Network×Network目次

スポンサードリンク

オレオレ証明書 作り方 Windows

オレオレ証明書(自己署名証明書)の作成方法をメモ書き。
なんてややこしいんだ・・・・。
とりあえず、なんとかオレオレ証明書作成できたかな。

◆OpenSSLのインストール作業
1.インストールパス
C:\OpenSSL-Win32

2.環境変数の設定
マイコンピュータ>右クリック>プロパティ>システムの詳細設定>
詳細設定タブ>環境変数>システム環境変数>[Path]を選択して編集>
編数値>[C:\OpenSSL-Win32\bin]を追記してOK

◆ルート証明書作成
1.フォルダ作成
C:\sslroot

2.乱数シード作成
C:\sslroot>set > seed.tmp
C:\sslroot>openssl md5 * > rand.dat
※途中で止まる場合はctrl+cで中止してOK

3.キー作成
C:\sslroot>openssl genrsa -rand rand.dat -des3 2048 > root_key.pem
Loading 'screen' into random state - done
0 semi-random bytes loaded
Generating RSA private key, 2048 bit long modulus
....................+++
.........+++
e is 65537 (0x10001)
Enter pass phrase:(キーのパスワード)
Verifying - Enter pass phrase:(キーのパスワード)
C:\sslroot>

4.CSR作成
C:\sslroot>openssl req -new -key root_key.pem -out root_csr.pem
Enter pass phrase for root_key.pem:(root_key.pemキーのパスワード)
Loading 'screen' into random state - done
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
----- 
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:Tokyo
Locality Name (eg, city) []:Minato-Ku
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Root INC.
Organizational Unit Name (eg, section) []:Technology
Common Name (e.g. server FQDN or YOUR name) []:www.root.co.jp
Email Address []:(空欄でOK)

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:(空欄でOK)
An optional company name []:(空欄でOK)
C:\sslroot>

5.CRT作成
C:\sslroot>openssl x509 -days 365 -req -signkey root_key.pem root_ca.crt
Loading 'screen' into random state - done
Signature ok
subject=/C=JP/ST=Tokyo/L=Minato-Ku/O=Root INC./OU=Technology/CN=www.root.co.jp
Getting Private key
Enter pass phrase for root_key.pem:(root_key.pemキーのパスワード)
C:\sslroot>

