|
|
|
 |
 |
| |
OpenSSL CA를 사용한 인증서 만료일 연장 |
|
| |
작성자:관리자 작성일:2010-08-30 조회수:6236 |
|
| |
|
| |
1. Convert a certificate to a certificate request :
openssl x509 -x509toreq -in cert.pem -out req.pem -signkey private.pem
2. Convert a certificate request into a self signed certificate using extensions for a CA:
# openssl x509 -req -in req.pem -extfile openssl.cnf -extensions v3_ca
# -signkey private.pem -out cacert.pem -days 3650
openssl x509 -req -in req.pem -extfile /IniCA30/etc/certgen.cnf -extensions ca_ext -signkey private.pem -out cacert.pem -days 3650
openssl x509 -req -in req.pem -extfile certgen.cnf -extensions ca_ext -signkey private.pem -out cacert10.pem -days 3650
openssl x509 -req -in req.pem -extfile certgen.cnf -extensions ca_ext -signkey private.pem -out cacert30.pem -days 10950
3. 확인
openssl x509 -in cacert.pem -inform pem -text
- ca.sh
#openssl ca -config /Admin/plugin/plugin_cert/s_ini_osk.conf -in req.pem -out cert.pem -days 1825
#openssl ca -config /Admin/plugin/plugin_cert/s_ini.conf -in req.pem -out cert.pem -days 1825
#openssl ca -config /Admin/plugin/plugin_cert/s_ini.conf -in req.pem -out cert.pem -days 5475
#openssl ca -config /Admin/plugin/plugin_cert/s_ini.conf -in req.pem -out cert.pem -days 365
#openssl ca -config /Admin/plugin/plugin_cert/s_ini.conf -in req.pem -out cert.pem -days 90
openssl ca -config /Admin/plugin/plugin_cert/s_ini.conf -in req.pem -out cert.pem -days 3650
- ca10.sh
openssl ca -config /user1/plugin/plugin_cert/s_ini.conf -in req.pem -out cert.pem -days 3650
- ca15.sh
openssl ca -config /user1/plugin/plugin_cert/s_ini.conf -in req.pem -out cert.pem -days 5475
- ca20.sh
openssl ca -config /user1/plugin/plugin_cert/s_ini.conf -in req.pem -out cert.pem -days 7300
- ca5.sh
openssl ca -config /Admin/plugin/plugin_cert/s_ini.conf -in req.pem -out cert.pem -days 1825
- ca_sso.sh
openssl ca -config /user1/plugin/plugin_cert/s_ini.conf -in req.pem -out cert.pem -days 3650
- derenc.sh
../openssl pkcs8 -in key.pem -outform DER -topk8 -out priv.pk8.der.enc
- pemenc.sh
../openssl pkcs8 -in key.pem -outform PEM -topk8 -out priv.pk8.pem.enc
- req.sh
openssl req -outform PEM -out req.pem -nodes -keyform PEM -keyout key.pem -config /Admin/plugin/plugin_cert/s_ini.conf -new
- req_key.sh
openssl req -outform PEM -out req.pem -nodes -keyform PEM -key key.pem -config /user1/plugin/plugin_cert/s_ini.conf -new
- example : s_ini.conf
#RANDFILE = /usr/local/etc/httpd/reqdir/.rand
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = /Admin/plugin/plugin_cert # Where everything is kept
#dir = .
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/c_index.txt # database index file.
new_certs_dir = $dir/newcerts/server # default place for new certs.
certificate = $dir/ca_cert/cert.pem # The CA certificate
#certificate = $dir/ca_cert/hyundai-mortor-sso-ca-20030903/cacert.pem
# The CA certificate
serial = $dir/c_serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca_cert/key.pem # The private key
#private_key = $dir/ca_cert/hyundai-mortor-sso-ca-20030903/priv.pem # The pr
ivate key
RANDFILE = $dir/ca_cert/.rand # private random number file
#default_days = 1825 # how long to certify for
default_days = 18250 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = md5 # which md to use.
#default_md = sha1 # which md to use.
preserve = no # keep passed DN ordering
certdb = $dir/CERTDB
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = optional
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = KR
countryName_min = 2
countryName_max = 2
#stateOrProvinceName = State or Province Name (full name)
#stateOrProvinceName_default = Queensland
localityName = Locality Name (eg, city)
organizationName = Organization Name (eg, company)
organizationName_default = Mincom Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = MTR
commonName = Common Name (eg, YOUR name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 40
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
|
| |
|
|
Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, bool given in /home/innocert/www/community/board.html on line 134
|
|
|
|
1 
