OpenSSL オレオレCA認証局を作成する

OpenSSLを使用し、オレオレCA認証局を作成します。

①CAの鍵ペアと証明書を作成します(cacert.pemにCA証明書が格納され、cakey.pemに秘密鍵が格納されます）。
OpenSSL> req -new -x509 -newkey rsa:2048 -out cacert.pem -keyout cakey.pem
Loading 'screen' into random state - done
Generating a 2048 bit RSA private key
.................+++
................................................................................
........................+++
writing new private key to 'cakey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:jp
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:yasuyasu
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:yasuyasu.test.com
Email Address []:

②CA証明書が作成されているかを確認します。
OpenSSL> x509 -in cacert.pem -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            ab:41:63:c6:6b:3a:65:5d
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=jp, ST=Some-State, O=yasuyasu, CN=yasuyasu.test.com
        Validity
            Not Before: Nov 21 15:08:40 2011 GMT
            Not After : Dec 21 15:08:40 2011 GMT
        Subject: C=jp, ST=Some-State, O=yasuyasu, CN=yasuyasu.test.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:96:13:b7:72:76:df:f0:ad:96:ff:2d:3f:cd:3f:
                    1f:45:7a:7f:e0:30:49:d6:4a:fd:0d:b7:4b:7c:1c:
                    dd:f3:5f:a1:27:70:c9:ed:d4:41:d7:83:6b:24:d5:
                    6a:61:00:2c:92:7c:3b:85:82:53:fb:c5:e5:9b:37:
                    48:c0:1a:43:7c:2b:11:05:3b:d1:74:9b:66:1b:e1:
                    c1:56:b0:97:67:ec:54:8b:df:79:e5:9e:04:39:a7:
                    94:66:5c:d3:89:d5:ad:5a:9f:f4:7f:3c:ee:bf:ec:
                    0e:e0:be:de:22:45:fb:3b:58:cb:06:b3:50:2a:86:
                    15:2e:55:19:59:f0:e7:b2:fc:3c:73:46:97:9c:ee:
                    23:b3:ff:15:2c:f6:c9:4d:32:4c:b0:3d:83:57:60:
                    6d:e5:9b:a3:e1:fc:73:2a:b9:f8:29:38:1a:49:ba:
                    df:66:0b:21:ad:47:e6:ea:88:e2:13:68:47:1b:62:
                    59:75:f1:12:9d:e7:b7:79:96:df:b1:41:0f:82:92:
                    27:d0:6d:c1:d1:ae:fd:13:27:18:a3:15:c2:a5:ca:
                    12:76:91:3e:a0:9d:e3:93:0b:1d:fb:7c:7d:48:d0:
                    c1:07:bb:ea:f6:7f:4f:81:3e:32:fc:2e:fb:bb:6e:
                    a0:20:3b:90:dc:d5:ca:c2:d0:a1:88:ca:6a:0a:44:
                    53:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:D3:80:81:56:42:E7:D1:CA:A8:72:18:33:A4:07:39:3F:8D:91:68
            X509v3 Authority Key Identifier:
                keyid:62:D3:80:81:56:42:E7:D1:CA:A8:72:18:33:A4:07:39:3F:8D:91:6
8

