e.g. server FQDN or YOUR name) []:sangchul.kr
Email Address []:iadmin@sangchul.kr

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

 

CRT 생성(유효기간 365일)

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

root@2d2140e1fcb9:/usr/local/apache2/logs# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=C = KR, ST = Seoul, L = Seoul, O = sangchul Ltd, OU = Infrastructure Team, CN = sangchul.kr, emailAddress = iadmin@sangchul.kr
Getting Private key

 

인증서 정보 확인

openssl x509 -text -in server.crt

root@2d2140e1fcb9:/usr/local/apache2/conf/ssl# openssl x509 -text -in server.crt
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number:
            20:e6:28:46:23:0e:be:04:55:de:d6:be:f1:36:5e:6d:d3:64:6f:22
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = KR, ST = Seoul, L = Seoul, O = sangchul Ltd, OU = Infrastructure Team, CN = sangchul.kr, emailAddress = iadmin@sangchul.kr
        Validity
            Not Before: Nov 17 13:31:50 2020 GMT
            Not After : Nov 17 13:31:50 2021 GMT
        Subject: C = KR, ST = Seoul, L = Seoul, O = sangchul Ltd, OU = Infrastructure Team, CN = sangchul.kr, emailAddress = iadmin@sangchul.kr
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:ba:89:0b:21:5a:03:5e:b2:05:8a:87:e9:b0:
                    14:da:d2:1f:11:ea:8e:a6:62:9f:f4:ec:eb:db:f1:
                    e6:cb:e0:94:d9:83:85:b0:04:97:3f:a8:5c:94:38:
                    02:f8:50:c3:a8:a7:82:84:ee:dc:ff:c1:42:a9:cb:
                    ff:e4:8b:12:0e:9b:13:6d:8a:64:2c:32:04:ab:92:
                    af:d5:fc:fe:e1:79:e6:27:9d:2c:8f:5b:ad:77:e7:
                    be:86:4b:a5:26:63:f4:a4:61:fe:c8:4f:9c:35:e2:
                    ae:b0:2e:71:3e:1a:46:d1:82:5f:00:f5:0f:5e:b1:
                    3a:f1:f5:f4:67:5d:14:ac:2f:16:a0:9d:fa:36:0d:
                    ea:b7:fd:32:f0:11:c8:7f:09:46:73:f9:d7:3d:51:
                    1d:e3:2c:4d:12:52:cc:97:6e:3e:60:8f:af:d3:c8:
                    72:6d:43:36:2f:a2:6a:1b:85:a9:59:a7:d2:13:cc:
                    c6:2c:97:5b:e4:be:4a:02:1b:79:42:86:1a:50:a2:
                    f2:3c:b8:46:8a:66:83:d6:00:38:a5:b2:59:2a:a9:
                    2b:e0:95:f1:3e:d5:8e:0d:0a:7b:a5:e2:89:2c:2a:
                    70:58:30:0b:06:19:1c:f4:d4:6b:b8:db:40:80:47:
                    f7:27:0b:e8:85:c3:1a:7f:c9:0e:bc:db:5a:2c:c3:
                    0c:35
                Exponent: 65537 (0x10001)
    Signature Algorithm: sha256WithRSAEncryption
