bash-3.00# cp openssl-rsa4096sha256CA.cnf openssl-rsa4096sha256_CLIENT.cnf
bash-3.00# vi /usr/local/ssl/openssl-rsa4096sha256_CLIENT.cnf
[ CA_default ]
stateOrProvinceName = optional
↓
#stateOrProvinceName = optional
[ usr_cert ]
default_days = 3650
↓
default_days = 1825
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
↓
keyUsage = critical,digitalSignature, keyEncipherment
nsComment = "OpenSSL Generated Certificate"
↓
#nsComment = "OpenSSL Generated Certificate"
extendedKeyUsage = serverAuth, clientAuth
bash-3.00# SSLEAY_CONFIG="-config /usr/local/ssl/openssl-rsa4096sha256_CLIENT.cnf"
bash-3.00# export SSLEAY_CONFIG
bash-3.00# openssl genrsa -out /usr/local/ssl/rsa4096sha256CA/private/sol10-ut-vpn.key 2048
Generating RSA private key, 2048 bit long modulus
.................................................................................+++
.........................+++
e is 65537 (0x10001)
bash-3.00# openssl req -new -key /usr/local/ssl/rsa4096sha256CA/private/sol10-ut-vpn.key -out /usr/local/ssl/rsa4096sha256CA/sol10-ut-vpn.csr -config /usr/local/ssl/openssl-rsa4096sha256_CLIENT.cnf -sha256
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:jp
Organization Name (eg, company) [Internet Widgits Pty Ltd]:openam
Organizational Unit Name (eg, section) []:openam.net
Common Name (e.g. server FQDN or YOUR name) []:sol10-ut-vpn
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
bash-3.00# openssl asn1parse -in /usr/local/ssl/rsa4096sha256CA/sol10-ut-vpn.csr
0:d=0 hl=4 l= 655 cons: SEQUENCE 4:d=1 hl=4 l= 375 cons: SEQUENCE
8:d=2 hl=2 l= 1 prim: INTEGER :00
11:d=2 hl=2 l= 74 cons: SEQUENCE
13:d=3 hl=2 l= 11 cons: SET
15:d=4 hl=2 l= 9 cons: SEQUENCE
17:d=5 hl=2 l= 3 prim: OBJECT :countryName
22:d=5 hl=2 l= 2 prim: PRINTABLESTRING :jp
26:d=3 hl=2 l= 15 cons: SET
28:d=4 hl=2 l= 13 cons: SEQUENCE
30:d=5 hl=2 l= 3 prim: OBJECT :organizationName
35:d=5 hl=2 l= 6 prim: UTF8STRING :openam
43:d=3 hl=2 l= 19 cons: SET
45:d=4 hl=2 l= 17 cons: SEQUENCE
47:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName
52:d=5 hl=2 l= 10 prim: UTF8STRING :openam.net
64:d=3 hl=2 l= 21 cons: SET
66:d=4 hl=2 l= 19 cons: SEQUENCE
68:d=5 hl=2 l= 3 prim: OBJECT :commonName
73:d=5 hl=2 l= 12 prim: UTF8STRING :sol10-ut-vpn
87:d=2 hl=4 l= 290 cons: SEQUENCE