6.CRT確認
C:\sslroot>openssl x509 -text -in root_ca.crt
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
d2:23:fa:f7:f0:f4:12:83
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=JP, ST=Tokyo, L=Minato-Ku, O=Root INC., OU=Technology, CN=www.
root.co.jp
Validity
Not Before: Mar 3 02:47:26 2016 GMT
Not After : Mar 3 02:47:26 2017 GMT
Subject: C=JP, ST=Tokyo, L=Minato-Ku, O=Root INC., OU=Technology, CN=www
.root.co.jp
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b3:44:8c:30:89:24:53:23:a2:dd:10:87:77:3e:
06:94:30:1a:7e:96:3c:e6:71:41:3f:dc:84:e2:1d:
27:4c:69:3e:6e:1d:bb:3e:40:ce:a6:c0:d5:6b:73:
ab:62:70:0d:a7:b2:72:34:4f:80:5c:07:50:4b:8d:
71:15:23:9a:e5:a1:e8:2e:13:f9:ab:0d:e0:09:75:
b2:a0:5e:29:61:7e:a9:01:05:7c:9f:01:f7:f0:6d:
bc:1e:fb:25:c9:74:6b:f2:a6:6c:91:13:70:be:4b:
e2:98:2a:52:01:c4:ad:64:3e:20:24:e7:32:f5:ec:
04:34:ac:c8:aa:3b:20:50:47:4f:65:23:24:1f:bf:
63:b0:c9:91:13:53:bc:4a:96:11:9f:1b:80:a3:a3:
63:c1:e2:75:ef:69:90:cb:07:da:45:d8:43:19:a0:
b2:ac:dd:d5:a6:6c:7d:49:19:c1:74:b7:61:44:fb:
0c:79:60:66:09:3d:a6:3d:9c:9b:b2:99:21:39:ec:
a7:b3:d2:a1:80:50:8a:27:1d:49:2d:a7:9f:bc:73:
71:ad:b8:3a:5b:2b:81:cf:02:52:ef:0e:db:c9:ae:
81:96:6b:67:2b:80:c7:8a:54:35:fb:31:b9:27:15:
11:e2:92:d4:33:d3:8a:c1:21:06:e8:5a:69:dd:08:
29:e1
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
5f:4c:bd:8d:21:8b:8c:ab:a6:a9:d8:ff:cc:64:0a:72:6c:1c:
19:a4:1f:dc:9d:55:20:74:90:fe:0d:bf:16:eb:03:d2:36:b3:
c2:ba:5d:c9:4d:12:ec:ab:c5:8f:86:bb:e6:2a:c4:05:ac:31:
f1:e0:8c:4a:3b:bb:16:20:09:fe:46:e3:31:63:76:02:a7:8b:
e7:0a:7e:95:63:26:1b:97:1d:ba:f8:17:35:38:85:28:55:07:
7a:de:05:b0:ea:f0:c3:3b:92:d6:31:16:3d:64:96:04:ff:17:
ee:4b:3c:67:bf:ab:97:5e:2d:2b:1d:e2:a0:16:c3:51:5e:e3:
63:fb:73:18:45:23:61:c5:09:1a:98:78:1d:15:12:c2:95:c9:
e9:3d:13:2f:6a:fe:21:19:87:bc:d7:6e:2d:83:79:a1:01:66:
44:01:5c:0d:b4:6b:59:8b:46:24:15:a1:bd:dc:96:d7:34:41:
50:73:7b:98:ae:5f:cf:f5:26:5e:9d:2a:e6:0d:a8:c8:3b:f6:
84:50:1a:bf:ef:46:15:3f:47:07:cb:a6:0f:ee:d5:7e:27:e6:
f2:43:0f:c7:ab:4d:f2:8c:19:fe:d0:61:c4:05:f6:b8:50:b6:
c2:bc:d6:37:29:09:0a:56:0c:55:3d:d8:7b:02:4b:6b:12:18:
14:0f:da:63
-----BEGIN CERTIFICATE-----
MIIDYjCCAkoCCQDSI/r38PQSgzANBgkqhkiG9w0BAQsFADBzMQswCQYDVQQGEwJK
UDEOMAwGA1UECAwFVG9reW8xEjAQBgNVBAcMCU1pbmF0by1LdTESMBAGA1UECgwJ
Um9vdCBJTkMuMRMwEQYDVQQLDApUZWNobm9sb2d5MRcwFQYDVQQDDA53d3cucm9v
dC5jby5qcDAeFw0xNjAzMDMwMjQ3MjZaFw0xNzAzMDMwMjQ3MjZaMHMxCzAJBgNV
BAYTAkpQMQ4wDAYDVQQIDAVUb2t5bzESMBAGA1UEBwwJTWluYXRvLUt1MRIwEAYD
VQQKDAlSb290IElOQy4xEzARBgNVBAsMClRlY2hub2xvZ3kxFzAVBgNVBAMMDnd3
dy5yb290LmNvLmpwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0SM
MIkkUyOi3RCHdz4GlDAafpY85nFBP9yE4h0nTGk+bh27PkDOpsDVa3OrYnANp7Jy
NE+AXAdQS41xFSOa5aHoLhP5qw3gCXWyoF4pYX6pAQV8nwH38G28HvslyXRr8qZs
kRNwvkvimCpSAcStZD4gJOcy9ewENKzIqjsgUEdPZSMkH79jsMmRE1O8SpYRnxuA
o6NjweJ172mQywfaRdhDGaCyrN3Vpmx9SRnBdLdhRPsMeWBmCT2mPZybspkhOeyn
s9KhgFCKJx1JLaefvHNxrbg6WyuBzwJS7w7bya6BlmtnK4DHilQ1+zG5JxUR4pLU
M9OKwSEG6Fpp3Qgp4QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBfTL2NIYuMq6ap
2P/MZApybBwZpB/cnVUgdJD+Db8W6wPSNrPCul3JTRLsq8WPhrvmKsQFrDHx4IxK
O7sWIAn+RuMxY3YCp4vnCn6VYyYblx26+Bc1OIUoVQd63gWw6vDDO5LWMRY9ZJYE
/xfuSzxnv6uXXi0rHeKgFsNRXuNj+3MYRSNhxQkamHgdFRLClcnpPRMvav4hGYe8
124tg3mhAWZEAVwNtGtZi0YkFaG93JbXNEFQc3uYrl/P9SZenSrmDajIO/aEUBq/
70YVP0cHy6YP7tV+J+byQw/Hq03yjBn+0GHEBfa4ULbCvNY3KQkKVgxVPdh7Aktr
EhgUD9pj
-----END CERTIFICATE-----
C:\sslroot>

