{"id":116,"date":"2017-12-30T20:35:05","date_gmt":"2017-12-30T11:35:05","guid":{"rendered":"https:\/\/lab4ict.com\/system\/?p=116"},"modified":"2021-03-22T03:25:18","modified_gmt":"2021-03-21T18:25:18","slug":"%e8%aa%8d%e8%a8%bc%e5%b1%80%e3%81%ae%e6%a7%8b%e7%af%89%e3%81%a8%e9%9b%bb%e5%ad%90%e8%a8%bc%e6%98%8e%e6%9b%b8%e3%81%ae%e7%99%ba%e8%a1%8c%ef%bc%88openssl%ef%bc%89","status":"publish","type":"post","link":"https:\/\/lab4ict.com\/system\/archives\/116","title":{"rendered":"\u8a8d\u8a3c\u5c40\u306e\u69cb\u7bc9\u3057\u3066\u96fb\u5b50\u8a3c\u660e\u66f8\u3092\u767a\u884c\u3059\u308b\uff01\uff08OpenSSL\uff09"},"content":{"rendered":"

OpenSSL\u3092\u4f7f\u7528\u3057\u3066\u8a8d\u8a3c\u5c40\uff08CA\uff09\u3092\u69cb\u7bc9\u3057\u307e\u3059\u3002\u672c\u7a3f\u3067\u306f\u3001\u30eb\u30fc\u30c8\u306e\u8a8d\u8a3c\u5c40\u914d\u4e0b\u306b\u3001\u767a\u884c\u3059\u308b\u8a3c\u660e\u66f8\u306e\u7a2e\u985e\u3054\u3068\u306b\u4e2d\u9593\u306e\u8a8d\u8a3c\u5c40\u3092\u8a2d\u7f6e\u3057\u307e\u3059\u3002\u4e2d\u9593\u306e\u8a8d\u8a3c\u5c40\u3068\u3057\u3066\u306f\u3001\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u3001S\/MIME\u8a3c\u660e\u66f8\u3001\u30b3\u30fc\u30c9\u30b5\u30a4\u30cb\u30f3\u30b0\u8a3c\u660e\u66f8\u767a\u884c\u7528\u306e\u8a8d\u8a3c\u5c40\u3092\u8a2d\u3051\u307e\u3059\u3002
\n<\/p>\n

\u8a8d\u8a3c\u5c40\u304c\u767a\u884c\u3059\u308b\u8a3c\u660e\u66f8\u306e\u4ed5\u69d8<\/h2>\n

\u8a8d\u8a3c\u5c40\u304c\u767a\u884c\u3059\u308b\u8a3c\u660e\u66f8\u306e\u4ed5\u69d8\u3092\u8a18\u8f09\u3057\u307e\u3059\u3002<\/p>\n

\u30eb\u30fc\u30c8\u8a3c\u660e\u66f8<\/h3>\n

\u30eb\u30fc\u30c8\u306e\u8a8d\u8a3c\u5c40\u306e\u8a3c\u660e\u66f8\u306e\u4f5c\u6210\u60c5\u5831\uff08\u4f8b\uff09\u3067\u3059\u3002<\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n
\u9805\u76ee<\/th>\n\u5024<\/th>\n<\/tr>\n
\u6709\u52b9\u671f\u9593\uff08\u65e5\uff09<\/td>\n6935<\/td>\n<\/tr>\n
\u9375\u9577\uff08bit\uff09<\/td>\n2048<\/td>\n<\/tr>\n
\u30cf\u30c3\u30b7\u30e5\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0<\/td>\nSHA-256<\/td>\n<\/tr>\n
C<\/td>\nJP<\/td>\n<\/tr>\n
ST<\/td>\n<\/td>\n<\/tr>\n
L<\/td>\n<\/td>\n<\/tr>\n
O<\/td>\nLaboratory for Personal ICT<\/td>\n<\/tr>\n
OU<\/td>\nCertificate Authority<\/td>\n<\/tr>\n
CN<\/td>\nLaboratory for Personal ICT CA Root \u2013 AA1<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8<\/h3>\n

\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u306e\u4f5c\u6210\u60c5\u5831\u306e\u4f8b\u3092\u8a18\u8f09\u3057\u307e\u3059\u3002<\/p>\n

\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u7528\u306e\u4e2d\u9593\u8a3c\u660e\u66f8\u306e\u4f5c\u6210\u60c5\u5831<\/h4>\n

\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u7528\u306e\u4e2d\u9593\u8a3c\u660e\u66f8\u306e\u4f5c\u6210\u60c5\u5831\uff08\u4f8b\uff09\u3067\u3059\u3002<\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n
\u9805\u76ee<\/th>\n\u5024<\/th>\n<\/tr>\n
\u6709\u52b9\u671f\u9593\uff08\u65e5\uff09<\/td>\n3650<\/td>\n<\/tr>\n
\u9375\u9577\uff08bit\uff09<\/td>\n2048<\/td>\n<\/tr>\n
\u30cf\u30c3\u30b7\u30e5\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0<\/td>\nSHA-256<\/td>\n<\/tr>\n
C<\/td>\nJP<\/td>\n<\/tr>\n
ST<\/td>\n<\/td>\n<\/tr>\n
L<\/td>\n<\/td>\n<\/tr>\n
O<\/td>\nLaboratory for Personal ICT<\/td>\n<\/tr>\n
OU<\/td>\nCertificate Authority<\/td>\n<\/tr>\n
CN<\/td>\nLaboratory for Personal ICT CA \u2013 SE1<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u306e\u767a\u884c\u60c5\u5831<\/h4>\n

\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u306e\u767a\u884c\u60c5\u5831\uff08\u4f8b\uff09\u3067\u3059\u3002Laboratory for Personal ICT\/Laboratory One\u3067\u69cb\u7bc9\u3057\u305f\u30b5\u30fc\u30d0\u3084\u958b\u767a\u3057\u305f\u30b7\u30b9\u30c6\u30e0\u3067\u4f7f\u7528\u3059\u308b\u30a4\u30e1\u30fc\u30b8\u306b\u306a\u308a\u307e\u3059\u3002\u516c\u958b\u7528\u306eWeb\u30b5\u30fc\u30d0\u3067\u306f\u3001\u30d1\u30d6\u30ea\u30c3\u30af\u8a8d\u8a3c\u5c40\u3067\u7f72\u540d\u3055\u308c\u305f\u8a3c\u660e\u66f8\u3092\u4f7f\u7528\u3057\u307e\u3059\u304c\u3001\u30d1\u30d6\u30ea\u30c3\u30af\u8a8d\u8a3c\u5c40\u3067\u306e\u7f72\u540d\u3092\u5fc5\u8981\u3068\u3057\u306a\u3044\u3001\u7d44\u7e54\u5185\u3067\u306e\u6697\u53f7\u5316\u901a\u4fe1\u3084\u3001POPS\/IMAPS\u30b5\u30fc\u30d0\u3001\u88fd\u54c1\u306e\u7ba1\u7406\u30b3\u30f3\u30bd\u30fc\u30eb\u306e\u6697\u53f7\u5316\u306a\u3069\u306b\u4f7f\u7528\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n
\u9805\u76ee<\/th>\n\u5024<\/th>\n<\/tr>\n
\u6709\u52b9\u671f\u9593\uff08\u65e5\uff09<\/td>\n365<\/td>\n<\/tr>\n
\u9375\u9577\uff08bit\uff09<\/td>\n2048<\/td>\n<\/tr>\n
\u30cf\u30c3\u30b7\u30e5\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0<\/td>\nSHA-256<\/td>\n<\/tr>\n
C<\/td>\nJP<\/td>\n<\/tr>\n
ST<\/td>\nGalaxy<\/td>\n<\/tr>\n
L<\/td>\nEarth<\/td>\n<\/tr>\n
O<\/td>\nLaboratory for Personal ICT<\/td>\n<\/tr>\n
OU<\/td>\nLaboratory One<\/td>\n<\/tr>\n
CN<\/td>\nlab4ict.com<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8<\/h3>\n

\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u306e\u4f5c\u6210\u60c5\u5831\u306e\u4f8b\u3092\u8a18\u8f09\u3057\u307e\u3059\u3002<\/p>\n

\u30af\u30e9\u30a4\u30a2\u30f3\u8a3c\u660e\u66f8\u7528\u306e\u4e2d\u9593\u8a3c\u660e\u66f8\u306e\u4f5c\u6210\u60c5\u5831<\/h4>\n

\u30af\u30e9\u30a4\u30a2\u30f3\u8a3c\u660e\u66f8\u7528\u306e\u4e2d\u9593\u8a3c\u660e\u66f8\u306e\u4f5c\u6210\u60c5\u5831\uff08\u4f8b\uff09\u3067\u3059\u3002<\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n
\u9805\u76ee<\/th>\n\u5024<\/th>\n<\/tr>\n
\u6709\u52b9\u671f\u9593\uff08\u65e5\uff09<\/td>\n3650<\/td>\n<\/tr>\n
\u9375\u9577\uff08bit\uff09<\/td>\n2048<\/td>\n<\/tr>\n
\u30cf\u30c3\u30b7\u30e5\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0<\/td>\nSHA-256<\/td>\n<\/tr>\n
C<\/td>\nJP<\/td>\n<\/tr>\n
ST<\/td>\n<\/td>\n<\/tr>\n
L<\/td>\n<\/td>\n<\/tr>\n
O<\/td>\nLaboratory for Personal ICT<\/td>\n<\/tr>\n
OU<\/td>\nCertificate Authority<\/td>\n<\/tr>\n
CN<\/td>\nLaboratory for Personal ICT CA \u2013 CL1<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u306e\u767a\u884c\u60c5\u5831<\/h4>\n

