秘密鍵の作成
openssl genrsa 2048 > server.keyGenerating RSA private key, 2048 bit long modulus .....+++ ........+++ e is 65537 (0x10001)
秘密鍵の中身は公開してはいけません。
署名リクエストの作成
openssl req -new -key server.key > server.csrYou are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []: Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
署名リクエストの中身。
-----BEGIN CERTIFICATE REQUEST-----
MIICijCCAXICAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAJkbdpoO0DJdpPrsYT+RenJlkEAfecqP0DY4FZBv
3Ejy0LefuhsBxf4BgP6HoGj0MHfSpzIx8/AvE8hzHGg8sdteOj1lgOb7ZzpPn+uX
uRn3XgligOMuqZQy1Zj9PIGSqkr8+ZkJrquVeRSb5VwV2RhPoy7KdR3v9x2vaZ2u
0yoZViEfSk7vzm8j+nmYhP65T1awBw59jRqFfk7MwcRlVhiB+Tm3WEVkzyokzoks
B0MFDX55ziBug5yf/TayaSRrfJscx/0MLFNlRupRyJClJJ3A/Fo+6eX4lLGXP5dB
Ve0nDGqniM14eVbVSH7iPcNCiJw5tdr8ASb+AZzoePd+cmcCAwEAAaAAMA0GCSqG
SIb3DQEBCwUAA4IBAQAhvUD04PLyp/3B1NkUbMMrMDo88YIvgWc2JOmUTNt0K1sw
M1MV/FAZk4NW0lAGqSfgRvI7aB+maigIuyRnkZ5f6MkPXKgvcN4/00EBTAdfDT5F
0xt0TFgYJC+Bvcs6kBtdyuEW5o4PQfkBX7ZK1LftvQDVIzAGNwtVkd33inhnURzA
hnT/uSDu45AXHGfkJMUWnklxbRLMhxQHopKtyXWRcDicBLtXlzk0mrlMavClm6Wj
Zm0kV3G2Ek8+CjRwP1daMNO5MhdS3AfrcyfgMdgo6ZQEH8x4kkQjIK+4uBKF02KM
wwyP4hBkREPzySwgs8eAKOeyRsbRUsBEuEHRWWIL
-----END CERTIFICATE REQUEST-----証明書の作成
openssl x509 -days 3650 -req -signkey server.key < server.csr > server.crtSignature ok subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd Getting Private key
証明書の中身
-----BEGIN CERTIFICATE-----
MIIDBjCCAe4CCQDm+GqMB252ezANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJB
VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
cyBQdHkgTHRkMB4XDTE3MDEyNDA0NDExOFoXDTI3MDEyMjA0NDExOFowRTELMAkG
A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0
IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AJkbdpoO0DJdpPrsYT+RenJlkEAfecqP0DY4FZBv3Ejy0LefuhsBxf4BgP6HoGj0
MHfSpzIx8/AvE8hzHGg8sdteOj1lgOb7ZzpPn+uXuRn3XgligOMuqZQy1Zj9PIGS
qkr8+ZkJrquVeRSb5VwV2RhPoy7KdR3v9x2vaZ2u0yoZViEfSk7vzm8j+nmYhP65
T1awBw59jRqFfk7MwcRlVhiB+Tm3WEVkzyokzoksB0MFDX55ziBug5yf/TayaSRr
fJscx/0MLFNlRupRyJClJJ3A/Fo+6eX4lLGXP5dBVe0nDGqniM14eVbVSH7iPcNC
iJw5tdr8ASb+AZzoePd+cmcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAE9dGX4zL
FrDsyTNtmh8lyG48Bk9AZQ8muWE2ve7l6GhrCETQQdYp0O5ZY2P1oQ9hYsXj3Pwo
R5f/wrRxInVZoSzYvLYPl1j+p3HzLd6hGeZt7cWt7Zfuf96jMOkbs8d/sqCZYkc6
Mgzt04jRhKykabJetFWSW/eqdzsMVvixL/TsxWp2SNGQKS8Y7gjFz/vwROXk9bCN
MtOg/cQQGUacZODvN/5/ojJ5sOpVUMKjbw5tJv43rjkROAM26JJXMOJHGZtCKGQk
V5uvD41bGIKsJOygvV3DDWIZ4LMDEF55gib6O/IwHpUxFm2dSJTr6j8hGduXvgG0
tJof2bfVcf32mg==
-----END CERTIFICATE-----