Hitachi Web Server
sslcユティリティの使用例を示します(ただし,使用例はWindows版の例です)。なお,この例で使用しているCommon Name,Email Addressなどは,すべて架空のものです。
C:\Program Files\Hitachi\httpsd\sslc\bin>sslc genrsa -rand file -des3 -out demoCA/httpsdkey.pem 1024 Loading 'entropy' into random state - 245480 semi-random bytes loaded Generating 2 prime RSA private key, 1024 bit long modulus ...+++++ ...+++++ e is 65537 (0x10001) Enter PEM pass phrase: <--- 4文字以上のパスワードを入力する Verifying password - Enter PEM pass phrase: <--- 再入力する |
秘密鍵の内容を,次に示します。
-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,838F6F481ABB2A00 Hvzt8P1deXb6+kEAU2TW8zS5eeXfQwh7ZrhNwATsVvDJp+MIg3gTP6aBHqoF4mve 5mC3PROTakKYe12Sard63kZujRrGo+Lp70E5ZYKuagKh7TrySWfIICFezsVwXewP XrDMx2gtLzK9mz2/4ZzQ/bykaByhKXeCVqvRhkRGmGy40DU5ja+h3jTLw5C0YUDm AVf/OBwKWNGPB3Aua7e801csEECENRbWmRs2MCzVt4c3+iRgovRbDC1A1+pGtjL2 WFa4z8JHumsCCqGSUYMHDFIkpi3yJYDEsRN4obj5qnEnq3mG9CngZg5SPBYQFGTR udXCOT+iOREi4iGH/Wft1IJUi9OPm94dJ+UmMOXJAZfN8wN3ATbhqaVyzftV9Tvt MZhxiaGASTaJii6KQDXgjDLGQntUtx5jkILDRYA7f/EOoXGFuqTf2s9JNmThg6IU CK3Ud5XYM0fhi/5y5PoeiyFFuuQWZz5bLYX8IZ0YE3KKhzfZuCsCrCdIlfGBm6s+ Degs/5IB+xUOm2zFoiH6n4wP39QI23TQTsE4hQkgkFLfAg2FUNYN0cGRWU4hJllY hYcrxXrqkwEsiB3VDCgvSsiknZyNhdZKQzKQXJGKFdekZzrUVIv+QPrjwjG9ELTR FPBoa4deumyyIeb90A4SKNS8wbFkgI9lKWXU7/87pg6D55Geya+WguzqbKAqizse CU02ou1HmtNofufc8Gk9xRl4MyGehb/RicVwM3IdU1tp6OLImxNzcUsM2SrqwFZz L/u9EK9ByzmuQlUzVRe+4UG8wNrEnD5t/405Ukoug7JzgA7s2b4Flw== -----END RSA PRIVATE KEY----- |
sslc reqユティリティを使用して,証明書発行要求(CSR)を作成します。ここで作成したCSRファイルをCAに提出して,署名済みの証明書を発行してもらいます。なお,Webサーバの秘密鍵作成時にパスワードを設定した場合は,CSR作成時に秘密鍵のパスワードの入力要求があります。
設定する項目,及び内容は,CSRを提出するCAの指示に従ってください。
C:\Program Files\Hitachi\httpsd\sslc\bin>sslc req -config demoCA/sslc.cnf -new -SHA1 -key demoCA/httpsdkey.pem -out demoCA/httpsd.csr Using configuration from demoCA/sslc.cnf Enter PEM pass phrase: <--- 秘密鍵のパスワードを入力する You will be prompted to enter information to incorporate into the certificate request. This information is called a Distinguished Name or a DN. There are many fields however some can remain blank. Some fields have default values. Enter '.', to leave the field blank. ----- Country Name (2 letter code) [JP]: State or Province Name (full name) [Kanagawa]: Locality Name (eg, city) [Yokohama-shi]: Organization Name (eg, company) []:HITACHI Organizational Unit Name (eg, section) []:WebSite Common Name (eg, YOUR name) []:www.hws.hitachi.co.jp Email Address [www-admin@server.example.com]:www-admin@hws.hitachi.co.jp Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: <--- 入力しない場合はリターンキーを押してください An optional company name []: <--- 入力しない場合はリターンキーを押してください |