\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u306e\u767a\u884c\u60c5\u5831\uff08\u4f8b\uff09\u3067\u3059\u3002\u516c\u958b\u7528\u306eWeb\u30b5\u30a4\u30c8\u3078\u306e\u30a2\u30af\u30bb\u30b9\u5236\u5fa1\u306b\u4f7f\u7528\u3059\u308b\u3068\u52b9\u679c\u7684\u3067\u3059\u3002Web\u30b5\u30a4\u30c8\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u30e6\u30fc\u30b6\u3054\u3068\u306b\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u3092\u767a\u884c\u3057\u307e\u3059\u3002<\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n
\u9805\u76ee<\/th>\n\u5024<\/th>\n<\/tr>\n
\u6709\u52b9\u671f\u9593\uff08\u65e5\uff09<\/td>\n365<\/td>\n<\/tr>\n
\u9375\u9577\uff08bit\uff09<\/td>\n2048<\/td>\n<\/tr>\n
\u30cf\u30c3\u30b7\u30e5\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0<\/td>\nSHA-256<\/td>\n<\/tr>\n
C<\/td>\nJP<\/td>\n<\/tr>\n
ST<\/td>\nGalaxy<\/td>\n<\/tr>\n
L<\/td>\nEarth<\/td>\n<\/tr>\n
O<\/td>\nLaboratory for Personal ICT<\/td>\n<\/tr>\n
OU<\/td>\nLaboratory One<\/td>\n<\/tr>\n
CN<\/td>\nSite User-001<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

S\/MIME\u8a3c\u660e\u66f8<\/h3>\n

S\/MIME\u7528\u306e\u8a3c\u660e\u66f8\u306e\u4f5c\u6210\u60c5\u5831\u306e\u4f8b\u3092\u8a18\u8f09\u3057\u307e\u3059\u3002<\/p>\n

S\/MIME\u7528\u306e\u4e2d\u9593\u8a3c\u660e\u66f8\u306e\u767a\u884c\u60c5\u5831<\/h4>\n

S\/MIME\u7528\u306e\u4e2d\u9593\u8a3c\u660e\u66f8\u306e\u767a\u884c\u60c5\u5831\uff08\u4f8b\uff09\u3067\u3059\u3002<\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n
\u9805\u76ee<\/th>\n\u5024<\/th>\n<\/tr>\n
\u6709\u52b9\u671f\u9593\uff08\u65e5\uff09<\/td>\n3650<\/td>\n<\/tr>\n
\u9375\u9577\uff08bit\uff09<\/td>\n2048<\/td>\n<\/tr>\n
\u30cf\u30c3\u30b7\u30e5\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0<\/td>\nSHA-256<\/td>\n<\/tr>\n
C<\/td>\nJP<\/td>\n<\/tr>\n
ST<\/td>\n<\/td>\n<\/tr>\n
L<\/td>\n<\/td>\n<\/tr>\n
O<\/td>\nLaboratory for Personal ICT<\/td>\n<\/tr>\n
OU<\/td>\nCertificate Authority<\/td>\n<\/tr>\n
CN<\/td>\nLaboratory for Personal ICT CA \u2013 EM1<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

S\/MIME\u7528\u306e\u8a3c\u660e\u66f8\u306e\u767a\u884c\u60c5\u5831<\/h4>\n

S\/MIME\u7528\u306e\u8a3c\u660e\u66f8\u306e\u767a\u884c\u60c5\u5831\uff08\u4f8b\uff09\u3067\u3059\u3002\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u9593\u3067\u4e0d\u7279\u5b9a\u591a\u6570\u306e\u95a2\u4fc2\u8005\u3068\u6697\u53f7\u5316\u30e1\u30fc\u30eb\u3092\u3084\u96fb\u5b50\u7f72\u540d\u3092\u5229\u7528\u3059\u308b\u5834\u5408\u306f\u3001\u30d1\u30d6\u30ea\u30c3\u30af\u8a8d\u8a3c\u5c40\u3067\u306e\u7f72\u540d\u3092\u3057\u305f\u8a3c\u660e\u66f8\u304c\u5fc5\u8981\u306b\u306a\u308a\u307e\u3059\u304c\u3001\u8a8d\u8a3c\u5c40\u306e\u8a3c\u660e\u66f8\u3092\u914d\u5e03\u53ef\u80fd\u306a\u7d44\u7e54\u9593\u3084\u30b7\u30b9\u30c6\u30e0\u9593\u3067\u306e\u60c5\u5831\u9023\u643a\u3067\u30e1\u30fc\u30eb\u3092\u4f7f\u7528\u3059\u308b\u5834\u5408\u306b\u4f7f\u7528\u53ef\u80fd\u306a\u5834\u9762\u304c\u3042\u308b\u304b\u3082\u3057\u308c\u307e\u305b\u3093\u3002\u76ee\u7684\u306b\u5408\u308f\u305b\u3066\u3001\u30e6\u30fc\u30b6\u3054\u3068\u3042\u308b\u3044\u306f\u30b7\u30b9\u30c6\u30e0\u3054\u3068\u306b\u8a3c\u660e\u66f8\u3092\u767a\u884c\u3057\u307e\u3059\u3002<\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n\n
\u9805\u76ee<\/th>\n\u5024<\/th>\n<\/tr>\n
\u6709\u52b9\u671f\u9593\uff08\u65e5\uff09<\/td>\n365<\/td>\n<\/tr>\n
\u9375\u9577\uff08bit\uff09<\/td>\n2048<\/td>\n<\/tr>\n
\u30cf\u30c3\u30b7\u30e5\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0<\/td>\nSHA-256<\/td>\n<\/tr>\n
C<\/td>\nJP<\/td>\n<\/tr>\n
ST<\/td>\nGalaxy<\/td>\n<\/tr>\n
L<\/td>\nEarth<\/td>\n<\/tr>\n
O<\/td>\nLaboratory for Personal ICT<\/td>\n<\/tr>\n
OU<\/td>\nLaboratory One<\/td>\n<\/tr>\n
CN<\/td>\nSite User-001<\/td>\n<\/tr>\n
E<\/td>\nuser001@lab4ict.com<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

\u30b3\u30fc\u30c9\u30b5\u30a4\u30cb\u30f3\u30b0\u8a3c\u660e\u66f8<\/h3>\n

\u30b3\u30fc\u30c9\u30b5\u30a4\u30cb\u30f3\u30b0\u7528\u306e\u8a3c\u660e\u66f8\u306e\u4f5c\u6210\u60c5\u5831\u306e\u4f8b\u3092\u8a18\u8f09\u3057\u307e\u3059\u3002<\/p>\n

\u30b3\u30fc\u30c9\u30b5\u30a4\u30cb\u30f3\u30b0\u7528\u306e\u4e2d\u9593\u8a3c\u660e\u66f8\u306e\u4f5c\u6210\u60c5\u5831<\/h4>\n

\u30b3\u30fc\u30c9\u30b5\u30a4\u30cb\u30f3\u30b0\u7528\u306e\u4e2d\u9593\u8a3c\u660e\u66f8\u306e\u4f5c\u6210\u60c5\u5831\uff08\u4f8b\uff09\u3067\u3059\u3002<\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n
\u9805\u76ee<\/th>\n\u5024<\/th>\n<\/tr>\n
\u6709\u52b9\u671f\u9593\uff08\u65e5\uff09<\/td>\n3650<\/td>\n<\/tr>\n
\u9375\u9577\uff08bit\uff09<\/td>\n2048<\/td>\n<\/tr>\n
\u30cf\u30c3\u30b7\u30e5\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0<\/td>\nSHA-256<\/td>\n<\/tr>\n
C<\/td>\nJP<\/td>\n<\/tr>\n
ST<\/td>\n<\/td>\n<\/tr>\n
L<\/td>\n<\/td>\n<\/tr>\n
O<\/td>\nLaboratory for Personal ICT<\/td>\n<\/tr>\n
OU<\/td>\nCertificate Authority<\/td>\n<\/tr>\n
CN<\/td>\nLaboratory for Personal ICT CA \u2013 OB1<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

\u30b3\u30fc\u30c9\u30b5\u30a4\u30cb\u30f3\u30b0\u7528\u306e\u8a3c\u660e\u66f8\u306e\u767a\u884c\u60c5\u5831<\/h4>\n