         10:de:6c:b0:88:cd:3c:dd:02:39:f2:4a:7a:b8:6b:8f:bc:10:
         b0:8e:1a:a4:2c:05:65:37:79:ea:90:51:11:2a:db:02:8a:a7:
         3a:50:29:cd:9a:79:72:47:6e:6a:0c:f3:3d:3f:e5:d0:c2:37:
         18:7f:d3:67:08:2c:e9:62:03:f5:d1:ff:df:bb:b2:a4:fa:3f:
         9f:bb:8c:e2:49:ca:d7:c3:f9:c7:3b:31:b4:e1:44:84:17:40:
         ba:13:91:b3:ff:c0:80:c9:36:e8:3e:f4:43:c1:7d:11:65:4f:
         3f:0e:75:e7:bb:c5:a5:d9:fc:95:71:3e:af:5e:c0:a5:73:58:
         d4:f0:90:2e:19:45:fb:f9:05:8c:2b:a7:43:33:2d:ce:bc:1d:
         9e:95:84:97:fd:ad:35:4c:85:8a:47:be:94:2e:a5:6f:7d:5a:
         c9:5a:0a:99:6f:67:70:0f:06:6b:27:d8:58:ec:7a:38:69:27:
         34:66:9a:8a:39:a9:44:8b:22:8c:87:76:5b:46:d6:5c:93:25:
         21:11:77:dc:3b:f4:79:27:fa:ff:7f:65:42:02:d4:f9:62:72:
         c7:aa:59:a6:4c:6d:d3:01:81:81:e6:0a:2f:14:b6:20:b7:6d:
         43:5d:c2:fc:4f:36:57:3a:c4:9c:31:02:55:e5:0d:89:87:63:
         59:3c:24:fd
-----BEGIN CERTIFICATE-----
MIIDmTCCAoECFCDmKEYjDr4EVd7WvvE2Xm3TZG8iMA0GCSqGSIb3DQEBCwUAMIGI
MQswCQYDVQQGEwJLUjEOMAwGA1UECAwFU2VvdWwxDjAMBgNVBACMBVNlb3VsMRIw
EAYDVQQKDAk0d3h5eiBMdGQxDjAMBgNVBAsMBWluZnJhMRIwEAYDVQQDDAk0d3h5
ei5jb20xITAfBgkqhkiG9w0BCQEWEmFudGkxMzQ2QGdtYWlsLmNvbTAeFw0yMDEx
MTcxMzMxNTBaFw0yMTExMTcxMzMxNTBaMIGIMQswCQYDVQQGEwJLUjEOMAwGA1UE
CAwFU2VvdWwxDjAMBgNVBAcMBVNlb3VsMRIwEAYDVQQKDAk0d3h5eiBMdGQxDjAM
BgNVBAsMBWluZnJhMRIwEAYDVQQDDAk0d3h5ei5jb20xITAfBgkqhkiG9w0BCQEW
EmFudGkxMzQ2QGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMm6iQshWgNesgWKh+mwFNrSHxHqjqZin/Ts69vx5svglNmDhbAElz+oXJQ4
AvhQw6ingoTu3P/BQqnL/+SLEg6bE22KZCwyBKuSr9X8/uF55iedLI9brXfnvoZL
pSZj9KRh/shPnDXirrAucT4aRtGCXwD1D16xOvH19GddFKwvFqCd+jYN6rf9MvAR
yH8JRnP51z1RHeMsTRJSzJduPmCPr9PIcm1DNi+iahuFqVmn0hPMxiyXW+S+SgIb
eUKGGlCi8jy4Ropmg9YAOKWyWSqpK+CV8T7Vjg0Ke6XiiSwqcFgwCwYZHPTUa7jb
QIBH9ycL6IXDGn/JDrzbWizDDDUCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAEN5s
sIjNPN0COfJKerhrj7wQsI4apCwFZTd56pBRESrbAoqnOlApzZP4ckduagzzPT/l
0MI3GH/TZwgs6WID9dH/37uypPo/n7uM4knK18P5xzsxtOFEhBdAuhORs//AgMk2
6D70Q8F9EWVPPw5157vFpdn8lXE+r17ApXNY1PCQLhlF+/kFjCunQzMtzrwdnpWE
l/2tNUyFike+lC6lb31ayVoKmW9ncA8GayfYWOx6OGknNGaaijmpRIsijId2W0bW
XJMlIRF33Dv0eSf6/39lQgLU+WJyx6pZpkxt0wGBgeYKLxS2ILdtQ13C/E82VzrE
nDECVeUNiYdjWTwk/Q==
-----END CERTIFICATE-----

 

키 암호 제거(Private Key)

openssl rsa -in server.key -out nopass.key

root@2d2140e1fcb9:/usr/local/apache2/conf/ssl# openssl rsa -in server.key -out nopass.key
writing RSA key

 

댓글
댓글쓰기 폼