Rocky Linux 8にSSL証明書を作成する方法
1.server.keyを作成
[root@localhost ~]# cd /etc/pki/tls/certs [root@localhost certs]# openssl genrsa -aes128 2048 > server.key Generating RSA private key, 2048 bit long modulus (2 primes) ..+++++ ..............................................+++++ e is 65537 (0x010001) Enter pass phrase: #パスワード入力 Verifying - Enter pass phras #パスワード再入力
2.秘密鍵からパスワードを削除
# openssl rsa -in server.key -out server.key Enter pass phrase for server.key: #パスワード入力 writing RSA key
3.自己署名の独自証明書を作成
# openssl req -utf8 -new -key server.key -out server.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:JP #国 State or Province Name (full name) []: #地域 Locality Name (eg, city) [Default City]:xx Organization Name (eg, company) [Default Company Ltd]: #組織 Organizational Unit Name (eg, section) []: #組織の部門 Common Name (eg, your name or your server's hostname) []: #サーバーのFQDN Email Address []: #管理者のメールアドレス Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: #パスワード入力 An optional company name []: #会社名
4.有効期間が10年の自己証明書を作成
# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650 Signature ok 略
5.権限を与える
# chmod 600 server.key # ll server.* -rw-r--r-- 1 root root 1326 10月 24 15:09 server.crt -rw-r--r-- 1 root root 1115 10月 24 15:00 server.csr -rw------- 1 root root 1679 10月 24 14:57 server.key