\u30b3\u30fc\u30c9\u30b5\u30a4\u30cb\u30f3\u30b0\u7528\u306e\u8a3c\u660e\u66f8\u306e\u767a\u884c\u60c5\u5831\uff08\u4f8b\uff09\u3067\u3059\u3002\u30d7\u30ed\u30b0\u30e9\u30e0\u30b3\u30fc\u30c9\u4f5c\u6210\u8005\u3092\u793a\u3057\u307e\u3059\u3002\u30ea\u30e2\u30fc\u30c8\u958b\u767a\u3092\u3057\u3066\u3044\u308b\u5834\u5408\u306a\u3069\u3001\u7d44\u7e54\u5185\u3067\u306e\u4f7f\u7528\u65b9\u6cd5\u304c\u3042\u308b\u304b\u3082\u3057\u308c\u307e\u305b\u3093\u3002<\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n
\u9805\u76ee<\/th>\n\u5024<\/th>\n<\/tr>\n
\u6709\u52b9\u671f\u9593\uff08\u65e5\uff09<\/td>\n365<\/td>\n<\/tr>\n
\u9375\u9577\uff08bit\uff09<\/td>\n2048<\/td>\n<\/tr>\n
\u30cf\u30c3\u30b7\u30e5\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0<\/td>\nSHA-256<\/td>\n<\/tr>\n
C<\/td>\nJP<\/td>\n<\/tr>\n
ST<\/td>\nGalaxy<\/td>\n<\/tr>\n
L<\/td>\nEarth<\/td>\n<\/tr>\n
O<\/td>\nLaboratory for Personal ICT<\/td>\n<\/tr>\n
OU<\/td>\nLaboratory One<\/td>\n<\/tr>\n
CN<\/td>\nSite User-001<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

\u8a8d\u8a3c\u5c40\u69cb\u7bc9\u3068\u8a3c\u660e\u66f8\u767a\u884c\u306e\u6e96\u5099<\/h2>\n

\u8a8d\u8a3c\u5c40\u7528\u306e\u30e6\u30fc\u30b6\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n

