自己証明書ではなくCA(認証局)が発行した証明書を利用する場合についてです。
1. サーバの鍵の作成
すでに鍵がある場合には削除します。(server.csrファイルがあると、同一ファイル名では、CSRファイルの作成ができません。)
# cd /etc/httpd/conf
# rm ssl.key/server.key
# rm ssl.csr/server.csr
# rm ssl.key/server.key
# rm ssl.csr/server.csr
鍵を作成し保存します。
# /usr/bin/openssl genrsa 1024 > /etc/httpd/conf/ssl.key/server.key
Generating RSA private key, 1024 bit long modulus
……….++++++
…………….++++++
e is 65537 (0x10001)
Generating RSA private key, 1024 bit long modulus
……….++++++
…………….++++++
e is 65537 (0x10001)
サーバの鍵が /etc/httpd/conf/ssl.key/server.key という名前で作成されます。サーバの鍵をrootユーザ以外が読むことができないようにします。
# chmod 400 ssl.key/server.key
2. CSRファイルの作成
# make certreq
umask 77 ; \
/usr/bin/openssl req -new -key /etc/httpd/conf/ssl.key/server.key -out /etc/httpd/conf/ssl.csr/server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
umask 77 ; \
/usr/bin/openssl req -new -key /etc/httpd/conf/ssl.key/server.key -out /etc/httpd/conf/ssl.csr/server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.