※Issuer:CN=www.root.co.jp, Subject:CN=www.root.co.jp
となっていればOK。

◆サーバー証明書作成
※基本的にはルート証明書(1〜4)までと一緒(情報は変更)。
1.フォルダ作成
C:\sslserver

2.乱数シード作成
C:\sslserver>set > seed.tmp
C:\sslserver>openssl md5 > rand.dat
※途中で止まる場合はctrl+cで中止してOK

3.キー作成
C:\sslserver>openssl genrsa -rand rand.dat -des3 2048 > server_key.pem
Loading 'screen' into random state - done
0 semi-random bytes loaded
Generating RSA private key, 2048 bit long modulus
....................+++
.........+++
e is 65537 (0x10001)
Enter pass phrase:(キーのパスワード)
Verifying - Enter pass phrase:(キーのパスワード)
C:\sslserver>

4.CSR作成
C:\sslserver>openssl req -new -key server_key.pem -out server_csr.pem
Enter pass phrase for root_key.pem:(server_key.pemキーのパスワード)
Loading 'screen' into random state - done
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
----- 
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:Tokyo
Locality Name (eg, city) []:Shinjuku-Ku
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Server INC.
Organizational Unit Name (eg, section) []:Machine Room
Common Name (e.g. server FQDN or YOUR name) []:www.server.co.jp
Email Address []:(空欄でOK)

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:(空欄でOK)
An optional company name []:(空欄でOK)
C:\sslserver>

5.ファイル作成
C:\sslroot\root.srl
テキストで開き[01]と入力してEnter
保存

6.CRT作成
※sslrootパスにて作業
C:\sslroot>openssl x509 -CA root_ca.crt -CAkey root_key.pem -CAserial root.srl -req -in C:\sslserver\server_csr.pem -out C:\sslserver\server.crt -days 365
Loading 'screen' into random state - done
Signature ok
subject=/C=JP/ST=Tokyo/L=Shinjuku-Ku/O=Server INC./OU=Machine Room/CN=www.server.co.jp
Getting CA Private Key
Enter pass phrase for root_key.pem:(root_key.pemキーのパスワード)
C:\sslroot>