\r\nsudo addgroup casystem\r\nsudo adduser --ingroup casystem casystem\r\nsudo gpasswd -a casystem sudo\r\nsu - casystem\r\n<\/pre>\n
\u5404\u8a8d\u8a3c\u5c40\u7528\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u672c\u7a3f\u3067\u306f\u3001\u5404\u8a8d\u8a3c\u5c40\u3092\u3059\u3079\u3066\u540c\u4e00\u30de\u30b7\u30f3\u4e0a\u306b\u69cb\u7bc9\u3057\u3066\u3044\u307e\u3059\u304c\u3001\u8a8d\u8a3c\u5c40\u6bce\u306b\u5206\u3051\u308b\u3053\u3068\u3082\u3067\u304d\u307e\u3059\u3002\u305d\u306e\u5834\u5408\u306f\u3001\u30eb\u30fc\u30c8\u8a8d\u8a3c\u5c40\u3068\u5404\u7a2e\u8a3c\u660e\u66f8\u767a\u884c\u7528\u306e\u8a8d\u8a3c\u5c40\u3068\u306e\u9593\u3067\u3001\u300cCSR\u300d\u3068\u300c\u30eb\u30fc\u30c8\u306e\u8a8d\u8a3c\u5c40\u3067\u7f72\u540d\u3057\u305f\u4e2d\u9593\u8a3c\u660e\u66f8\u300d\u306e\u53d7\u3051\u6e21\u3057\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n
\r\ncd \/home\/casystem\r\nmkdir .\/CA\r\nmkdir .\/CA\/CA-AA1\r\nmkdir .\/CA\/CA-SE1\r\nmkdir .\/CA\/CA-CL1\r\nmkdir .\/CA\/CA-EM1\r\nmkdir .\/CA\/CA-OB1\r\n<\/pre>\n
\u5404\u8a3c\u660e\u66f8\u306eCSR\u3001\u79d8\u5bc6\u9375\u3001\u8a8d\u8a3c\u5c40\u3067\u7f72\u540d\u6e08\u307f\u306e\u8a3c\u660e\u66f8\u3092\u4fdd\u7ba1\u3059\u308b\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u672c\u7a3f\u3067\u306f\u3001\u5404\u8a3c\u660e\u66f8\u306eCSR\u4f5c\u6210\u3068\u8a8d\u8a3c\u5c40\u306b\u3088\u308b\u7f72\u540d\u3092\u540c\u3058\u30de\u30b7\u30f3\u4e0a\u3067\u884c\u3063\u3066\u3044\u307e\u3059\u304c\u3001\u5225\u306a\u30de\u30b7\u30f3\u3068\u3059\u308b\u30b1\u30fc\u30b9\u3082\u3042\u308a\u307e\u3059\u3002\u305d\u306e\u5834\u5408\u306f\u3001\u8a3c\u660e\u66f8\u306e\u767a\u884c\u3092\u4f9d\u983c\u3059\u308b\u5074\u3068\u8a8d\u8a3c\u5c40\u3068\u306e\u9593\u3067\u3001\u300cCSR\u300d\u3068\u300c\u8a8d\u8a3c\u5c40\u3067\u7f72\u540d\u3057\u305f\u8a3c\u660e\u66f8\u300d\u306e\u53d7\u3051\u6e21\u3057\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n
\r\nmkdir .\/CA\/cert-SE1\r\nmkdir .\/CA\/cert-CL1\r\nmkdir .\/CA\/cert-EM1\r\nmkdir .\/CA\/cert-OB1\r\n<\/pre>\n
\u30eb\u30fc\u30c8\u8a8d\u8a3c\u5c40\u306e\u69cb\u7bc9\u3068\u30eb\u30fc\u30c8\u8a3c\u660e\u66f8\u306e\u767a\u884c<\/h2>\n
\u30eb\u30fc\u30c8\u8a8d\u8a3c\u5c40\u7528\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n
\r\ncd \/home\/casystem\/CA\/CA-AA1\r\nmkdir .\/certs\r\nmkdir .\/private\r\nmkdir .\/crl\r\nmkdir .\/newcerts\r\nchmod 700 .\/private\r\necho "01" > .\/serial\r\ntouch .\/index.txt\r\n<\/pre>\n
OpenSSL\u306e\u30aa\u30ea\u30b8\u30ca\u30eb\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u30b3\u30d4\u30fc\u3057\u3066\u3001\u30eb\u30fc\u30c8\u8a3c\u660e\u66f8\u767a\u884c\u7528\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u78ba\u8a8d\u304a\u3088\u3073\u5909\u66f4\u304c\u5fc5\u8981\u306a\u8a2d\u5b9a\u306e\u307f\u8a18\u8f09\u3057\u307e\u3059\u3002<\/p>\n
\r\nsudo cp \/etc\/ssl\/openssl.cnf \/etc\/ssl\/openssl-req-CA-AA1.cnf\r\nsudo vi \/etc\/ssl\/openssl-req-CA-AA1.cnf\r\n\r\n[ CA_default ]\r\ndir             = \/home\/casystem\/CA\/CA-AA1\r\nx509_extensions = v3_ca\r\n\r\ndefault_days    = 6935\r\ndefault_bits    = 2048\r\ndefault_md      = sha256\r\n\r\npolicy          = policy_anything\r\n\r\n[ req ]\r\ndefault_bits            = 2048\r\ndefault_md              = sha256\r\nreq_extensions = v3_req # The extensions to add to a certificate request\r\n\r\n[ req_distinguished_name ]\r\ncountryName_default             = JP\r\n0.organizationName_default      = Laboratory for Personal ICT\r\norganizationalUnitName_default  = Certificate Authority\r\ncommonName_default              = Laboratory for Personal ICT CA Root - AA1\r\n\r\n[ v3_req ]\r\nbasicConstraints = CA:TRUE\r\n<\/pre>\n
\u81ea\u5df1\u7f72\u540d\u306b\u3088\u308b\u7f72\u540d\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n
\r\nopenssl req -new -x509 -newkey rsa:2048 -out .\/cacert.pem -keyout .\/private\/cakey.pem -config \/etc\/ssl\/openssl-req-CA-AA1.cnf\r\n<\/pre>\n
\u8a3c\u660e\u66f8\u306e\u5185\u5bb9\u3092\u8868\u793a\u3057\u307e\u3059\u3002<\/p>\n
\r\nopenssl x509 -noout -in .\/cacert.pem -text\r\n<\/pre>\n
DER\u5f62\u5f0f\u306b\u5909\u63db\u3057\u307e\u3059\u3002<\/p>\n
\r\nopenssl x509 -inform PEM -outform DER -in .\/cacert.pem -out .\/cacert.der\r\n<\/pre>\n
\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u7528\u306e\u8a8d\u8a3c\u5c40\u306e\u69cb\u7bc9\u3068\u8a3c\u660e\u66f8\u306e\u767a\u884c<\/h2>\n
\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u7528\u306e\u8a8d\u8a3c\u5c40\u306e\u69cb\u7bc9\u3057\u3001\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u3092\u767a\u884c\u3057\u307e\u3059\u3002<\/p>\n
\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u7528\u306e\u4e2d\u9593\u8a3c\u660e\u66f8\u306e\u767a\u884c<\/h3>\n
\u8a8d\u8a3c\u5c40\u7528\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n
\r\ncd \/home\/casystem\/CA\/CA-SE1\r\nmkdir .\/certs\r\nmkdir .\/private\r\nmkdir .\/crl\r\nmkdir .\/newcerts\r\nchmod 700 .\/private\r\necho "01" > .\/serial\r\ntouch .\/index.txt\r\n<\/pre>\n
OpenSSL\u306e\u30aa\u30ea\u30b8\u30ca\u30eb\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u30b3\u30d4\u30fc\u3057\u3066\u3001\u4e2d\u9593\u8a3c\u660e\u66f8\u306eCSR\u4f5c\u6210\u7528\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u78ba\u8a8d\u304a\u3088\u3073\u5909\u66f4\u304c\u5fc5\u8981\u306a\u8a2d\u5b9a\u306e\u307f\u8a18\u8f09\u3057\u307e\u3059\u3002<\/p>\n
\r\nsudo cp \/etc\/ssl\/openssl.cnf \/etc\/ssl\/openssl-req-CA-SE1.cnf\r\nsudo vi \/etc\/ssl\/openssl-req-CA-SE1.cnf\r\n\r\n[ CA_default ]\r\ndir             = \/home\/casystem\/CA\/CA-SE1\r\n\r\n[ req ]\r\ndefault_bits            = 2048\r\ndefault_md              = sha256\r\nreq_extensions = v3_req # The extensions to add to a certificate request\r\n\r\n[ req_distinguished_name ]\r\ncountryName_default             = JP\r\n0.organizationName_default      = Laboratory for Personal ICT\r\norganizationalUnitName_default  = Certificate Authority\r\ncommonName_default              = Laboratory for Personal ICT CA - SE1\r\n\r\n[ v3_req ]\r\nbasicConstraints = CA:TRUE\r\n<\/pre>\n
CSR\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n
\r\nopenssl req -new -newkey rsa:2048 -out .\/cacert_req.pem -keyout .\/private\/cakey.pem -config \/etc\/ssl\/openssl-req-CA-SE1.cnf\r\n<\/pre>\n
CSR\u306e\u5185\u5bb9\u3092\u8868\u793a\u3057\u307e\u3059\u3002<\/p>\n
\r\nopenssl req -noout -in .\/cacert_req.pem -text\r\n<\/pre>\n
OpenSSL\u306e\u30aa\u30ea\u30b8\u30ca\u30eb\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u30b3\u30d4\u30fc\u3057\u3066\u3001\u30eb\u30fc\u30c8\u8a3c\u660e\u66f8\u306b\u3088\u308b\u7f72\u540d\u7528\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u78ba\u8a8d\u304a\u3088\u3073\u5909\u66f4\u304c\u5fc5\u8981\u306a\u8a2d\u5b9a\u306e\u307f\u8a18\u8f09\u3057\u307e\u3059\u3002<\/p>\n
\r\nsudo cp \/etc\/ssl\/openssl.cnf \/etc\/ssl\/openssl-CA-AA1-SE1.cnf\r\nsudo vi \/etc\/ssl\/openssl-CA-AA1-SE1.cnf\r\n\r\n[ CA_default ]\r\ndir             = \/home\/casystem\/CA\/CA-AA1\r\nx509_extensions = v3_ca\r\n\r\ndefault_days    = 3650\r\ndefault_bits    = 2048\r\ndefault_md      = sha256\r\n\r\npolicy          = policy_anything\r\n\r\n[ v3_ca ]\r\nbasicConstraints = CA:true\r\nnsCertType = sslCA\r\n<\/pre>\n
\u8a8d\u8a3c\u5c40\u306b\u3088\u308b\u7f72\u540d\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n
