オレオレ自己証明書の作成(サーバー編)
1年有効のサーバー証明書を作成する、サンプルスクリプト。
自分用のメモなので、[server_dn][server_reqext][alt_names]内の名称等は変更してください。
最後のほうは、XAMPPを使用していたのでキーをコピーしてサービスを再起動している
#!/bin/bash if [[ `whoami` != "root" ]] then echo "rootユーザで実行してください。" exit 1 fi cat>conf/Server.cnf<<'EOF' [ req ] default_bits = 2048 default_md = sha256 encrypt_key = no utf8 = yes string_mask = utf8only prompt = no distinguished_name = server_dn req_extensions = server_reqext [ server_dn ] countryName = JP stateOrProvinceName = ** 都道府県** localityName = ** 市区町村** 0.organizationName = ** 会社・個人等 ** commonName = ** サーバー名 ahoaho.local ** [ server_reqext ] keyUsage = digitalSignature,keyEncipherment,nonRepudiation extendedKeyUsage = codeSigning, serverAuth, clientAuth subjectKeyIdentifier = hash certificatePolicies = 2.23.140.1.2.2 subjectAltName = @alt_names [alt_names] DNS.1 = ** サーバー名 ahoaho.local ** EOF cat>conf/SignCA.cnf<<'EOF' [ ca ] default_ca = signCA [ signCA ] dir = ./RootCA certs = $dir/certs crl_dir = $dir/crl database = $dir/index.txt new_certs_dir = $dir/newcerts #certificate = $dir/certs/RootCA.csr certificate = $dir/../RootCA.crt serial = $dir/serial crlnumber = $dir/crlnumber crl = $dir/crl/RootCA.crl private_key = $dir/private/RootCA.key unique_subject = no default_md = sha256 policy = any_pol email_in_dn = no copy_extensions = copy [ any_pol ] domainComponent = optional countryName = optional stateOrProvinceName = optional localityName = optional organizationName = optional organizationalUnitName = optional commonName = optional emailAddress = optional [ leaf_ext ] keyUsage = digitalSignature,keyEncipherment basicConstraints = CA:false extendedKeyUsage = serverAuth,clientAuth subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always [ ca_ext ] keyUsage = critical,keyCertSign,cRLSign basicConstraints = critical,CA:true,pathlen:0 subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always EOF openssl req -new -config conf/Server.cnf -out Server.csr -keyout Server.key openssl ca -config conf/SignCA.cnf -days 365 -create_serial -in Server.csr -out Server.crt -extensions leaf_ext -notext ## xampp apache folder ssl copy cp ./Server.crt /opt/lampp/etc/ssl.crt/server.crt cp ./Server.key /opt/lampp/etc/ssl.key/server.key ## xampp apache restart /opt/lampp/lampp restart