OpenSSLで自己署名証明書の作成

①自己署名証明書を作成する。


C:\Windows\system32>c:\OpenSSL-Win64\bin\openssl.exe req -new -days 365 -x509 -nodes -keyout c:\key.pem -out cert.pem
Loading 'screen' into random state - done
Generating a 1024 bit RSA private key
......................................++++++
.........++++++
writing new private key to 'c:\key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Organization Name (company) [My Company]:
Organizational Unit Name (department, division) []:
Email Address []:
Locality Name (city, district) [My Town]:
State or Province Name (full name) [State or Providence]:
Country Name (2 letter code) [US]:jp
Common Name (hostname, IP, or your name) []:hoge
C:\Windows\system32>


②自己署名証明書の内容を表示する。

C:\Windows\system32>c:\OpenSSL-Win64\bin\openssl.exe x509 -text -noout < cert.pem
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            d8:99:b3:23:53:be:b8:77
        Signature Algorithm: md5WithRSAEncryption
        Issuer: O=My Company, L=My Town, ST=State or Providence, C=jp, CN=hoge
        Validity
            Not Before: Oct 31 14:30:25 2011 GMT
            Not After : Oct 30 14:30:25 2012 GMT
        Subject: O=My Company, L=My Town, ST=State or Providence, C=jp, CN=hoge
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:c9:ae:5b:2f:1c:f7:50:29:4f:d6:3f:41:e8:8a:
                    30:27:f5:1e:b1:d6:6e:c5:a7:64:2b:54:00:c5:34:
                    e9:76:5f:15:9d:bb:7a:95:c6:51:70:64:64:2e:c7:
                    69:76:41:9d:83:d6:68:24:30:bb:2f:c9:86:8a:95:
                    75:ce:71:28:c8:bc:84:26:90:2f:21:65:ba:d8:9e:
                    49:d5:86:de:36:be:c3:02:e9:9a:37:19:35:59:02:
                    2a:fb:6e:e8:25:de:66:9e:72:8a:07:43:33:5d:b7:
                    c8:53:06:14:11:5a:83:39:56:34:76:82:15:d4:58:
                    26:2d:98:ef:8b:5f:13:ac:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints:

                CA:TRUE

            X509v3 Subject Key Identifier:

                2E:52:66:7C:4C:F3:7B:78:73:D0:56:6D:3D:FD:21:6B:4C:60:82:C4

            X509v3 Authority Key Identifier:

                keyid:2E:52:66:7C:4C:F3:7B:78:73:D0:56:6D:3D:FD:21:6B:4C:60:82:C4

                DirName:/O=My Company/L=My Town/ST=State or Providence/C=jp/CN=hoge

                serial:D8:99:B3:23:53:BE:B8:77

            X509v3 Key Usage:

                Digital Signature

    Signature Algorithm: md5WithRSAEncryption

        6d:ba:d6:c7:4d:14:fe:bb:f9:01:4f:f0:4d:ed:c0:33:f2:13:

        c9:be:b9:82:30:3f:b4:b1:b9:aa:2e:87:84:3b:2a:8c:a2:90:

        28:5a:20:20:ce:e4:90:94:df:bb:ca:69:f2:75:ac:f5:70:fe:

        28:7e:91:bd:91:f3:d1:9d:2f:b9:f4:f1:35:c1:a9:b5:71:ce:

        5c:35:33:7b:82:fa:c9:b5:e7:a4:23:6a:e8:c3:25:4b:1b:60:

        21:54:7e:72:e9:62:7d:f2:57:44:6a:76:f0:76:90:8e:0d:fe:

        62:33:ec:25:b2:08:1e:e2:26:94:33:ec:4d:c0:df:f1:3f:50:

        56:cf

C:\Windows\system32>