久し振りに SSL テスト環境をセットアップしたので書いておきます。

出来上がったサーバ証明書を apache にセットするところは省略しました。

  1. 秘密鍵作成
  2. ランダムなデータを作成します。

    # openssl md5 /usr/local/bin/* > rand.dat


    # openssl genrsa -rand rand.dat -des3 1024 >
    56935 semi-random bytes loaded
    Generating RSA private key, 1024 bit long modulus
    e is 65537 (0x10001)
    Enter pass phrase:
    Verifying - Enter pass phrase:
  3. CSR 作成
  4. # openssl req -new -key -out
    Enter pass phrase for
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    Country Name (2 letter code) [GB]:JP
    State or Province Name (full name) [Berkshire]:Tokyo
    Locality Name (eg, city) [Newbury]:Minato-ku
    Organization Name (eg, company) [My Company Ltd]:example
    Organizational Unit Name (eg, section) []:HQ
    Common Name (eg, your name or your server's hostname) []
    Email Address []
    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:
    An optional company name []:
  5. 自己署名証明書作成
  6. # openssl x509 -in -out -req -s
    ignkey -days 3650
    Signature ok
    Getting Private key
    Enter pass phrase for
  7. 秘密鍵からパスフレーズを削除
  8. # openssl rsa -in -out
    Enter pass phrase for
    writing RSA key