CSRの形式を次に示します。
-----BEGIN CERTIFICATE REQUEST----- MIIB6DCCAVECAQAwgacxCzAJBgNVBAYTAkpQMREwDwYDVQQIEwhLYW5hZ2F3YTEV MBMGA1UEBxMMWW9rb2hhbWEtc2hpMRAwDgYDVQQKEwdISVRBQ0hJMRAwDgYDVQQL EwdXZWJTaXRlMR4wHAYDVQQDExV3d3cuaHdzLmhpdGFjaGkuY28uanAxKjAoBgkq hkiG9w0BCQEWG3d3dy1hZG1pbkBod3MuaGl0YWNoaS5jby5qcDCBnzANBgkqhkiG 9w0BAQEFAAOBjQAwgYkCgYEAxq4ChoNI3JXQKKmimWeWXgg+7wwjvPLk3awnpg9U Xt5lLSqL6d71w2chFIaj4OYDNkbQKtto3qTX/wo37XmK+u9dIfKFwFwNDA7AVKMX Zrl1nIugT5Vb1htwZpBuCDAHi7HiaeCQYJvE3e3roKib5SGmbyZ6erPt+py0c4py HgsCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAFwl4q/yBM7jzSIEMOXDnJPxC5gw XJBDna+rFXxaT6aelUEubKyCC2MXb9sdMC4cPfnIwyibLn/n2beDCZoaHOPsHZ+e 3ROaNkVdF3xmdgGzeG3yJBUQRFghlBefJLdiQcbavL5jjOCWWYy9KytOS2mO9PaT U2f2SuQzc8ZED0JN -----END CERTIFICATE REQUEST----- |
使用例を次に示します。
C:\Program Files\Hitachi\httpsd\sslc\bin>sslc req -config demoCA/sslc.cnf -new -x509 -keyout demoCA/private/cakey.pem -out demoCA/cacert.pem Using configuration from demoCA/sslc.cnf Loading 'screen' into random state -unable to load 'random state' What this means is that the random number generator has not been seeded with much random data. Consider setting the RANDFILE environment variable to point at a file that 'random' data can be kept in. Generating a 1024 bit RSA private key ............+++++ .............+++++ writing new private key to 'demoCA/private/cakey.pem' Enter PEM pass phrase: <--- 4文字以上のパスワードを入力する Verifying password - Enter PEM pass phrase: <--- 再入力する ----- You will be prompted to enter information to incorporate into the certificate request. This information is called a Distinguished Name or a DN. There are many fields however some can remain blank. Some fields have default values. Enter '.', to leave the field blank. ----- Country Name (2 letter code) [JP]: State or Province Name (full name) [Kanagawa]: Locality Name (eg, city) [Yokohama-shi]: Organization Name (eg, company) []:LOCAL-CA Organizational Unit Name (eg, section) []:ca1 Common Name (eg, YOUR name) []:ca1.hitachi.co.jp <--- Webサーバとは異なる名称を入力する。 Email Address [www-admin@server.example.com]:ca-admin@ca1.hitachi.co.jp |
使用例を次に示します。