\r\nopenssl ca -config \/etc\/ssl\/openssl-CA-AA1-SE1.cnf -out .\/cacert.pem -infiles .\/cacert_req.pem\r\n<\/pre>\n
\u30eb\u30fc\u30c8\u8a3c\u660e\u66f8\u306b\u3088\u308b\u691c\u8a3c\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n
\r\nopenssl verify -CAfile \/home\/casystem\/CA\/CA-AA1\/cacert.pem .\/cacert.pem\r\n<\/pre>\n
\u8a3c\u660e\u66f8\u306e\u5185\u5bb9\u3092\u8868\u793a\u3057\u307e\u3059\u3002<\/p>\n
\r\nopenssl x509 -noout -in .\/cacert.pem -text\r\n<\/pre>\n
DER\u5f62\u5f0f\u306b\u5909\u63db\u3057\u307e\u3059\u3002<\/p>\n
\r\nopenssl x509 -inform PEM -outform DER -in .\/cacert.pem -out .\/cacert.der\r\n<\/pre>\n
\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u306e\u767a\u884c<\/h3>\n
\u8a3c\u660e\u66f8\u7528\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n
\r\ncd \/home\/casystem\/CA\/cert-SE1\r\nmkdir .\/certs\r\nmkdir .\/private\r\nmkdir .\/crl\r\nmkdir .\/newcerts\r\nchmod 700 .\/private\r\necho "01" > .\/serial\r\ntouch .\/index.txt\r\nmkdir .\/dist\r\n<\/pre>\n
OpenSSL\u306e\u30aa\u30ea\u30b8\u30ca\u30eb\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u30b3\u30d4\u30fc\u3057\u3066\u3001CSR\u4f5c\u6210\u7528\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u78ba\u8a8d\u304a\u3088\u3073\u5909\u66f4\u304c\u5fc5\u8981\u306a\u8a2d\u5b9a\u306e\u307f\u8a18\u8f09\u3057\u307e\u3059\u3002<\/p>\n
\r\nsudo cp -p \/etc\/ssl\/openssl.cnf \/etc\/ssl\/openssl-req-cert-SE1.cnf\r\nsudo vi \/etc\/ssl\/openssl-req-cert-SE1.cnf\r\n\r\n[ CA_default ]\r\ndir             = \/home\/casystem\/CA\/cert-SE1\r\n\r\n[ req ]\r\ndefault_bits            = 2048\r\ndefault_md              = sha256\r\nreq_extensions = v3_req # The extensions to add to a certificate request\r\n\r\n[ req_distinguished_name ]\r\ncountryName_default             = JP\r\nstateOrProsudo vinceName_default     = Galaxy\r\nlocalityName_default            = Earth\r\n0.organizationName_default      = Laboratory for Personal ICT\r\norganizationalUnitName_default  = Certificate Authority\r\ncommonName_default              = lab4ict.com\r\n\r\n[ v3_req ]\r\nbasicConstraints = CA:FALSE\r\n<\/pre>\n
CSR\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n
\r\nopenssl req -new -newkey rsa:2048 -out .\/secert_lab4ict_req.pem -keyout .\/private\/sekey_lab4ict.pem -config \/etc\/ssl\/openssl-req-cert-SE1.cnf\r\n<\/pre>\n
CSR\u306e\u5185\u5bb9\u3092\u8868\u793a\u3057\u307e\u3059\u3002<\/p>\n
\r\nopenssl req -noout -in .\/secert_lab4ict_req.pem -text\r\n<\/pre>\n
OpenSSL\u306e\u30aa\u30ea\u30b8\u30ca\u30eb\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u30b3\u30d4\u30fc\u3057\u3066\u3001\u4e2d\u9593\u8a3c\u660e\u66f8\u306b\u3088\u308b\u7f72\u540d\u7528\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u78ba\u8a8d\u304a\u3088\u3073\u5909\u66f4\u304c\u5fc5\u8981\u306a\u8a2d\u5b9a\u306e\u307f\u8a18\u8f09\u3057\u307e\u3059\u3002<\/p>\n
\r\nsudo cp -p \/etc\/ssl\/openssl.cnf \/etc\/ssl\/openssl-CA-SE1.cnf\r\nsudo vi \/etc\/ssl\/openssl-CA-SE1.cnf\r\n\r\n[ CA_default ]\r\ndir             = \/home\/casystem\/CA\/CA-SE1\r\nx509_extensions = usr_cert\r\n\r\ndefault_days    = 3650\r\ndefault_bits    = 2048\r\ndefault_md      = sha256\r\n\r\npolicy          = policy_anything\r\n\r\n[ usr_cert ]\r\nbasicConstraints=CA:FALSE\r\nnsCertType = server\r\n<\/pre>\n
\u8a8d\u8a3c\u5c40\u306b\u3088\u308b\u7f72\u540d\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n
\r\nopenssl ca -config \/etc\/ssl\/openssl-CA-SE1.cnf -out .\/secert_lab4ict.pem -infiles .\/secert_lab4ict_req.pem\r\n<\/pre>\n
\u4e2d\u9593\u8a3c\u660e\u66f8\u306b\u3088\u308b\u691c\u8a3c\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n
\r\ncat \/home\/casystem\/CA\/CA-AA1\/cacert.pem \/home\/casystem\/CA\/CA-SE1\/cacert.pem > .\/cacert_verify.pem\r\nopenssl verify -CAfile .\/cacert_verify.pem .\/secert_lab4ict.pem\r\n<\/pre>\n
\u8a3c\u660e\u66f8\u306e\u5185\u5bb9\u3092\u8868\u793a\u3057\u307e\u3059\u3002<\/p>\n
\r\nopenssl x509 -noout -in .\/secert_lab4ict.pem -text\r\n<\/pre>\n
DER\u5f62\u5f0f\u306b\u5909\u63db\u3057\u307e\u3059\u3002<\/p>\n
\r\nopenssl x509 -inform PEM -outform DER -in .\/secert_lab4ict.pem -out .\/secert_lab4ict.der\r\n<\/pre>\n
PKCS12\u5f62\u5f0f\u306b\u5909\u63db\u3057\u307e\u3059\u3002<\/p>\n
\r\nopenssl pkcs12 -export -in .\/secert_lab4ict.pem -inkey .\/private\/sekey_lab4ict.pem -out .\/secert_lab4ict.p12\r\n<\/pre>\n
\u30d1\u30b9\u30ef\u30fc\u30c9\u7121\u3057\u306ePEM\u5f62\u5f0f\u306b\u5909\u63db\u3057\u307e\u3059\u3002<\/p>\n
\r\nopenssl rsa -in .\/private\/sekey_lab4ict.pem -out .\/private\/sekey_lab4ict_nopass.pem\r\n<\/pre>\n
\u4f5c\u6210\u3057\u305f\u30d5\u30a1\u30a4\u30eb\u3092\u4fdd\u7ba1\u7528\u306e\u30d5\u30a9\u30eb\u30c0\u306b\u79fb\u52d5\u3057\u307e\u3059\u3002<\/p>\n
\r\nmv .\/secert* .\/dist\r\n<\/pre>\n
\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u7528\u306e\u8a8d\u8a3c\u5c40\u306e\u69cb\u7bc9\u3068\u8a3c\u660e\u66f8\u306e\u767a\u884c<\/h2>\n
\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u7528\u306e\u8a8d\u8a3c\u5c40\u3092\u69cb\u7bc9\u3057\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n
\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u7528\u306e\u4e2d\u9593\u8a3c\u660e\u66f8\u306e\u767a\u884c<\/h3>\n
\u8a8d\u8a3c\u5c40\u7528\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n
\r\ncd \/home\/casystem\/CA\/CA-CL1\r\nmkdir .\/certs\r\nmkdir .\/private\r\nmkdir .\/crl\r\nmkdir .\/newcerts\r\nchmod 700 .\/private\r\necho "01" > .\/serial\r\ntouch .\/index.txt\r\n<\/pre>\n
OpenSSL\u306e\u30aa\u30ea\u30b8\u30ca\u30eb\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u30b3\u30d4\u30fc\u3057\u3066\u3001\u4e2d\u9593\u8a3c\u660e\u66f8\u306eCSR\u4f5c\u6210\u7528\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u78ba\u8a8d\u304a\u3088\u3073\u5909\u66f4\u304c\u5fc5\u8981\u306a\u8a2d\u5b9a\u306e\u307f\u8a18\u8f09\u3057\u307e\u3059\u3002<\/p>\n
\r\nsudo cp -p \/etc\/ssl\/openssl.cnf \/etc\/ssl\/openssl-req-CA-CL1.cnf\r\nsudo vi \/etc\/ssl\/openssl-req-CA-CL1.cnf\r\n\r\n[ CA_default ]\r\ndir             = \/home\/casystem\/CA\/CA-CL1\r\n\r\n[ req ]\r\ndefault_bits            = 2048\r\ndefault_md              = sha256\r\nreq_extensions = v3_req # The extensions to add to a certificate request\r\n\r\n[ req_distinguished_name ]\r\ncountryName_default             = JP\r\n0.organizationName_default      = Laboratory for Personal ICT\r\norganizationalUnitName_default  = Certificate Authority\r\ncommonName_default              = Laboratory for Personal ICT CA - CL1\r\n\r\n[ v3_req ]\r\nbasicConstraints = CA:TRUE\r\n<\/pre>\n
CSR\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n
\r\nopenssl req -new -newkey rsa:2048 -out .\/cacert_req.pem -keyout .\/private\/cakey.pem -config \/etc\/ssl\/openssl-req-CA-CL1.cnf\r\n<\/pre>\n
CSR\u306e\u5185\u5bb9\u3092\u8868\u793a\u3057\u307e\u3059\u3002<\/p>\n
\r\nopenssl req -noout -in .\/cacert_req.pem -text\r\n<\/pre>\n
OpenSSL\u306e\u30aa\u30ea\u30b8\u30ca\u30eb\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u30b3\u30d4\u30fc\u3057\u3066\u3001\u30eb\u30fc\u30c8\u8a3c\u660e\u66f8\u306b\u3088\u308b\u7f72\u540d\u7528\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u78ba\u8a8d\u304a\u3088\u3073\u5909\u66f4\u304c\u5fc5\u8981\u306a\u8a2d\u5b9a\u306e\u307f\u8a18\u8f09\u3057\u307e\u3059\u3002<\/p>\n
