Openssl 사설 인증서 만들기

 

Https 를 적용해야 할 경우 간단하게 만들어서 테스트를 해볼 수 있다.

그 준비물인 사설 인증서를 생성해 보자.

 

Step 1. private key 생성하기

 

whitelife@whitelife:~/openssl/test$ openssl genrsa > key.pem

 

-----BEGIN RSA PRIVATE KEY-----
MIIBPAIBAAJBAKoBPDY0MJvDwAOsH1D3ITHtHiH/38HX0FwDT3T3wTJRerr8rwUl
bqnWuD8v054z/Kx+PlDRTVoNICkkiFgJKv8CAwEAAQJBAJCCFEiO/HKrZmC4wrX0
G8dwo5iLBAymAnr0ZWor35GAxbG3KFh6cj7M0oeUIJSniIKhUBWg4eq64tS/0sTX
62ECIQDfUWa8GoQxr26TPmLUBVXyxw9fb+2BVYffvawkJoGJIwIhAMLidX73oZMu
k/XHcCcFoWkx1jxtVsHfcPODVfJRD2p1AiB+ti922AzeLE6vmZx19TkZcj2Ux2ua
ES/xkivUr0ycxQIhAIbqM6E0WZ0E79WEvjWlhjrHD6NBpoAM6asLTyKzz1JJAiEA
j1pwThKycdp2s1q8AWLIeKxOGGTVfQfHtt2r58wpF9o=
-----END RSA PRIVATE KEY-----

 

Step 2-1.  CSR 생성

 

whitelife@whitelife:~/openssl/test$ openssl req -new -key key.pem > csr.pem

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:82
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

-----BEGIN CERTIFICATE REQUEST-----
MIH/MIGqAgEAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwXDANBgkqhkiG9w0BAQEF
AANLADBIAkEAqgE8NjQwm8PAA6wfUPchMe0eIf/fwdfQXANPdPfBMlF6uvyvBSVu
qda4Py/TnjP8rH4+UNFNWg0gKSSIWAkq/wIDAQABoAAwDQYJKoZIhvcNAQEFBQAD
QQBoQBxqUzqQij8nVk6evB48s+HEfwOVlXjN91Lljq+Pt0flBQk0Bcyg7st6LFI0
f3lUp2NH2Buwz1rHvHvksPG1
-----END CERTIFICATE REQUEST-----

 

Step 2-2.  X.509 인증서 생성

private key, csr 을 이용하여 공인 인증서 생성 x509 구조로 변환 sha1 을 적용 한다.

 

whitelife@whitelife:~/openssl/test$ openssl req -x509 -nodes -sha1 -key key.pem -days 3600 -in csr.pem -out cert.pem

-----BEGIN CERTIFICATE-----
MIIB0zCCAX2gAwIBAgIJAO0e6iF6uOhjMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQwHhcNMTMwNDI0MDkzOTM1WhcNMjMwMzAzMDkzOTM1WjBF
MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKoB
PDY0MJvDwAOsH1D3ITHtHiH/38HX0FwDT3T3wTJRerr8rwUlbqnWuD8v054z/Kx+
PlDRTVoNICkkiFgJKv8CAwEAAaNQME4wHQYDVR0OBBYEFKMjMlhvCA1jlu6rv9T0
SEKuMOWEMB8GA1UdIwQYMBaAFKMjMlhvCA1jlu6rv9T0SEKuMOWEMAwGA1UdEwQF
MAMBAf8wDQYJKoZIhvcNAQEFBQADQQB528m7Ytn0DEtGDaj7NyWrjFBQgCsYMikf
VMdqJtsh44t+gnslVlSfpszWFWJGwpPdWosGSbeAUx0l89B6mw0m
-----END CERTIFICATE-----

 

결과.

파일이 생성된 모습을 확인 할 수 있다.

 

drwxrwxr-x 2 whitelife whitelife 4096  4월 24 18:36 ./
drwxrwxr-x 3 whitelife whitelife 4096  4월 24 18:19 ../
-rw-rw-r-- 1 whitelife whitelife  692  4월 24 18:39 cert.pem
-rw-rw-r-- 1 whitelife whitelife  420  4월 24 18:30 csr.pem
-rw-rw-r-- 1 whitelife whitelife 9655  4월 24 18:36 help
-rw-rw-r-- 1 whitelife whitelife  497  4월 24 18:22 key.pem