{"id":10,"date":"2014-04-10T13:17:21","date_gmt":"2014-04-10T04:17:21","guid":{"rendered":"http:\/\/fsck.jp\/?p=10"},"modified":"2018-06-06T14:25:09","modified_gmt":"2018-06-06T05:25:09","slug":"ubuntu%e3%81%a7%e7%8b%ac%e8%87%aaca%e6%a7%8b%e7%af%89","status":"publish","type":"post","link":"https:\/\/fsck.jp\/?p=10","title":{"rendered":"Ubuntu\u3067\u72ec\u81eaCA\u69cb\u7bc9"},"content":{"rendered":"<p>Web\u30b5\u30fc\u30d0\u4e0a\u306b\u72ec\u81eaCA\u3092\u69cb\u7bc9\u3057\u3066\u8a3c\u660e\u66f8\u3092\u4f5c\u6210\u3059\u308b\u3002<br \/>\nOS: Ubuntu12.04<br \/>\n\u53c2\u8003URL: <a title=\"Certificates\" href=\"https:\/\/help.ubuntu.com\/12.04\/serverguide\/certificates-and-security.html\">Ubuntu documentation: Certificates<\/a><\/p>\n<p>\u5fc5\u8981\u306a\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u4f5c\u6210<br \/>\n<code><br \/>\n$ sudo mkdir \/etc\/ssl\/CA<br \/>\n$ sudo mkdir \/etc\/ssl\/newcerts<\/code><\/p>\n<p>\u30b7\u30ea\u30a2\u30eb\u3068\u30a4\u30f3\u30c7\u30c3\u30af\u30b9\u7ba1\u7406\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3059\u308b<br \/>\n<code><br \/>\n$ sudo sh -c \"echo '01' &gt; \/etc\/ssl\/CA\/serial\"<br \/>\n$ sudo touch \/etc\/ssl\/CA\/index.txt<\/code><\/p>\n<p>openssl.cnf\u30d5\u30a1\u30a4\u30eb\u3092\u7de8\u96c6\u3059\u308b\u3002<br \/>\n<code><br \/>\n$ sudo cp -p \/etc\/ssl\/openssl.cnf{,.orig}<br \/>\n$ sudo vi \/etc\/ssl\/openssl.cnf<br \/>\ndir = \/etc\/ssl # Where everything is kept<br \/>\ndatabase = $dir\/CA\/index.txt # database index file.<br \/>\ncertificate = $dir\/certs\/cacert.pem # The CA certificate<br \/>\nserial = $dir\/CA\/serial # The current serial number<\/code><\/p>\n<p>CA\u306e\u9375\u3068\u8a3c\u660e\u66f8\u3092\u4f5c\u6210 (\u6709\u52b9\u671f\u959310\u5e74)<br \/>\n<code><br \/>\n$ sudo openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out\u00a0cacert.pem -days 3652<br \/>\n...<br \/>\nEnter PEM pass phrase: ********<br \/>\nVerifying - Enter PEM pass phrase: ********<br \/>\n...<br \/>\nCountry Name (2 letter code) [AU]:JP<br \/>\nState or Province Name (full name) [Some-State]:Aichi<br \/>\nLocality Name (eg, city) []:Nagoya<br \/>\nOrganization Name (eg, company) [Internet Widgits Pty Ltd]: MyHome<br \/>\nOrganizational Unit Name (eg, section) []: Dept. for general purpose<br \/>\nCommon Name (e.g. server FQDN or YOUR name) []:MyCA<br \/>\nEmail Address []: oreore@example.jp<\/code><\/p>\n<p>\u51fa\u6765\u4e0a\u304c\u3063\u305f\u9375\u3068\u8a3c\u660e\u66f8\u3092\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306b\u914d\u7f6e\u3059\u308b\u3002<br \/>\n<code><br \/>\n$ sudo mv cakey.pem \/etc\/ssl\/private\/<br \/>\n$ sudo mv cacert.pem \/etc\/ssl\/certs\/<br \/>\n$ sudo chmod go-rwx \/etc\/ssl\/private\/cakey.pem<\/code><\/p>\n<p>\u4ee5\u4e0a\u3067CA\u306e\u69cb\u7bc9\u306f\u5b8c\u4e86\u3002<\/p>\n<p>\u4ee5\u4e0b\u3001\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u3092\u4f5c\u6210\u3059\u308b\u3002<br \/>\n\u30b5\u30fc\u30d0\u9375\u306e\u4f5c\u6210<br \/>\n<code><br \/>\n$ sudo openssl genrsa -aes256 -out server.key 2048<\/code><br \/>\n\u9375\u30d5\u30a1\u30a4\u30eb\u306b\u4ed8\u3044\u3066\u3057\u307e\u3063\u305f\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u524a\u9664\u3059\u308b\u3002<br \/>\n<code><br \/>\n$ sudo openssl rsa -in server.key -out server.key<\/code><\/p>\n<p>CSR\u4f5c\u6210 (\u6709\u52b9\u671f\u9593\u306f5\u5e74\u306b\u3057\u3066\u307f\u308b)<br \/>\n<code><br \/>\n$ sudo openssl req -new -days 1826 -key server.key -out server.csr<br \/>\nCountry Name (2 letter code) [AU]:JP<br \/>\nState or Province Name (full name) [Some-State]:Aichi<br \/>\nLocality Name (eg, city) []:Nagoya<br \/>\nOrganization Name (eg, company) [Internet Widgits Pty Ltd]:MyHome<br \/>\nOrganizational Unit Name (eg, section) []: Dept. for general purpose<br \/>\nCommon Name (e.g. server FQDN or YOUR name) []:www.example.jp<br \/>\nEmail Address []: oreore@example.jp<br \/>\nPlease enter the following 'extra' attributes<br \/>\nto be sent with your certificate request<br \/>\nA challenge password []:<br \/>\nAn optional company name []:<\/code><\/p>\n<p>\u5148\u307b\u3069\u4f5c\u6210\u3057\u305fCA\u3067\u30b5\u30fc\u30d0CSR\u306b\u7f72\u540d\u3059\u308b<br \/>\n<code><br \/>\n$ sudo openssl ca -in server.csr -config \/etc\/ssl\/openssl.cnf<br \/>\nUsing configuration from \/etc\/ssl\/openssl.cnf<br \/>\nEnter pass phrase for \/etc\/ssl\/private\/cakey.pem: ********<br \/>\n....<\/code><\/p>\n<p>\u8a3c\u660e\u66f8\u304c\/etc\/ssl\/newcerts\/01.pem\u3068\u3057\u3066\u4f5c\u6210\u3055\u308c\u308b\u306e\u3067\u3001\u8a3c\u660e\u66f8\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306b\u30b3\u30d4\u30fc\u3059\u308b\u3002<br \/>\n<code>$ sudo cp \/etc\/ssl\/newcerts\/01.pem \/etc\/ssl\/certs\/server.crt<\/code><\/p>\n<p>\u9375\u30d5\u30a1\u30a4\u30eb\u3082\u4fdd\u5b58\u3057\u3066\u304a\u304f<br \/>\n<code><br \/>\n$ sudo cp server.key \/etc\/ssl\/private\/server.key<br \/>\n$ sudo chown root:root \/etc\/ssl\/private\/server.key<br \/>\n$ sudo chmod go-rwx \/etc\/ssl\/private\/server.key<\/code><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Web\u30b5\u30fc\u30d0\u4e0a\u306b\u72ec\u81eaCA\u3092\u69cb\u7bc9\u3057\u3066\u8a3c\u660e\u66f8\u3092\u4f5c\u6210\u3059\u308b\u3002 OS: Ubuntu12.04 \u53c2\u8003URL: Ubuntu documentation: Certificates \u5fc5\u8981\u306a\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u4f5c\u6210 $ sudo mkdir [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[9,7],"tags":[],"_links":{"self":[{"href":"https:\/\/fsck.jp\/index.php?rest_route=\/wp\/v2\/posts\/10"}],"collection":[{"href":"https:\/\/fsck.jp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fsck.jp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fsck.jp\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fsck.jp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=10"}],"version-history":[{"count":0,"href":"https:\/\/fsck.jp\/index.php?rest_route=\/wp\/v2\/posts\/10\/revisions"}],"wp:attachment":[{"href":"https:\/\/fsck.jp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=10"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fsck.jp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=10"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fsck.jp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=10"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}