91:d=3 hl=2 l= 13 cons: SEQUENCE
93:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption
104:d=4 hl=2 l= 0 prim: NULL
106:d=3 hl=4 l= 271 prim: BIT STRING
381:d=2 hl=2 l= 0 cons: cont [ 0 ]
383:d=1 hl=2 l= 13 cons: SEQUENCE
385:d=2 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
396:d=2 hl=2 l= 0 prim: NULL
398:d=1 hl=4 l= 257 prim: BIT STRING
bash-3.00# openssl ca -in /usr/local/ssl/rsa4096sha256CA/sol10-ut-vpn.csr -keyfile /usr/local/ssl/rsa4096sha256CA/private/cakey.pem -cert /usr/local/ssl/rsa4096sha256CA/cacert.pem -config /usr/local/ssl/openssl-rsa4096sha256_CLIENT.cnf Using configuration from /usr/local/ssl/openssl-rsa4096sha256_CLIENT.cnf
Enter pass phrase for /usr/local/ssl/rsa4096sha256CA/private/cakey.pem:openssl
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number:
e5:10:13:19:cd:92:8c:d8
Validity
Not Before: Apr 30 20:11:55 2012 GMT
Not After : Apr 29 20:11:55 2017 GMT
Subject:
countryName = jp
organizationName = openam
organizationalUnitName = openam.net
commonName = sol10-ut-vpn
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Subject Key Identifier:
E4:20:15:D2:DF:77:7F:61:AA:6E:49:DF:2B:D7:07:39:C7:53:FD:2C
X509v3 Authority Key Identifier:
keyid:D5:A0:A4:C3:4D:FA:32:C3:CC:D2:AE:6B:05:28:21:49:A6:F5:B5:96
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Certificate is to be certified until Apr 29 20:11:55 2017 GMT (1825 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
e5:10:13:19:cd:92:8c:d8
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=jp, O=openam, OU=openam.net, CN=OpenSSL rsa4096sha256CA
Validity
Not Before: Apr 30 20:11:55 2012 GMT
Not After : Apr 29 20:11:55 2017 GMT
Subject: C=jp, O=openam, OU=openam.net, CN=sol10-ut-vpn
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:e3:1d:0b:44:4b:21:22:a1:9e:59:87:91:e2:0e:
06:97:f0:33:8c:15:ec:fe:86:61:d9:c7:ad:16:9a:
f4:71:05:e8:5a:fb:b5:0e:37:92:9c:b1:16:85:d5:
ae:02:29:cd:ed:09:a0:aa:8f:6f:cc:18:95:86:09:
17:64:98:4b:ce:89:b6:81:04:5e:2b:fc:1c:cf:3e:
aa:8f:31:f5:f7:e2:0a:a5:92:4a:f0:ff:5c:17:81:
7d:e5:18:46:ed:9e:9e:a9:94:ca:74:3a:c6:84:93:
ce:b1:d6:a2:ac:30:21:68:04:5f:6c:07:62:ac:51:
d8:c4:ce:fe:b6:83:f1:6b:53:03:f7:8e:61:e5:06:
01:dc:e2:9e:a0:3e:0b:2e:db:00:11:ac:a5:07:c0:
41:4f:87:a5:dc:35:3a:cb:c6:d1:72:2a:33:81:bc:
6e:0d:6d:de:6d:ad:40:e4:91:96:b3:54:cc:f1:a6:
38:ed:a8:73:a1:fb:64:b4:cd:48:b9:e1:cb:d0:96:
25:21:fe:74:23:6a:b9:1a:4e:9e:ff:01:a0:4a:e4:
79:5d:a4:66:2e:c9:22:c1:fe:88:51:8c:c1:5f:13:
22:77:cf:22:1f:e1:9e:99:15:8d:ee:0f:c1:d0:ac:
d8:c9:b3:20:ef:6f:cf:e6:68:8e:35:a9:0d:a9:76:
61:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Subject Key Identifier:
E4:20:15:D2:DF:77:7F:61:AA:6E:49:DF:2B:D7:07:39:C7:53:FD:2C
X509v3 Authority Key Identifier:
keyid:D5:A0:A4:C3:4D:FA:32:C3:CC:D2:AE:6B:05:28:21:49:A6:F5:B5:96
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: sha256WithRSAEncryption
23:ab:99:a4:d1:3f:eb:44:64:89:89:ac:77:06:23:61:aa:7b:
c1:9f:b4:3a:2e:97:50:18:5f:49:67:82:e2:f6:df:de:70:3d:
10:c7:b3:61:63:a2:da:03:ea:82:54:b1:ef:54:6e:08:51:d9:
b4:eb:cb:6e:0c:38:be:bc:a9:7f:a9:c1:89:e5:68:45:c1:cf:
39:52:25:44:ce:50:b7:a0:22:4b:df:57:26:72:a2:36:ed:22:
c3:78:7f:85:8f:b2:99:2d:15:e8:27:73:66:b4:35:2b:d0:3f:
3e:66:23:60:4c:98:c5:c2:ca:5c:38:c8:a9:f1:d0:92:17:b6:
d1:e5:d8:1c:c0:fe:0f:86:a8:1a:94:03:49:48:f4:ba:d7:5c:
6e:40:dc:74:35:bf:fc:fc:0e:1e:d4:23:ea:cb:fe:96:92:5d:
34:4d:c1:d9:af:73:22:5d:82:08:03:2e:6d:18:76:64:aa:f6:
d3:a2:3c:0c:04:04:8e:d3:c8:a8:1e:d3:02:67:c0:32:39:b1:
ef:f9:61:b0:48:f8:62:ed:de:29:3f:20:2e:f8:9c:a9:75:78:
bb:dd:90:be:8f:f3:02:1d:33:2b:b1:9a:82:33:21:ab:03:c3:
07:5a:d5:4b:32:83:b7:f8:1b:38:1b:7c:fe:95:e9:f0:75:a3:
c1:cb:6c:43:2b:bc:05:c9:9e:f8:ce:b7:5a:dc:d3:a3:44:2a:
34:f2:f9:fa:ea:19:e3:67:74:1a:6a:0b:4b:1a:bf:cf:6b:da:
b5:c4:de:1e:2c:1d:38:79:39:04:39:06:0e:be:38:8d:44:68:
97:52:a5:3c:c2:79:9f:47:65:0a:cd:c6:b7:06:96:c1:61:ac:
31:6b:eb:2c:51:d5:52:da:16:2a:06:f5:ce:40:ea:d7:52:f3:
8a:c6:24:b2:46:9e:7d:d0:b6:06:e7:b3:34:8f:9d:b9:7b:ee:
f4:8e:40:c0:b4:53:37:ad:b1:23:8e:9c:3c:da:82:1c:80:ae:
39:bd:55:0e:c4:50:17:4b:ef:75:a7:04:75:aa:c7:a9:1b:86:
a7:9d:27:19:9b:5d:71:c3:c2:99:46:18:10:6c:53:d1:04:3a:
62:d0:91:06:fd:39:eb:14:2a:8b:98:cb:02:f9:fa:22:c4:d3:
95:9d:03:86:7f:8f:bd:96:eb:d1:11:b2:93:6e:40:2e:1f:0c:
94:eb:7d:0c:e7:f8:f6:79:2e:ba:b8:ad:70:d4:e1:e4:2a:3f:
9c:4d:39:17:c1:f3:ea:60:30:41:df:31:f7:00:15:74:f7:a5:
64:5b:c3:0d:da:6b:0a:6a:2a:44:3b:74:fe:90:cb:f3:66:36:
1f:28:7a:cc:f9:d4:3c:b1
-----BEGIN CERTIFICATE-----
MIIEnjCCAoagAwIBAgIJAOUQExnNkozYMA0GCSqGSIb3DQEBCwUAMFUxCzAJBgNV
