openssl 인증서 생성

오류 요약

SSL: error:0906406D:PEM routines:PEM_def_callback:problems getting password error:0907B068:PEM routines:PEM_READ_BIO_PRIVATEKEY:bad password read error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib

openssl rsa -in original.key -out unencripted.key

1. IIS 생성 ssl 인증서

1.1 루트 인증서 생성에 개인 키 추가

openssl req -new -x509 -keyout cakey.pem -out cacert.pem -config openssl.cnf

Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Zhejiang
Locality Name (eg, city) []:Hangzhou
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Mintcode
Organizational Unit Name (eg, section) []:Forstmourne
Common Name (e.g. server FQDN or YOUR name) []:115.29.179.22
Email Address []:[email protected]

1.2 관련 문서 생성(openssl.cnf 관련 설정)

mkdir demoCA
touch demoCA/index.html
touch demoCA/serial

vim demoCA/serial

1.3 인증서 신청에 따라 인증서 생성

openssl ca -in certreq.txt -out server.pem -cert cacert.pem -keyfile cakey.pem

Enter pass phrase for cakey.pem:
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 4097 (0x1001)
        Validity
            Not Before: Jul 24 02:07:43 2015 GMT
            Not After : Jul 23 02:07:43 2016 GMT
        Subject:
            countryName               = CN
            stateOrProvinceName       = Zhejiang
            organizationName          = Mintcode
            organizationalUnitName    = Forstmourne
            commonName                = 115.29.179.22
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Comment:
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier:
                A3:72:4C:6D:5D:F9:64:C9:02:13:11:13:CF:C3:34:C1:DE:0B:BF:57
            X509v3 Authority Key Identifier:
                keyid:81:40:30:DB:57:2C:D0:E8:9B:B1:51:D7:D5:71:F1:6C:16:E8:5A:DB

Certificate is to be certified until Jul 23 02:07:43 2016 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

1.4 iis 생성에 인증서 필요

openssl x509 -in server.pem -out server.cer

1.5 자바 생성에 필요한 키스토어

keytool -import -file server.cer -keystore server.keystore

2. openssl 생성 ssl 인증서

2.1 루트 인증서 생성에 개인 키 추가

openssl req -new -x509 -days 365000 -keyout cakey.key -out cacert.crt -config openssl.cnf

Generating a 2048 bit RSA private key
.....................................+++
..............+++
writing new private key to 'cakey.key'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Zhejiang
Locality Name (eg, city) []:Hangzhou
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Mintcode
Organizational Unit Name (eg, section) []:Forstmourne
Common Name (e.g. server FQDN or YOUR name) []:bell
Email Address []:[email protected]

2.2 ssl 인증서 생성에 개인 키 추가

openssl req -new -keyout server.key -out server.csr

Generating a 2048 bit RSA private key
..............................................................................+++
.......+++
writing new private key to 'server.key'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Zhejiang
Locality Name (eg, city) []:Hangzhou
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Mintcode
Organizational Unit Name (eg, section) []:Forstmourne
Common Name (e.g. server FQDN or YOUR name) []:bell
Email Address []:[email protected]

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:mintcode
An optional company name []:mintcode

2.3 준비 작업

mkdir demoCA
cd demoCA
mkdir newcerts
touch index.txt
echo '01' > serial
cd ..

2.4 자체 서명

openssl ca -in server.csr -out server.crt -cert cacert.crt -keyfile cakey.key -config openssl.cnf

2.5 자바 생성에 필요한 키스토어

keytool -import -file server.crt -keystore server.keystore

2.6crt가pem로 변환

openssl x509 -in server.crt -out server.pem -outform PEM

이 내용에 흥미가 있습니까?

현재 기사가 여러분의 문제를 해결하지 못하는 경우 AI 엔진은 머신러닝 분석(스마트 모델이 방금 만들어져 부정확한 경우가 있을 수 있음)을 통해 가장 유사한 기사를 추천합니다:

다양한 언어의 JSON

JSON은 Javascript 표기법을 사용하여 데이터 구조를 레이아웃하는 데이터 형식입니다. 그러나 Javascript가 코드에서 이러한 구조를 나타낼 수 있는 유일한 언어는 아닙니다. 저는 일반적으로 '객체'{}...

텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.

CC BY-SA 2.5, CC BY-SA 3.0 및 CC BY-SA 4.0에 따라 라이센스가 부여됩니다.