\r\nsudo cp -p \/etc\/ssl\/openssl.cnf \/etc\/ssl\/openssl-CA-AA1-CL1.cnf\r\nsudo vi \/etc\/ssl\/openssl-CA-AA1-CL1.cnf\r\n\r\n[ CA_default ]\r\ndir             = \/home\/casystem\/CA\/CA-AA1\r\nx509_extensions = v3_ca\r\n\r\ndefault_days    = 3650\r\ndefault_bits    = 2048\r\ndefault_md      = sha256\r\n\r\npolicy          = policy_anything\r\n\r\n[ v3_ca ]\r\nbasicConstraints = CA:true\r\nnsCertType = sslCA\r\n<\/pre>\n
\u30eb\u30fc\u30c8\u8a8d\u8a3c\u5c40\u306b\u3088\u308b\u7f72\u540d\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n
\r\nopenssl ca -config \/etc\/ssl\/openssl-CA-AA1-CL1.cnf -out .\/cacert.pem -infiles .\/cacert_req.pem\r\n<\/pre>\n
\u30eb\u30fc\u30c8\u8a3c\u660e\u66f8\u306b\u3088\u308b\u691c\u8a3c\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n
\r\nopenssl verify -CAfile \/home\/casystem\/CA\/CA-AA1\/cacert.pem .\/cacert.pem\r\n<\/pre>\n
\u8a3c\u660e\u66f8\u306e\u5185\u5bb9\u3092\u8868\u793a\u3057\u307e\u3059\u3002<\/p>\n
\r\nopenssl x509 -noout -in .\/cacert.pem -text\r\n<\/pre>\n
DER\u5f62\u5f0f\u306b\u5909\u63db\u3057\u307e\u3059\u3002<\/p>\n
\r\nopenssl x509 -inform PEM -outform DER -in .\/cacert.pem -out .\/cacert.der\r\n<\/pre>\n
\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u306e\u767a\u884c<\/h3>\n
\u8a3c\u660e\u66f8\u7528\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n
\r\ncd \/home\/casystem\/CA\/cert-CL1\r\nmkdir .\/certs\r\nmkdir .\/private\r\nmkdir .\/crl\r\nmkdir .\/newcerts\r\nchmod 700 .\/private\r\necho "01" > .\/serial\r\ntouch .\/index.txt\r\nmkdir .\/dist\r\n<\/pre>\n
OpenSSL\u306e\u30aa\u30ea\u30b8\u30ca\u30eb\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u30b3\u30d4\u30fc\u3057\u3066\u3001CSR\u4f5c\u6210\u7528\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u78ba\u8a8d\u304a\u3088\u3073\u5909\u66f4\u304c\u5fc5\u8981\u306a\u8a2d\u5b9a\u306e\u307f\u8a18\u8f09\u3057\u307e\u3059\u3002<\/p>\n
\r\nsudo cp -p \/etc\/ssl\/openssl.cnf \/etc\/ssl\/openssl-req-cert-CL1.cnf\r\nsudo vi \/etc\/ssl\/openssl-req-cert-CL1.cnf\r\n\r\n[ CA_default ]\r\ndir             = \/home\/casystem\/CA\/cert-CL1\r\n\r\n[ req ]\r\ndefault_bits            = 2048\r\ndefault_md              = sha256\r\nreq_extensions = v3_req # The extensions to add to a certificate request\r\n\r\n[ req_distinguished_name ]\r\ncountryName_default             = JP\r\nstateOrProsudo vinceName_default     = Galaxy\r\nlocalityName_default            = Earth\r\n0.organizationName_default      = Laboratory for Personal ICT\r\norganizationalUnitName_default  = Certificate Authority\r\ncommonName_default              = Site User-001\r\n\r\n[ v3_req ]\r\nbasicConstraints = CA:FALSE\r\n<\/pre>\n
CSR\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n
\r\nopenssl req -new -newkey rsa:2048 -out .\/clcert_001_req.pem -keyout .\/private\/clkey_001.pem -config \/etc\/ssl\/openssl-req-cert-CL1.cnf\r\n<\/pre>\n
CSR\u306e\u5185\u5bb9\u3092\u8868\u793a\u3057\u307e\u3059\u3002<\/p>\n
\r\nopenssl req -noout -in .\/clcert_001_req.pem -text\r\n<\/pre>\n
OpenSSL\u306e\u30aa\u30ea\u30b8\u30ca\u30eb\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u30b3\u30d4\u30fc\u3057\u3066\u3001\u4e2d\u9593\u8a3c\u660e\u66f8\u306b\u3088\u308b\u7f72\u540d\u7528\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u78ba\u8a8d\u304a\u3088\u3073\u5909\u66f4\u304c\u5fc5\u8981\u306a\u8a2d\u5b9a\u306e\u307f\u8a18\u8f09\u3057\u307e\u3059\u3002<\/p>\n
\r\nsudo cp -p \/etc\/ssl\/openssl.cnf \/etc\/ssl\/openssl-CA-CL1.cnf\r\nsudo vi \/etc\/ssl\/openssl-CA-CL1.cnf\r\n\r\n[ CA_default ]\r\ndir             = \/home\/casystem\/CA\/cert-CL1\r\nx509_extensions = usr_cert\r\n\r\ndefault_days    = 3650\r\ndefault_bits    = 2048\r\ndefault_md      = sha256\r\n\r\npolicy          = policy_anything\r\n\r\n[ usr_cert ]\r\nbasicConstraints = CA:FALSE\r\nnsCertType = client\r\n<\/pre>\n
\u8a8d\u8a3c\u5c40\u306b\u3088\u308b\u7f72\u540d\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n
\r\nopenssl ca -config \/etc\/ssl\/openssl-CA-CL1.cnf -out .\/clcert_001.pem -infiles .\/clcert_001_req.pem\r\n<\/pre>\n
\u4e2d\u9593\u8a3c\u660e\u66f8\u306b\u3088\u308b\u691c\u8a3c\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n
\r\ncat \/home\/casystem\/CA\/CA-AA1\/cacert.pem \/home\/casystem\/CA\/CA-CL1\/cacert.pem > .\/cacert_verify.pem\r\nopenssl verify -CAfile .\/cacert_verify.pem .\/clcert_001.pem\t\t\t\r\n<\/pre>\n
\u8a3c\u660e\u66f8\u306e\u5185\u5bb9\u3092\u8868\u793a\u3057\u307e\u3059\u3002<\/p>\n
\r\nopenssl x509 -noout -in .\/clcert_001.pem -text\r\n<\/pre>\n
DER\u5f62\u5f0f\u306b\u5909\u63db\u3057\u307e\u3059\u3002<\/p>\n
openssl x509 -inform PEM -outform DER -in .\/clcert_001.pem -out .\/clcert_001.der\r\n<\/pre>\n
PKCS12\u5f62\u5f0f\u306b\u5909\u63db\u3057\u307e\u3059\u3002<\/p>\n
\r\nopenssl pkcs12 -export -in .\/clcert_001.pem -inkey .\/private\/clkey_001.pem -out .\/clcert_001.p12\r\n<\/pre>\n
\u4f5c\u6210\u3057\u305f\u30d5\u30a1\u30a4\u30eb\u3092\u4fdd\u7ba1\u7528\u306e\u30d5\u30a9\u30eb\u30c0\u306b\u79fb\u52d5\u3057\u307e\u3059\u3002<\/p>\n
\r\nmv .\/clcert* .\/dist\r\n<\/pre>\n
S\/MIME\u7528\u306e\u8a8d\u8a3c\u5c40\u306e\u69cb\u7bc9\u3068\u8a3c\u660e\u66f8\u306e\u767a\u884c<\/h2>\n
S\/MIME\u7528\u306e\u8a8d\u8a3c\u5c40\u3092\u69cb\u7bc9\u3057\u3001S\/MIME\u8a3c\u660e\u66f8\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n
S\/MIME\u7528\u306e\u4e2d\u9593\u8a3c\u660e\u66f8\u306e\u767a\u884c<\/h3>\n
\u8a8d\u8a3c\u5c40\u7528\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n
\r\ncd \/home\/casystem\/CA\/CA-EM1\r\nmkdir .\/certs\r\nmkdir .\/private\r\nmkdir .\/crl\r\nmkdir .\/newcerts\r\nchmod 700 .\/private\r\necho "01" > .\/serial\r\ntouch .\/index.txt\r\n<\/pre>\n
OpenSSL\u306e\u30aa\u30ea\u30b8\u30ca\u30eb\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u30b3\u30d4\u30fc\u3057\u3066\u3001\u4e2d\u9593\u8a3c\u660e\u66f8\u306eCSR\u4f5c\u6210\u7528\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u78ba\u8a8d\u304a\u3088\u3073\u5909\u66f4\u304c\u5fc5\u8981\u306a\u8a2d\u5b9a\u306e\u307f\u8a18\u8f09\u3057\u307e\u3059\u3002<\/p>\n
\r\nsudo cp -p \/etc\/ssl\/openssl.cnf \/etc\/ssl\/openssl-req-CA-EM1.cnf\r\nsudo vi \/etc\/ssl\/openssl-req-CA-EM1.cnf\r\n\r\n[ CA_default ]\r\ndir             = \/home\/casystem\/CA\/CA-EM1\r\n\r\n[ req ]\r\ndefault_bits            = 2048\r\ndefault_md              = sha256\r\nreq_extensions = v3_req # The extensions to add to a certificate request\r\n\r\n[ req_distinguished_name ]\r\ncountryName_default             = JP\r\n0.organizationName_default      = Laboratory for Personal ICT\r\norganizationalUnitName_default  = Certificate Authority\r\ncommonName_default\t\t= ICT Personal Laboratory CA - EM1\r\n\r\n[ v3_req ]\r\nbasicConstraints = CA:TRUE\r\n<\/pre>\n
CSR\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n
\r\nopenssl req -new -newkey rsa:2048 -out .\/cacert_req.pem -keyout .\/private\/cakey.pem -config \/etc\/ssl\/openssl-req-CA-EM1.cnf\r\n<\/pre>\n
CSR\u306e\u5185\u5bb9\u3092\u8868\u793a\u3057\u307e\u3059\u3002<\/p>\n
\r\nopenssl req -noout -in .\/cacert_req.pem -text\r\n<\/pre>\n
OpenSSL\u306e\u30aa\u30ea\u30b8\u30ca\u30eb\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u30b3\u30d4\u30fc\u3057\u3066\u3001\u30eb\u30fc\u30c8\u8a3c\u660e\u66f8\u306b\u3088\u308b\u7f72\u540d\u7528\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u78ba\u8a8d\u304a\u3088\u3073\u5909\u66f4\u304c\u5fc5\u8981\u306a\u8a2d\u5b9a\u306e\u307f\u8a18\u8f09\u3057\u307e\u3059\u3002<\/p>\n