BAYTAmpwMQ8wDQYDVQQKDAZvcGVuYW0xEzARBgNVBAsMCm9wZW5hbS5uZXQxIDAe
BgNVBAMMF09wZW5TU0wgcnNhNDA5NnNoYTI1NkNBMB4XDTEyMDQzMDIwMTE1NVoX
DTE3MDQyOTIwMTE1NVowSjELMAkGA1UEBhMCanAxDzANBgNVBAoMBm9wZW5hbTET
MBEGA1UECwwKb3BlbmFtLm5ldDEVMBMGA1UEAwwMc29sMTAtdXQtdnBuMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4x0LREshIqGeWYeR4g4Gl/AzjBXs
/oZh2cetFpr0cQXoWvu1DjeSnLEWhdWuAinN7Qmgqo9vzBiVhgkXZJhLzom2gQRe
K/wczz6qjzH19+IKpZJK8P9cF4F95RhG7Z6eqZTKdDrGhJPOsdairDAhaARfbAdi
rFHYxM7+toPxa1MD945h5QYB3OKeoD4LLtsAEaylB8BBT4el3DU6y8bRciozgbxu
DW3eba1A5JGWs1TM8aY47ahzoftktM1IueHL0JYlIf50I2q5Gk6e/wGgSuR5XaRm
Lskiwf6IUYzBXxMid88iH+GemRWN7g/B0KzYybMg72/P5miONakNqXZhVwIDAQAB
o3wwejAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAdBgNVHQ4EFgQU5CAV0t93
f2GqbknfK9cHOcdT/SwwHwYDVR0jBBgwFoAU1aCkw036MsPM0q5rBSghSab1tZYw
HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IC
AQAjq5mk0T/rRGSJiax3BiNhqnvBn7Q6LpdQGF9JZ4Li9t/ecD0Qx7NhY6LaA+qC
VLHvVG4IUdm068tuDDi+vKl/qcGJ5WhFwc85UiVEzlC3oCJL31cmcqI27SLDeH+F
j7KZLRXoJ3NmtDUr0D8+ZiNgTJjFwspcOMip8dCSF7bR5dgcwP4PhqgalANJSPS6
11xuQNx0Nb/8/A4e1CPqy/6Wkl00TcHZr3MiXYIIAy5tGHZkqvbTojwMBASO08io
HtMCZ8AyObHv+WGwSPhi7d4pPyAu+JypdXi73ZC+j/MCHTMrsZqCMyGrA8MHWtVL
MoO3+Bs4G3z+lenwdaPBy2xDK7wFyZ74zrda3NOjRCo08vn66hnjZ3QaagtLGr/P
a9q1xN4eLB04eTkEOQYOvjiNRGiXUqU8wnmfR2UKzca3BpbBYawxa+ssUdVS2hYq
BvXOQOrXUvOKxiSyRp590LYG57M0j525e+70jkDAtFM3rbEjjpw82oIcgK45vVUO
xFAXS+91pwR1qsepG4annScZm11xw8KZRhgQbFPRBDpi0JEG/TnrFCqLmMsC+foi
xNOVnQOGf4+9luvREbKTbkAuHwyU630M5/j2eS66uK1w1OHkKj+cTTkXwfPqYDBB
3zH3ABV096VkW8MN2msKaipEO3T+kMvzZjYfKHrM+dQ8sQ==
-----END CERTIFICATE-----
Data Base Updated
bash-3.00# cat /usr/local/ssl/rsa4096sha256CA/private/sol10-ut-vpn.key /usr/local/ssl/rsa4096sha256CA/newcerts/E5101319CD928CD8.pem /usr/local/ssl/rsa4096sha256CA/cacert.pem | openssl pkcs12 -export -out /usr/local/ssl/rsa4096sha256CA/certs/sol10-ut-vpn.p12 -name "UT-VPN Server"
Enter Export Password:sol10-ut-vpn
Verifying - Enter Export Password:sol10-ut-vpn
・出来上がったCA証明書(抜粋)
・UT-VPNサーバでの証明書入れ替え
RSA2,048bitのSHA256署名はサポートしている模様。
同様にクライアント側も作る。
bash-3.00# openssl genrsa -out /usr/local/ssl/rsa4096sha256CA/private/cent5.8-mickey.key 2048 Generating RSA private key, 2048 bit long modulus ........................................+++
