회원가입| 아이디/비밀번호

Content on this page requires a newer version of Adobe Flash Player.

Get Adobe Flash player

 

Content on this page requires a newer version of Adobe Flash Player.

Get Adobe Flash player

 
홈 >커뮤니티> 정보공유 게시판

  [정보] OpenSSL CA를 사용한 인증서 만료일 연장
 

작성자:관리자    작성일:2010-08-30     조회수:5439

   
 
1. Convert a certificate to a certificate request :
openssl x509 -x509toreq -in cert.pem -out req.pem -signkey private.pem

2. Convert a certificate request into a self signed certificate using extensions for a CA:
# openssl x509 -req -in req.pem -extfile openssl.cnf -extensions v3_ca
# -signkey private.pem -out cacert.pem -days 3650
openssl x509 -req -in req.pem -extfile /IniCA30/etc/certgen.cnf -extensions ca_ext -signkey private.pem -out cacert.pem -days 3650
openssl x509 -req -in req.pem -extfile certgen.cnf -extensions ca_ext -signkey private.pem -out cacert10.pem -days 3650
openssl x509 -req -in req.pem -extfile certgen.cnf -extensions ca_ext -signkey private.pem -out cacert30.pem -days 10950
3. 확인
openssl x509 -in cacert.pem -inform pem -text

- ca.sh
#openssl ca -config /Admin/plugin/plugin_cert/s_ini_osk.conf -in req.pem -out cert.pem -days 1825
#openssl ca -config /Admin/plugin/plugin_cert/s_ini.conf -in req.pem -out cert.pem -days 1825
#openssl ca -config /Admin/plugin/plugin_cert/s_ini.conf -in req.pem -out cert.pem -days 5475
#openssl ca -config /Admin/plugin/plugin_cert/s_ini.conf -in req.pem -out cert.pem -days 365
#openssl ca -config /Admin/plugin/plugin_cert/s_ini.conf -in req.pem -out cert.pem -days 90
openssl ca -config /Admin/plugin/plugin_cert/s_ini.conf -in req.pem -out cert.pem -days 3650

- ca10.sh
openssl ca -config /user1/plugin/plugin_cert/s_ini.conf -in req.pem -out cert.pem -days 3650

- ca15.sh
openssl ca -config /user1/plugin/plugin_cert/s_ini.conf -in req.pem -out cert.pem -days 5475

- ca20.sh
openssl ca -config /user1/plugin/plugin_cert/s_ini.conf -in req.pem -out cert.pem -days 7300

- ca5.sh
openssl ca -config /Admin/plugin/plugin_cert/s_ini.conf -in req.pem -out cert.pem -days 1825

- ca_sso.sh
openssl ca -config /user1/plugin/plugin_cert/s_ini.conf -in req.pem -out cert.pem -days 3650

- derenc.sh
../openssl pkcs8 -in key.pem -outform DER -topk8 -out priv.pk8.der.enc

- pemenc.sh
../openssl pkcs8 -in key.pem -outform PEM -topk8 -out priv.pk8.pem.enc

- req.sh
openssl req -outform PEM -out req.pem -nodes -keyform PEM -keyout key.pem -config /Admin/plugin/plugin_cert/s_ini.conf -new

- req_key.sh
openssl req -outform PEM -out req.pem -nodes -keyform PEM -key key.pem -config /user1/plugin/plugin_cert/s_ini.conf -new

- example : s_ini.conf


#RANDFILE = /usr/local/etc/httpd/reqdir/.rand
####################################################################
[ ca ]
default_ca = CA_default # The default ca section

####################################################################
[ CA_default ]

dir = /Admin/plugin/plugin_cert # Where everything is kept
#dir = .
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/c_index.txt # database index file.
new_certs_dir = $dir/newcerts/server # default place for new certs.

certificate = $dir/ca_cert/cert.pem # The CA certificate
#certificate = $dir/ca_cert/hyundai-mortor-sso-ca-20030903/cacert.pem
# The CA certificate
serial = $dir/c_serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca_cert/key.pem # The private key
#private_key = $dir/ca_cert/hyundai-mortor-sso-ca-20030903/priv.pem # The pr
ivate key
RANDFILE = $dir/ca_cert/.rand # private random number file

#default_days = 1825 # how long to certify for
default_days = 18250 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = md5 # which md to use.
#default_md = sha1 # which md to use.
preserve = no # keep passed DN ordering
certdb = $dir/CERTDB

# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything

# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = optional
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional

# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional

####################################################################
[ req ]
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes

[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = KR
countryName_min = 2
countryName_max = 2

#stateOrProvinceName = State or Province Name (full name)
#stateOrProvinceName_default = Queensland

localityName = Locality Name (eg, city)

organizationName = Organization Name (eg, company)
organizationName_default = Mincom Pty Ltd

organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = MTR

commonName = Common Name (eg, YOUR name)
commonName_max = 64

emailAddress = Email Address
emailAddress_max = 40


[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20

unstructuredName = An optional company name


   

[에러코드 : ]
메세지 : select * from cert_board_comment where uid='8'