\r\nsudo cp -p \/etc\/ssl\/openssl.cnf \/etc\/ssl\/openssl-CA-AA1-EM1.cnf\r\nsudo vi \/etc\/ssl\/openssl-CA-AA1-EM1.cnf\r\n\r\n[ CA_default ]\r\ndir             = \/home\/casystem\/CA\/CA-EM1\r\nx509_extensions = v3_ca\r\n\r\ndefault_days    = 3650\r\ndefault_bits    = 2048\r\ndefault_md      = sha256\r\n\r\npolicy          = policy_anything\r\n\r\n[ v3_ca ]\r\nbasicConstraints = CA:true\r\nnsCertType = emailCA\r\n<\/pre>\n
\u8a8d\u8a3c\u5c40\u306b\u3088\u308b\u7f72\u540d\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n
\r\nopenssl ca -config \/etc\/ssl\/openssl-CA-AA1-EM1.cnf -out .\/cacert.pem -infiles .\/cacert_req.pem\r\n<\/pre>\n
\u30eb\u30fc\u30c8\u8a3c\u660e\u66f8\u306b\u3088\u308b\u691c\u8a3c\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n
\r\nopenssl verify -CAfile \/home\/casystem\/CA\/CA-AA1\/cacert.pem .\/cacert.pem\r\n<\/pre>\n
\u8a3c\u660e\u66f8\u306e\u5185\u5bb9\u3092\u8868\u793a\u3057\u307e\u3059\u3002<\/p>\n
\r\nopenssl x509 -noout -in .\/cacert.pem -text\r\n<\/pre>\n
DER\u5f62\u5f0f\u306b\u5909\u63db\u3057\u307e\u3059\u3002<\/p>\n
\r\nopenssl x509 -inform PEM -outform DER -in .\/cacert.pem -out .\/cacert.der\r\n<\/pre>\n
S\/MIME\u8a3c\u660e\u66f8\u306e\u767a\u884c<\/h3>\n
\u8a3c\u660e\u66f8\u7528\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n
\r\ncd \/home\/casystem\/CA\/cert-EM1\r\nmkdir .\/certs\r\nmkdir .\/private\r\nmkdir .\/crl\r\nmkdir .\/newcerts\r\nchmod 700 .\/private\r\necho "01" > .\/serial\r\ntouch .\/index.txt\r\nmkdir .\/dist\r\n<\/pre>\n
OpenSSL\u306e\u30aa\u30ea\u30b8\u30ca\u30eb\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u30b3\u30d4\u30fc\u3057\u3066\u3001CSR\u4f5c\u6210\u7528\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u78ba\u8a8d\u304a\u3088\u3073\u5909\u66f4\u304c\u5fc5\u8981\u306a\u8a2d\u5b9a\u306e\u307f\u8a18\u8f09\u3057\u307e\u3059\u3002<\/p>\n
\r\nsudo cp -p \/etc\/ssl\/openssl.cnf \/etc\/ssl\/openssl-req-cert-EM1.cnf\r\nsudo vi \/etc\/ssl\/openssl-req-cert-EM1.cnf\r\n\r\n[ CA_default ]\r\ndir             = \/home\/casystem\/CA\/cert-EM1\r\n\r\n[ req ]\r\ndefault_bits            = 2048\r\ndefault_md              = sha256\r\nreq_extensions = v3_req # The extensions to add to a certificate request\r\n\r\n[ req_distinguished_name ]\r\ncountryName_default             = JP\r\nstateOrProsudo vinceName_default     = Galaxy\r\nlocalityName_default            = Earth\r\n0.organizationName_default      = Laboratory for Personal ICT\r\norganizationalUnitName_default  = Laboratory One\r\ncommonName_default              = Site User-001\r\nemailAddress_default            = user-001@lab4ict.com\r\n\r\n[ v3_req ]\r\nbasicConstraints = CA:FALSE\r\n<\/pre>\n
CSR\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n
\r\nopenssl req -new -newkey rsa:2048 -out .\/emcert_001_req.pem -keyout .\/private\/emkey_001.pem -config \/etc\/ssl\/openssl-req-cert-EM1.cnf\r\n<\/pre>\n
CSR\u306e\u5185\u5bb9\u3092\u8868\u793a\u3057\u307e\u3059\u3002<\/p>\n
\r\nopenssl req -noout -in .\/emcert_001_req.pem -text\r\n<\/pre>\n
OpenSSL\u306e\u30aa\u30ea\u30b8\u30ca\u30eb\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u30b3\u30d4\u30fc\u3057\u3066\u3001\u4e2d\u9593\u8a3c\u660e\u66f8\u306b\u3088\u308b\u7f72\u540d\u7528\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u78ba\u8a8d\u304a\u3088\u3073\u5909\u66f4\u304c\u5fc5\u8981\u306a\u8a2d\u5b9a\u306e\u307f\u8a18\u8f09\u3057\u307e\u3059\u3002<\/p>\n
\r\nsudo cp -p \/etc\/ssl\/openssl.cnf \/etc\/ssl\/openssl-CA-EM1.cnf\r\nsudo vi \/etc\/ssl\/openssl-CA-EM1.cnf\r\n\r\n[ CA_default ]\r\ndir             = \/home\/casystem\/CA\/cert-em1\r\nx509_extensions = usr_cert\r\n\r\ndefault_days    = 3650\r\ndefault_bits    = 2048\r\ndefault_md      = sha256\r\n\r\npolicy          = policy_anything\r\n\r\n[ usr_cert ]\r\nbasicConstraints = CA:FALSE\r\nnsCertType = email\r\n<\/pre>\n
\u8a8d\u8a3c\u5c40\u306b\u3088\u308b\u7f72\u540d\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n
\r\nopenssl ca -config \/etc\/ssl\/openssl-CA-EM1.cnf -out .\/emcert_001.pem -infiles .\/emcert_001_req.pem\r\n<\/pre>\n
\u4e2d\u9593\u8a3c\u660e\u66f8\u306b\u3088\u308b\u691c\u8a3c\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n
\r\ncat \/home\/casystem\/CA\/CA-AA1\/cacert.pem \/home\/casystem\/CA\/CA-EM1\/cacert.pem > .\/cacert_verify.pem\r\nopenssl verify -CAfile .\/cacert_verify.pem .\/emcert_001.pem\t\t\t\r\n<\/pre>\n
\u8a3c\u660e\u66f8\u306e\u5185\u5bb9\u3092\u8868\u793a\u3057\u307e\u3059\u3002<\/p>\n
\r\nopenssl x509 -noout -in .\/emcert_001.pem -text\r\n<\/pre>\n
DER\u5f62\u5f0f\u306b\u5909\u63db\u3057\u307e\u3059\u3002<\/p>\n
\r\nopenssl x509 -inform PEM -outform DER -in .\/emcert_001.pem -out .\/emcert_001.der\r\n<\/pre>\n
PKCS12\u5f62\u5f0f\u306b\u5909\u63db\u3057\u307e\u3059\u3002<\/p>\n
\r\nopenssl pkcs12 -export -in .\/emcert_001.pem -inkey .\/private\/emkey_001.pem -out .\/emcert_001.p12\r\n<\/pre>\n
\u4f5c\u6210\u3057\u305f\u30d5\u30a1\u30a4\u30eb\u3092\u4fdd\u7ba1\u7528\u306e\u30d5\u30a9\u30eb\u30c0\u306b\u79fb\u52d5\u3057\u307e\u3059\u3002<\/p>\n
\r\nmv .\/emcert* .\/dist\r\n<\/pre>\n
\u30b3\u30fc\u30c9\u30b5\u30a4\u30f3\u30cb\u30f3\u30b0\u7528\u306e\u8a8d\u8a3c\u5c40\u306e\u69cb\u7bc9\u3068\u8a3c\u660e\u66f8\u306e\u767a\u884c<\/h2>\n
\u30b3\u30fc\u30c9\u30b5\u30a4\u30cb\u30f3\u30b0\u7528\u306e\u8a8d\u8a3c\u5c40\u3092\u69cb\u7bc9\u3057\u3001\u30b3\u30fc\u30c9\u30b5\u30a4\u30cb\u30f3\u30b0\u8a3c\u660e\u66f8\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n
\u30b3\u30fc\u30c9\u30b5\u30a4\u30f3\u30cb\u30f3\u30b0\u8a3c\u660e\u66f8\u7528\u306e\u4e2d\u9593\u8a3c\u660e\u66f8\u306e\u767a\u884c<\/h3>\n
\u8a8d\u8a3c\u5c40\u7528\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n
\r\ncd \/home\/casystem\/CA\/CA-OB1\r\nmkdir .\/certs\r\nmkdir .\/private\r\nmkdir .\/crl\r\nmkdir .\/newcerts\r\nchmod 700 .\/private\r\necho "01" > .\/serial\r\ntouch .\/index.txt\r\n<\/pre>\n
OpenSSL\u306e\u30aa\u30ea\u30b8\u30ca\u30eb\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u30b3\u30d4\u30fc\u3057\u3066\u3001\u4e2d\u9593\u8a3c\u660e\u66f8\u306eCSR\u4f5c\u6210\u7528\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u78ba\u8a8d\u304a\u3088\u3073\u5909\u66f4\u304c\u5fc5\u8981\u306a\u8a2d\u5b9a\u306e\u307f\u8a18\u8f09\u3057\u307e\u3059\u3002<\/p>\n
\r\nsudo cp -p \/etc\/ssl\/openssl.cnf \/etc\/ssl\/openssl-req-CA-OB1.cnf\r\nsudo vi \/etc\/ssl\/openssl-req-CA-OB1.cnf\r\n\r\n[ CA_default ]\r\ndir             = \/home\/casystem\/CA\/CA-OB1\r\n\r\n[ req ]\r\ndefault_bits            = 2048\r\ndefault_md              = sha256\r\nreq_extensions = v3_req # The extensions to add to a certificate request\r\n\r\n[ req_distinguished_name ]\r\ncountryName_default             = JP\r\n0.organizationName_default      = Laboratory for Personal ICT\r\norganizationalUnitName_default  = Certificate Authority\r\ncommonName_default              = Laboratory for Personal ICT CA - OB1\r\n\r\n[ v3_req ]\r\nbasicConstraints = CA:TRUE\r\n<\/pre>\n
CSR\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n
\r\nopenssl req -new -newkey rsa:2048 -out .\/cacert_req.pem -keyout .\/private\/cakey.pem -config \/etc\/ssl\/openssl-req-CA-OB1.cnf\r\n<\/pre>\n
CSR\u306e\u5185\u5bb9\u3092\u8868\u793a\u3057\u307e\u3059\u3002<\/p>\n
openssl req -noout -in .\/cacert_req.pem -text\r\n<\/pre>\n
