最近は、無料のSSL証明書が増えてきたねー
WoSign(なんて読むんだ?!)ってのを、ちょっと試してみようと思って
ついでにCSRの作成手順もメモメモ
■環境
Apache 2.4.16
OpenSSL 1.0.1
mod_ssl
// 秘密鍵を生成 ※passwordを聞かれるので、確認用と2回入力 # openssl genrsa -des3 -out server.key 2048 Generating RSA private key, 2048 bit long modulus ....................................+++ ...............................................................................................................................................................................................+++ e is 65537 (0x10001) Enter pass phrase for server.key: Verifying - Enter pass phrase for server.key: // CSRを作成 # openssl req -new -sha256 -key server.key -out server.csr Enter pass phrase for server.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:JP ← 国 State or Province Name (full name) []:Tokyo ← 都道府県 Locality Name (eg, city) [Default City]:Shibuya-ku ← 市区町村 Organization Name (eg, company) [Default Company Ltd]: ← 組織の名称 Organizational Unit Name (eg, section) []: ← 組織での部署名 Common Name (eg, your name or your server's hostname) []: ← FQDN Email Address []: ← メール Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
そう、たったこれだけっす!
あと、apacheの再起動時とかに怒られるので
秘密鍵のpassword解除方法
// 秘密鍵をリネーム # mv server.key server.key.bk // パスワード解除 # openssl rsa -in server.key.bk -out server.key Enter pass phrase for server.key.bk: writing RSA key
コメント