            X509v3 Basic Constraints:
                CA:TRUE
    Signature Algorithm: sha1WithRSAEncryption
        69:ed:2b:c3:3f:04:8e:ab:14:2f:17:56:a2:51:96:d3:98:e5:
        a0:9a:be:86:39:c7:7c:27:8a:50:05:d3:c1:6e:49:81:fc:f7:
        f0:b1:67:5d:33:da:58:01:bc:73:79:76:a7:80:80:9b:82:c8:
        a8:81:8d:20:69:e7:fb:b5:4a:a4:8f:e0:34:81:ae:b1:7a:79:
        9b:3a:83:11:4a:22:bb:cc:98:09:d5:30:d9:27:14:74:2c:a5:
        4e:b9:62:ff:39:0d:db:90:fc:d1:c4:0a:e4:5e:80:08:2a:27:
        7b:89:8c:c0:2c:6d:ac:f1:ea:71:30:44:04:cd:d3:a4:73:b0:
        77:d6:6b:7a:22:33:d6:65:ed:48:30:ef:db:52:cc:ae:ec:b5:
        e0:bf:e1:80:a4:d3:83:5d:dd:c2:7c:3c:63:a5:5c:5c:cd:29:
        60:83:9c:49:02:68:1c:02:92:b7:61:70:b8:59:84:f6:2b:10:
        b8:d7:71:60:58:38:db:c1:6d:7a:35:32:6d:dd:5e:d6:4f:4e:
        28:af:57:ea:10:c5:f8:5c:16:dc:46:bc:13:8c:fe:48:0e:99:
        cc:85:08:4b:0d:a6:7e:6e:e5:84:8d:fe:34:aa:7d:35:b3:97:
        e7:a8:4f:45:f6:26:da:e0:a5:f6:f5:8e:a5:c4:0e:ac:22:14:
        11:3e:00:3f
-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgIJAKtBY8ZrOmVdMA0GCSqGSIb3DQEBBQUAMFExCzAJBgNV
BAYTAmpwMRMwEQYDVQQIDApTb21lLVN0YXRlMREwDwYDVQQKDAh5YXN1eWFzdTEa
MBgGA1UEAwwReWFzdXlhc3UudGVzdC5jb20wHhcNMTExMTIxMTUwODQwWhcNMTEx
MjIxMTUwODQwWjBRMQswCQYDVQQGEwJqcDETMBEGA1UECAwKU29tZS1TdGF0ZTER
MA8GA1UECgwIeWFzdXlhc3UxGjAYBgNVBAMMEXlhc3V5YXN1LnRlc3QuY29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhO3cnbf8K2W/y0/zT8fRXp/
4DBJ1kr9DbdLfBzd81+hJ3DJ7dRB14NrJNVqYQAsknw7hYJT+8XlmzdIwBpDfCsR
BTvRdJtmG+HBVrCXZ+xUi9955Z4EOaeUZlzTidWtWp/0fzzuv+wO4L7eIkX7O1jL
BrNQKoYVLlUZWfDnsvw8c0aXnO4js/8VLPbJTTJMsD2DV2Bt5Zuj4fxzKrn4KTga
SbrfZgshrUfm6ojiE2hHG2JZdfESnee3eZbfsUEPgpIn0G3B0a79EycYoxXCpcoS
dpE+oJ3jkwsd+3x9SNDBB7vq9n9PgT4y/C77u26gIDuQ3NXKwtChiMpqCkRTvwID
AQABo1AwTjAdBgNVHQ4EFgQUYtOAgVZC59HKqHIYM6QHOT+NkWgwHwYDVR0jBBgw
FoAUYtOAgVZC59HKqHIYM6QHOT+NkWgwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B
AQUFAAOCAQEAae0rwz8EjqsULxdWolGW05jloJq+hjnHfCeKUAXTwW5Jgfz38LFn
XTPaWAG8c3l2p4CAm4LIqIGNIGnn+7VKpI/gNIGusXp5mzqDEUoiu8yYCdUw2ScU
dCylTrli/zkN25D80cQK5F6ACCone4mMwCxtrPHqcTBEBM3TpHOwd9ZreiIz1mXt
SDDv21LMruy14L/hgKTTg13dwnw8Y6VcXM0pYIOcSQJoHAKSt2FwuFmE9isQuNdx
YFg428FtejUybd1e1k9OKK9X6hDF+FwW3Ea8E4z+SA6ZzIUISw2mfm7lhI3+NKp9
NbOX56hPRfYm2uCl9vWOpcQOrCIUET4APw==
-----END CERTIFICATE-----