OpenSSL\u306e\u30aa\u30ea\u30b8\u30ca\u30eb\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u30b3\u30d4\u30fc\u3057\u3066\u3001\u30eb\u30fc\u30c8\u8a3c\u660e\u66f8\u306b\u3088\u308b\u7f72\u540d\u7528\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u78ba\u8a8d\u304a\u3088\u3073\u5909\u66f4\u304c\u5fc5\u8981\u306a\u8a2d\u5b9a\u306e\u307f\u8a18\u8f09\u3057\u307e\u3059\u3002<\/p>\n
\r\nsudo cp -p \/etc\/ssl\/openssl.cnf \/etc\/ssl\/openssl-CA-AA1-OB1.cnf\r\nsudo vi \/etc\/ssl\/openssl-CA-AA1-OB1.cnf\r\n\r\n[ CA_default ]\r\ndir             = \/home\/casystem\/CA\/CA-AA1\r\nx509_extensions = v3_ca\r\n\r\ndefault_days    = 3650\r\ndefault_bits    = 2048\r\ndefault_md      = sha256\r\n\r\npolicy          = policy_anything\r\n\r\n[ v3_ca ]\r\nnsCertType = objCA\r\n<\/pre>\n
\u8a8d\u8a3c\u5c40\u306b\u3088\u308b\u7f72\u540d\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n
\r\nopenssl ca -config \/etc\/ssl\/openssl-CA-AA1-OB1.cnf -out .\/cacert.pem -infiles .\/cacert_req.pem\r\n<\/pre>\n
\u30eb\u30fc\u30c8\u8a3c\u660e\u66f8\u306b\u3088\u308b\u691c\u8a3c\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n
\r\nopenssl verify -CAfile \/home\/casystem\/CA\/CA-AA1\/cacert.pem .\/cacert.pem\r\n<\/pre>\n
\u8a3c\u660e\u66f8\u306e\u5185\u5bb9\u3092\u8868\u793a\u3057\u307e\u3059\u3002<\/p>\n
\r\nopenssl x509 -noout -in .\/cacert.pem -text\r\n<\/pre>\n
DER\u5f62\u5f0f\u306b\u5909\u63db\u3057\u307e\u3059\u3002<\/p>\n
\r\nopenssl x509 -inform PEM -outform DER -in .\/cacert.pem -out .\/cacert.der\r\n<\/pre>\n
\u30b3\u30fc\u30c9\u30b5\u30a4\u30f3\u30cb\u30f3\u30b0\u8a3c\u660e\u66f8\u306e\u767a\u884c<\/h3>\n
\u8a3c\u660e\u66f8\u7528\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n
\r\ncd \/home\/casystem\/CA\/cert-OB1\r\nmkdir .\/certs\r\nmkdir .\/private\r\nmkdir .\/crl\r\nmkdir .\/newcerts\r\nchmod 700 .\/private\r\necho "01" > .\/serial\r\ntouch .\/index.txt\r\nmkdir .\/dist\r\n<\/pre>\n
OpenSSL\u306e\u30aa\u30ea\u30b8\u30ca\u30eb\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u30b3\u30d4\u30fc\u3057\u3066\u3001CSR\u4f5c\u6210\u7528\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u78ba\u8a8d\u304a\u3088\u3073\u5909\u66f4\u304c\u5fc5\u8981\u306a\u8a2d\u5b9a\u306e\u307f\u8a18\u8f09\u3057\u307e\u3059\u3002<\/p>\n
\r\nsudo cp -p \/etc\/ssl\/openssl.cnf \/etc\/ssl\/openssl-req-cert-OB1.cnf\r\nsudo vi \/etc\/ssl\/openssl-req-cert-OB1.cnf\r\n\r\n[ CA_default ]\r\ndir             = \/home\/casystem\/CA\/cert-OB1\r\n\r\n[ req ]\r\ndefault_bits            = 2048\r\ndefault_md              = sha256\r\nreq_extensions = v3_req # The extensions to add to a certificate request\r\n\r\n[ req_distinguished_name ]\r\ncountryName_default             = JP\r\nstateOrProsudo vinceName_default     = Galaxy\r\nlocalityName_default            = Earth\r\n0.organizationName_default      = Laboratory for Personal ICT\r\norganizationalUnitName_default  = Laboratory One\r\ncommonName_default              = Site User-001\r\n[ v3_req ]\r\nbasicConstraints = CA:FALSE\r\nkeyUsage = nonRepudiation, digitalSignature, keyEncipherment, codeSigning\r\n<\/pre>\n
CSR\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n
\r\nopenssl req -new -newkey rsa:2048 -out .\/obcert_001_req.pem -keyout private\/obkey_001.pem -config \/etc\/ssl\/openssl-req-cert-OB1.cnf\r\n<\/pre>\n
CSR\u306e\u5185\u5bb9\u3092\u8868\u793a\u3057\u307e\u3059\u3002<\/p>\n
\r\nopenssl req -noout -in obcert_001_req.pem -text\r\n<\/pre>\n
OpenSSL\u306e\u30aa\u30ea\u30b8\u30ca\u30eb\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u30b3\u30d4\u30fc\u3057\u3066\u3001\u4e2d\u9593\u8a3c\u660e\u66f8\u306b\u3088\u308b\u7f72\u540d\u7528\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u78ba\u8a8d\u304a\u3088\u3073\u5909\u66f4\u304c\u5fc5\u8981\u306a\u8a2d\u5b9a\u306e\u307f\u8a18\u8f09\u3057\u307e\u3059\u3002<\/p>\n
\r\nsudo cp -p \/etc\/ssl\/openssl.cnf \/etc\/ssl\/openssl-CA-OB1.cnf\r\nsudo vi \/etc\/ssl\/openssl-CA-OB1.cnf\r\n\r\n[ CA_default ]\r\ndir             = \/home\/casystem\/CA\/CA-OB1\r\nx509_extensions = usr_cert\r\n\r\ndefault_days    = 3650\r\ndefault_bits    = 2048\r\ndefault_md      = sha256\r\n\r\npolicy          = policy_anything\r\n\r\n[ usr_cert ]\r\nbasicConstraints = CA:FALSE\r\nnsCertType = objSign\r\n<\/pre>\n
\u8a8d\u8a3c\u5c40\u306b\u3088\u308b\u7f72\u540d\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n
\r\nopenssl ca -out .\/obcert_001.pem -config \/etc\/ssl\/openssl-CA-OB1.cnf -infiles .\/obcert_001_req.pem\r\n<\/pre>\n
\u4e2d\u9593\u8a3c\u660e\u66f8\u306b\u3088\u308b\u691c\u8a3c\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n
\r\ncat \/home\/casystem\/CA\/CA-AA1\/cacert.pem \/home\/casystem\/CA\/CA-OB1\/cacert.pem > .\/cacert_verify.pem\r\nopenssl verify -CAfile .\/cacert_verify.pem .\/obcert_001.pem\r\n<\/pre>\n
\u8a3c\u660e\u66f8\u306e\u5185\u5bb9\u3092\u8868\u793a\u3057\u307e\u3059\u3002<\/p>\n
\r\nopenssl x509 -noout -in .\/obcert_001.pem -text\t\r\n<\/pre>\n
DER\u5f62\u5f0f\u306b\u5909\u63db\u3057\u307e\u3059\u3002<\/p>\n
\r\nopenssl x509 -inform PEM -outform DER -in .\/obcert_001.pem -out .\/obcert.001.der\r\n<\/pre>\n
PKCS12\u5f62\u5f0f\u306b\u5909\u63db\u3057\u307e\u3059\u3002<\/p>\n
\r\nopenssl pkcs12 -export -in .\/obcert_001.pem -inkey .\/private\/obkey_001.pem -out .\/obcert_001.p12\r\n<\/pre>\n
\u4f5c\u6210\u3057\u305f\u30d5\u30a1\u30a4\u30eb\u3092\u4fdd\u7ba1\u7528\u306e\u30d5\u30a9\u30eb\u30c0\u306b\u79fb\u52d5\u3057\u307e\u3059\u3002<\/p>\n
\r\nmv .\/obcert* .\/dist\r\n<\/pre>\n
\u304a\u308f\u308a\u306b<\/h2>\n
\u672c\u7a3f\u3067\u306f\u3001\u30eb\u30fc\u30c8\u306e\u8a8d\u8a3c\u5c40\u3092\u9802\u70b9\u306b\u767a\u884c\u3059\u308b\u8a3c\u660e\u66f8\u306e\u7a2e\u985e\u5225\u306b\u4e2d\u9593\u306e\u8a8d\u8a3c\u5c40\u3092\u69cb\u7bc9\u3057\u3001\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u3001S\/MIME\u8a3c\u660e\u66f8\u3001\u30b3\u30fc\u30c9\u30b5\u30a4\u30cb\u30f3\u30b0\u8a3c\u660e\u66f8\u3092\u767a\u884c\u3057\u307e\u3057\u305f\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
OpenSSL\u3092\u4f7f\u7528\u3057\u3066\u8a8d\u8a3c\u5c40\uff08CA\uff09\u3092\u69cb\u7bc9\u3057\u307e\u3059\u3002\u672c\u7a3f\u3067\u306f\u3001\u30eb\u30fc\u30c8\u306e\u8a8d\u8a3c\u5c40\u914d\u4e0b\u306b\u3001\u767a\u884c\u3059\u308b\u8a3c\u660e\u66f8\u306e\u7a2e\u985e\u3054\u3068\u306b\u4e2d\u9593\u306e\u8a8d\u8a3c\u5c40\u3092\u8a2d\u7f6e\u3057\u307e\u3059\u3002\u4e2d\u9593\u306e\u8a8d\u8a3c\u5c40\u3068\u3057\u3066\u306f\u3001\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u3001S\/MIME\u8a3c\u660e\u66f8\u3001\u30b3\u30fc\u30c9\u30b5\u30a4\u30cb\u30f3\u30b0\u8a3c\u660e\u66f8\u767a\u884c\u7528\u2026<\/p>\n","protected":false},"author":1,"featured_media":642,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12],"tags":[15,18,25,42,16,17,14],"class_list":["post-116","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-openssl","tag-ca","tag-openssl","tag-25","tag-42","tag-16","tag-17","tag-14"],"_links":{"self":[{"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/posts\/116","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/comments?post=116"}],"version-history":[{"count":0,"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/posts\/116\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/media\/642"}],"wp:attachment":[{"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/media?parent=116"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/categories?post=116"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/tags?post=116"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}