7.CRT確認
C:\sslserver>openssl x509 -text -in server.crt
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=JP, ST=Tokyo, L=Minato-Ku, O=Root INC., OU=Technology, CN=www.
root.co.jp
Validity
Not Before: Mar 3 03:05:33 2016 GMT
Not After : Mar 3 03:05:33 2017 GMT
Subject: C=JP, ST=Tokyo, L=Shinjuku-Ku, O=Server INC., OU=Machine Room,
CN=www.server.co.jp
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:dc:ef:22:b8:84:f8:2e:c3:cb:51:d2:5e:da:20:
13:62:b8:07:f9:23:ba:a8:51:58:b7:3e:76:3f:52:
10:18:20:7f:68:43:01:f3:86:e3:6c:39:32:28:22:
73:43:54:5e:00:a7:63:97:8e:9f:d4:d7:f3:24:c4:
0d:bc:f9:06:3f:26:a1:48:ae:fd:22:cc:4c:f4:9a:
f8:a1:5b:34:8a:39:6a:ee:88:5d:12:6a:8a:33:d2:
76:d0:ae:fc:d5:15:b2:f5:d2:38:f3:ac:0c:c9:b9:
66:a7:71:00:06:3b:8e:33:e6:48:db:ec:98:cc:b2:
a0:59:f5:63:a8:e0:56:dd:11:21:6f:68:4a:60:84:
52:4a:f6:5f:ac:78:14:dd:23:88:00:3e:7c:1f:0e:
2f:b1:7e:22:0a:ba:96:87:3b:2e:53:ef:04:45:c4:
29:63:60:89:ee:e2:7a:c1:1a:de:4e:66:f2:2f:90:
5d:c4:9a:ff:f2:9c:66:47:b9:6a:c2:ba:b3:ae:9b:
2b:b6:b4:9a:d0:67:28:24:74:6e:0c:66:36:64:03:
04:6d:d7:83:47:19:e3:87:4e:2e:59:db:92:d0:74:
eb:1e:e9:9d:96:9e:d3:8e:86:a7:d3:b3:43:68:d4:
07:b0:3f:a0:f9:eb:b7:40:29:9a:96:78:28:b5:b4:
86:21
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
7c:8f:3e:01:c5:5d:19:db:41:d6:f6:e7:c0:af:9e:d2:0b:bc:
9e:3a:28:48:21:11:87:f7:f6:0a:e1:39:67:91:74:95:d8:47:
ec:25:ab:18:95:ef:cf:a0:52:e9:4b:c1:ea:0f:88:a7:42:c4:
a4:4e:52:f1:ef:dd:7e:d9:f5:16:d0:fa:0c:32:99:30:56:05:
0c:e8:4d:22:c0:a1:20:02:62:08:7f:51:39:fa:27:53:1f:78:
51:48:b8:e3:25:ea:a3:a1:29:de:51:05:54:4c:6b:6c:c4:57:
4c:78:a3:8c:b3:b4:2e:0c:1c:23:0e:d9:06:fa:0f:bc:4c:13:
7f:24:63:de:39:40:cf:22:73:e3:e1:cc:40:b7:e2:5a:10:94:
76:eb:a7:5b:21:50:22:96:70:6d:fd:08:de:e9:b9:be:71:07:
5e:45:80:3a:1a:21:68:8a:be:2e:d9:86:dd:4d:c8:11:75:27:
a2:fa:9d:a8:5d:be:36:1e:d0:22:f6:fb:53:25:e8:07:6e:89:
ab:3c:1a:1b:d4:6c:f1:3b:ae:ca:c7:ae:e7:06:5d:5a:97:08:
0d:f5:84:0c:40:54:c6:2e:99:e0:9e:34:a9:05:3f:63:0c:5b:
3e:0d:1f:5b:7e:0e:0e:73:e7:d5:ed:58:6b:49:ce:94:2c:9e:
76:bd:b1:24
-----BEGIN CERTIFICATE-----
MIIDYjCCAkoCAQIwDQYJKoZIhvcNAQELBQAwczELMAkGA1UEBhMCSlAxDjAMBgNV
BAgMBVRva3lvMRIwEAYDVQQHDAlNaW5hdG8tS3UxEjAQBgNVBAoMCVJvb3QgSU5D
LjETMBEGA1UECwwKVGVjaG5vbG9neTEXMBUGA1UEAwwOd3d3LnJvb3QuY28uanAw
HhcNMTYwMzAzMDMwNTMzWhcNMTcwMzAzMDMwNTMzWjB7MQswCQYDVQQGEwJKUDEO
MAwGA1UECAwFVG9reW8xFDASBgNVBAcMC1NoaW5qdWt1LUt1MRQwEgYDVQQKDAtT
ZXJ2ZXIgSU5DLjEVMBMGA1UECwwMTWFjaGluZSBSb29tMRkwFwYDVQQDDBB3d3cu
c2VydmVyLmNvLmpwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3O8i
uIT4LsPLUdJe2iATYrgH+SO6qFFYtz52P1IQGCB/aEMB84bjbDkyKCJzQ1ReAKdj
l46f1NfzJMQNvPkGPyahSK79IsxM9Jr4oVs0ijlq7ohdEmqKM9J20K781RWy9dI4
86wMyblmp3EABjuOM+ZI2+yYzLKgWfVjqOBW3REhb2hKYIRSSvZfrHgU3SOIAD58
Hw4vsX4iCrqWhzsuU+8ERcQpY2CJ7uJ6wRreTmbyL5BdxJr/8pxmR7lqwrqzrpsr
trSa0GcoJHRuDGY2ZAMEbdeDRxnjh04uWduS0HTrHumdlp7Tjoan07NDaNQHsD+g
+eu3QCmalngotbSGIQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQB8jz4BxV0Z20HW
9ufAr57SC7yeOihIIRGH9/YK4TlnkXSV2EfsJasYle/PoFLpS8HqD4inQsSkTlLx
791+2fUW0PoMMpkwVgUM6E0iwKEgAmIIf1E5+idTH3hRSLjjJeqjoSneUQVUTGts
xFdMeKOMs7QuDBwjDtkG+g+8TBN/JGPeOUDPInPj4cxAt+JaEJR266dbIVAilnBt
/Qje6bm+cQdeRYA6GiFoir4u2YbdTcgRdSei+p2oXb42HtAi9vtTJegHbomrPBob
1GzxO67Kx67nBl1alwgN9YQMQFTGLpngnjSpBT9jDFs+DR9bfg4Oc+fV7VhrSc6U
LJ52vbEk
-----END CERTIFICATE-----
C:\sslserver>

※Issuer:CN=www.root.co.jp, Subject:CN=www.server.co.jp
となっていればOK。

◆証明書のインストール
オレオレ証明書インストール方法を参照。

以上!!







TOP OF THE NETWORK×NETWORK
NETWORK×NETWORK
posted by シスコ | Comment(0) | TrackBack(0) | 証明書 | このブログの読者になる | 更新情報をチェックする
この記事へのコメント
コメントを書く
お名前:

メールアドレス:

ホームページアドレス:

コメント:

この記事へのトラックバックURL
http://blog.seesaa.jp/tb/434517611

この記事へのトラックバック

ブログパーツ
login