bash-3.00# pkgadd -d ./$FILE_NAME
※FILE_NAMEは以下が対象
gcc-3.4.6-sol10-x86-local
libgcc-3.4.6-sol10-x86-local
libiconv-1.14-sol10-x86-local
libintl-3.4.0-sol10-x86-local
openssl-1.0.0g-sol10-x86-local
・/.profile への設定
bash-3.00# LD_LIBRARY_PATH=/usr/local/ssl/lib:/usr/local/lib
bash-3.00# export LD_LIBRARY_PATH
bash-3.00# PATH=/usr/local/bin:/usr/local/ssl/bin:$PATH
bash-3.00# export PATH
・構築
bash-3.00# cd /usr/local/ssl
bash-3.00# cp openssl.cnf openssl-rsa4096sha256CA.cnf
bash-3.00# vi openssl-rsa4096sha256CA.cnf
<変更点>
[req]
default_bits = 1024
↓
default_bits = 4096
[CA_default]
dir = ./demoCA
↓
dir = ./rsa4096sha256CA
default_days = 365
↓
default_days = 3650
default_md = default
↓
default_md = sha256
[req_distinguished_name]
st、l、emailをコメント
[policy_match]
st、lをmatchからoptional
bash-3.00# # cp misc/CA.sh misc/rsa4096sha256CA.sh
bash-3.00# # vi misc/rsa4096sha256CA.sh
<変更点>
demoCA
↓
rsa4096sha256CA
CA_DAYS="-days 1095"
↓
CA_DAYS="-days 3650"
bash-3.00# SSLEAY_CONFIG="-config /usr/local/ssl/openssl-rsa4096sha256CA.cnf"
bash-3.00# export SSLEAY_CONFIG
bash-3.00# cd /usr/local/ssl
bash-3.00# misc/rsa4096sha256CA.sh -newca
CA certificate filename (or enter to create)
Making CA certificate ...
Generating a 4096 bit RSA private key
................................................................................................++
.......................................................++
writing new private key to './rsa4096sha256CA/private/./cakey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
※pass prhaseはopenssl
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:jp
Organization Name (eg, company) [Internet Widgits Pty Ltd]:openam
Organizational Unit Name (eg, section) []:openam.net
Common Name (e.g. server FQDN or YOUR name) []:OpenSSL rsa4096sha256CA
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /usr/local/ssl/openssl-rsa4096sha256CA.cnf
Enter pass phrase for ./rsa4096sha256CA/private/./cakey.pem:
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number:
e5:10:13:19:cd:92:8c:d7
Validity
Not Before: Apr 26 19:50:06 2012 GMT
Not After : Apr 24 19:50:06 2022 GMT
Subject:
countryName = jp
organizationName = openam
organizationalUnitName = openam.net
commonName = OpenSSL rsa4096sha256CA
X509v3 extensions:
X509v3 Subject Key Identifier:
D5:A0:A4:C3:4D:FA:32:C3:CC:D2:AE:6B:05:28:21:49:A6:F5:B5:96
X509v3 Authority Key Identifier:
keyid:D5:A0:A4:C3:4D:FA:32:C3:CC:D2:AE:6B:05:28:21:49:A6:F5:B5:96
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Certificate is to be certified until Apr 24 19:50:06 2022 GMT (3650 days)
Write out database with 1 new entries
Data Base Updated
・出来上がったCA証明書(抜粋)
0 件のコメント:
コメントを投稿