...............+++
e is 65537 (0x10001)
bash-3.00# openssl req -new -key /usr/local/ssl/rsa4096sha256CA/private/cent5.8-mickey.key -out /usr/local/ssl/rsa4096sha256CA/cent5.8-mickey.csr -config /usr/local/ssl/openssl-rsa4096sha256_CLIENT.cnf -sha256 You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:jp
Organization Name (eg, company) [Internet Widgits Pty Ltd]:openam
Organizational Unit Name (eg, section) []:openam.net
Common Name (e.g. server FQDN or YOUR name) []:mickey.openam.net
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
bash-3.00# openssl ca -in /usr/local/ssl/rsa4096sha256CA/cent5.8-mickey.csr -keyfile /usr/local/ssl/rsa4096sha256CA/private/cakey.pem -cert /usr/local/ssl/rsa4096sha256CA/cacert.pem -config /usr/local/ssl/openssl-rsa4096sha256_CLIENT.cnf Using configuration from /usr/local/ssl/openssl-rsa4096sha256_CLIENT.cnf
Enter pass phrase for /usr/local/ssl/rsa4096sha256CA/private/cakey.pem:
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number:
e5:10:13:19:cd:92:8c:d9
Validity
Not Before: Apr 30 20:27:21 2012 GMT
Not After : Apr 29 20:27:21 2017 GMT
Subject:
countryName = jp
organizationName = openam
organizationalUnitName = openam.net
commonName = mickey.openam.net
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Subject Key Identifier:
7B:E8:ED:C3:72:9A:A5:1D:51:20:5A:11:6D:5F:F1:D7:2E:E2:53:A9
X509v3 Authority Key Identifier:
keyid:D5:A0:A4:C3:4D:FA:32:C3:CC:D2:AE:6B:05:28:21:49:A6:F5:B5:96
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Certificate is to be certified until Apr 29 20:27:21 2017 GMT (1825 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
e5:10:13:19:cd:92:8c:d9
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=jp, O=openam, OU=openam.net, CN=OpenSSL rsa4096sha256CA
Validity
Not Before: Apr 30 20:27:21 2012 GMT
Not After : Apr 29 20:27:21 2017 GMT
Subject: C=jp, O=openam, OU=openam.net, CN=mickey.openam.net
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ec:e4:6f:dc:b0:a4:a6:1d:f1:21:09:d1:2e:60:
4c:c1:af:ae:01:74:ba:27:7b:b3:00:9c:cc:02:8b:
82:db:76:a4:d5:2a:89:fa:f4:08:2f:33:ee:dc:70:
9a:d8:9a:3e:ed:74:3d:e5:e2:d4:aa:e4:fc:33:2b:
86:09:56:01:99:68:ae:f4:01:d0:18:7a:08:4f:da:
11:ce:ac:40:61:4e:f4:2e:9c:36:18:38:e0:ab:a0:
08:46:9c:bd:85:72:6b:43:97:6d:98:6b:fc:6c:98:
dd:8b:1d:3b:0c:e6:4b:6d:0c:3b:81:00:bd:26:3d:
84:ec:aa:6d:89:35:88:9c:31:d1:7f:2b:72:5f:4a:
fb:f6:5d:42:f8:de:9f:57:a4:f5:42:f1:f3:cb:58:
96:8a:b6:d7:97:42:0b:eb:42:0f:50:b0:d4:a9:e3:
b3:06:92:69:4f:93:7a:69:82:1c:7c:f3:6f:aa:98:
c8:52:91:bb:3d:7b:c8:33:ae:0c:39:9e:44:08:5e:
7f:8f:23:fe:af:32:31:60:54:5e:69:77:ba:92:85:
31:22:2b:26:44:6e:81:36:b1:98:40:d9:53:34:d5:
74:74:d3:4d:72:a8:fc:32:2f:5f:b6:82:7b:b8:51:
2d:99:42:ca:26:f5:a2:7d:3a:55:b2:da:b8:fa:71:
e5:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Subject Key Identifier:
7B:E8:ED:C3:72:9A:A5:1D:51:20:5A:11:6D:5F:F1:D7:2E:E2:53:A9
X509v3 Authority Key Identifier:
keyid:D5:A0:A4:C3:4D:FA:32:C3:CC:D2:AE:6B:05:28:21:49:A6:F5:B5:96
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: sha256WithRSAEncryption
72:77:e9:f1:dd:6d:25:ea:19:6a:31:62:52:28:be:25:f2:6f:
18:64:86:18:22:ef:75:a1:74:3c:9f:0e:cd:43:04:ad:79:b5:
bb:14:53:c9:15:c1:2a:f9:c1:88:73:94:56:42:c0:11:e0:56:
c4:76:c5:62:96:77:9f:96:6c:8a:98:29:21:e6:53:b2:b8:9a:
5d:52:81:c2:53:28:7c:e8:ca:29:71:86:f5:f7:eb:64:6e:27:
5d:34:37:6c:ce:ef:b9:f7:35:67:30:df:d0:e1:6c:4a:35:80:
63:81:e4:31:4c:03:3b:3b:82:d3:cc:cb:52:41:43:e8:45:54:
e9:32:5f:ab:73:ae:05:da:a2:cd:c7:dc:8a:92:19:22:c5:dd:
1f:58:dc:e3:f7:ca:91:bd:95:58:f9:55:82:46:ec:d1:20:40:
59:f1:0d:79:16:01:31:68:6e:a3:35:2e:f2:7e:39:1f:6b:38:
cc:38:b4:57:2b:c2:26:37:2e:24:32:02:63:02:06:61:3c:97:
00:66:9d:30:31:a6:ec:1c:af:85:e5:04:46:d5:b6:e8:c3:0c:
b6:63:00:84:ed:5d:e0:c6:bd:d0:30:0c:3e:29:c3:64:7e:d0:
9e:c9:30:de:36:fd:59:ba:3d:9d:92:80:e4:50:36:d9:be:b9:
7d:80:60:9c:20:64:6c:7c:29:ff:4e:49:2f:c9:ea:2e:37:2f:
d1:e6:87:28:99:42:60:27:c8:f9:2d:2c:cb:5b:34:bd:a3:42:
e8:dd:f4:96:29:54:7d:83:a3:54:48:cf:49:a8:a5:81:42:e1:
16:79:32:c6:e9:0d:be:23:fd:a1:81:ce:12:e1:80:ec:94:6f:
5c:d7:31:d5:e3:22:1d:c4:d4:0d:53:d1:cf:82:f2:05:3d:26:
93:20:e4:56:ea:20:6e:80:84:08:82:f3:de:f8:94:f7:21:fd:
cb:85:9e:d2:d4:38:9b:4c:a7:4a:0a:65:54:c6:ca:5a:d1:48:
28:a5:d3:6f:c9:c9:6d:1f:00:ac:d7:22:00:f2:45:e0:c3:03:
c0:d1:b3:69:29:29:21:34:25:d5:93:aa:5a:f8:11:3a:4a:19:
10:24:fc:9a:2e:8f:3c:8f:77:cc:4b:8d:20:f0:7d:bb:83:c9:
b2:c2:88:41:12:8b:82:ee:4f:42:1c:df:f9:04:cb:87:25:a5:
44:eb:40:24:5a:55:7b:a1:18:7e:a3:d2:a6:6f:e9:9f:1c:52:
c2:f5:48:9f:52:3b:a0:9d:d3:5e:ad:77:aa:30:a8:95:ae:fd:
30:95:4b:64:5d:13:06:38:9b:a3:2c:8f:bf:84:4c:c6:d3:83:
ee:e0:b6:e9:c6:34:c3:42
-----BEGIN CERTIFICATE-----
MIIEozCCAougAwIBAgIJAOUQExnNkozZMA0GCSqGSIb3DQEBCwUAMFUxCzAJBgNV
BAYTAmpwMQ8wDQYDVQQKDAZvcGVuYW0xEzARBgNVBAsMCm9wZW5hbS5uZXQxIDAe
BgNVBAMMF09wZW5TU0wgcnNhNDA5NnNoYTI1NkNBMB4XDTEyMDQzMDIwMjcyMVoX
DTE3MDQyOTIwMjcyMVowTzELMAkGA1UEBhMCanAxDzANBgNVBAoMBm9wZW5hbTET
MBEGA1UECwwKb3BlbmFtLm5ldDEaMBgGA1UEAwwRbWlja2V5Lm9wZW5hbS5uZXQw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDs5G/csKSmHfEhCdEuYEzB
r64BdLone7MAnMwCi4LbdqTVKon69AgvM+7ccJrYmj7tdD3l4tSq5PwzK4YJVgGZ
aK70AdAYeghP2hHOrEBhTvQunDYYOOCroAhGnL2FcmtDl22Ya/xsmN2LHTsM5ktt
DDuBAL0mPYTsqm2JNYicMdF/K3JfSvv2XUL43p9XpPVC8fPLWJaKtteXQgvrQg9Q
sNSp47MGkmlPk3ppghx882+qmMhSkbs9e8gzrgw5nkQIXn+PI/6vMjFgVF5pd7qS
hTEiKyZEboE2sZhA2VM01XR0001yqPwyL1+2gnu4US2ZQsom9aJ9OlWy2rj6ceXV
AgMBAAGjfDB6MAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBR7
6O3DcpqlHVEgWhFtX/HXLuJTqTAfBgNVHSMEGDAWgBTVoKTDTfoyw8zSrmsFKCFJ
pvW1ljAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQEL
BQADggIBAHJ36fHdbSXqGWoxYlIoviXybxhkhhgi73WhdDyfDs1DBK15tbsUU8kV
wSr5wYhzlFZCwBHgVsR2xWKWd5+WbIqYKSHmU7K4ml1SgcJTKHzoyilxhvX362Ru
J100N2zO77n3NWcw39DhbEo1gGOB5DFMAzs7gtPMy1JBQ+hFVOkyX6tzrgXaos3H
3IqSGSLF3R9Y3OP3ypG9lVj5VYJG7NEgQFnxDXkWATFobqM1LvJ+OR9rOMw4tFcr
wiY3LiQyAmMCBmE8lwBmnTAxpuwcr4XlBEbVtujDDLZjAITtXeDGvdAwDD4pw2R+
0J7JMN42/Vm6PZ2SgORQNtm+uX2AYJwgZGx8Kf9OSS/J6i43L9HmhyiZQmAnyPkt
LMtbNL2jQujd9JYpVH2Do1RIz0mopYFC4RZ5MsbpDb4j/aGBzhLhgOyUb1zXMdXj
Ih3E1A1T0c+C8gU9JpMg5FbqIG6AhAiC8974lPch/cuFntLUOJtMp0oKZVTGylrR
SCil02/JyW0fAKzXIgDyReDDA8DRs2kpKSE0JdWTqlr4ETpKGRAk/JoujzyPd8xL
jSDwfbuDybLCiEESi4LuT0Ic3/kEy4clpUTrQCRaVXuhGH6j0qZv6Z8cUsL1SJ9S
O6Cd016td6owqJWu/TCVS2RdEwY4m6Msj7+ETMbTg+7gtunGNMNC
-----END CERTIFICATE-----
Data Base Updated
bash-3.00# cat /usr/local/ssl/rsa4096sha256CA/private/cent5.8-mickey.key /usr/local/ssl/rsa4096sha256CA/newcerts/E5101319CD928CD9.pem /usr/local/ssl/rsa4096sha256CA/cacert.pem | openssl pkcs12 -export -out /usr/local/ssl/rsa4096sha256CA/certs/cent5.8-mickey.p12 -name "UT-VPN Client"
Enter Export Password:
Verifying - Enter Export Password:
次に、仮想HUBで使用している証明書を入れ替えようとしたが、ダメ。
試しに認証方法をパスワード認証から変更してみたが、ダメだった。
※接続処理中から変わらず・・・。
0 件のコメント:
コメントを投稿