以下の手順は、利用者の端末(Linux)における証明書の作成例です。
参照
入力値は、「1.3.2 SSL/TLSサーバー証明書の設計」を参照してください。
# openssl genrsa -aes128 -out server.key 2048 Generating RSA private key, 2048 bit long modulus ......++++++ ...................++++++ e is 65537 (0x10001) Enter pass phrase for server.key: パスフレーズ<RETURN> Verifying - Enter pass phrase for server.key: パスフレーズ<RETURN> # openssl req -new -key server.key -sha256 -out server.csr Enter pass phrase for server.key: パスフレーズ<RETURN> You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]: <RETURN> State or Province Name (full name) []: <RETURN> Locality Name (eg, city) [Default City]: <RETURN> Organization Name (eg, company) [Default Company Ltd]: <RETURN> Organizational Unit Name (eg, section) []: <RETURN> Common Name (eg, your name or your server's hostname) []: myhost.example.com<RETURN> Email Address []: <RETURN> Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: <RETURN> An optional company name []: <RETURN>
# vi san.txt
subjectAltName = DNS: myhost.example.com, DNS: *.myhost.example.com
# openssl x509 -in server.csr -days 365 -req -signkey server.key -sha256 -out server.crt -extfile san.txt Signature ok subject=/C=JP/ST=JP/L=JP/O=JP/OU=JP/CN=tst Getting Private key Enter pass phrase for server.key: パスフレーズ<RETURN> # mv server.key server.key.back # openssl rsa -in server.key.back -out server.key Enter pass phrase for server.key.back: パスフレーズ<RETURN> writing RSA key