C:\Program Files\Hitachi\httpsd\sslc\bin>sslc ca -config demoCA/sslc.cnf -keyfile demoCA/private/cakey.pem -cert demoCA/cacert.pem -out demoCA/newcert.pem -infiles demoCA/httpsd.csr Using configuration from demoCA/sslc.cnf Enter PEM pass phrase: <--- CAのパスワードを入力する Check that the request matches the signature Signature ok The Subjects Distinguished Name is as follows countryName :PRINTABLE:'JP' stateOrProvinceName :PRINTABLE:'Kanagawa' localityName :PRINTABLE:'Yokohama-shi' organizationName :PRINTABLE:'HITACHI' organizationalUnitName:PRINTABLE:'WebSite' commonName :PRINTABLE:'www.hws.hitachi.co.jp' emailAddress :IA5STRING:'www-admin@hws.hitachi.co.jp' Certificate is to be certified until Nov 29 07:03:07 2006 GMT (365 days) Sign the certificate? [y/n]:y <--- yを入力する 1 out of 1 certificate requests certified, commit? [y/n]y <--- yを入力する Write out database with 1 new entries Database Updated |
証明書の形式を次に示します。これを,テキストエディタなどで編集し,"-----BEGIN CERTIFICATE-----"から"-----END CERTIFICATE-----"の部分を別ファイルに保存して,SSLCertificateFileディレクティブで指定します。
C:\Program Files\Hitachi\httpsd\sslc\bin>type demoCA\newcert.pem issuer :/C=JP/ST=Kanagawa/L=Yokohama-shi/O=LOCAL-CA/OU=ca1/CN=ca1.hitachi.co.jp/Email=ca-admin@ca1.hitachi.co.jp subject:/C=JP/ST=Kanagawa/L=Yokohama-shi/O=HITACHI/OU=WebSite/CN=www.hws.hitachi.co.jp/Email=www-admin@hws.hitachi.co.jp serial :01 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: md5WithRSAEncryption Issuer: C=JP, ST=Kanagawa, L=Yokohama-shi, O=LOCAL-CA, OU=ca1, CN=ca1.hitachi.co.jp/Email=ca-admin@ca1.hitachi.co.jp Validity Not Before: Jun 4 01:20:51 2002 GMT Not After : Jun 4 01:20:51 2003 GMT Subject: C=JP, ST=Kanagawa, L=Yokohama-shi, O=HITACHI, OU=WebSite, CN=www.hws.hitachi.co.jp/Email=www-admin@hws.hitachi.co.jp Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) modulus: 00:b0:cc:2e:a8:45:18:92:5b:9d:06:23:72:53:42:54: cc:e1:0d:f9:30:6b:e9:0e:16:52:be:28:d6:38:0d:7e: a2:59:f1:cb:56:5b:11:c8:e2:23:5b:a3:b6:26:89:af: 10:21:3f:dc:dd:25:69:5f:45:38:9c:18:71:45:cd:4e: 43:45:ac:21:cc:8b:db:b8:8c:82:3f:79:71:af:5d:2a: a2:40:14:10:ce:97:68:0a:15:01:bb:a1:3c:c6:3f:0c: f0:bd:23:d3:0f:94:06:7e:15:91:96:c9:30:8c:46:31: 6a:73:ca:92:69:bf:c5:c3:ec:c4:6d:3e:79:a0:b6:67: 2f: publicExponent: 01:00:01: X509v3 extensions: Netscape Comment: Generated with RSA BSAFE SSL-C Signature Algorithm: md5WithRSAEncryption 07:cb:8c:26:67:2c:cd:e3:37:66:e8:70:3b:67:d2:36:3f:dd: 7d:1b:1d:bb:84:12:f2:2e:7c:22:b1:14:51:2c:7f:9c:8e:ce: 00:7e:4f:10:d2:d2:7c:7f:ff:a2:29:91:e4:b7:ab:4e:5d:4a: 41:43:12:d4:3a:b2:8d:04:58:c5:d8:06:6c:19:ba:f3:02:12: 9c:af:59:16:be:4c:5e:37:d1:55:fc:b7:8c:31:de:9b:b6:c3: c6:dd:74:87:41:5a:18:bb:d7:5c:a3:b4:db:a3:6f:7a:46:9d: ed:a3:d9:c6:cc:9e:6d:ed:e5:a7:f0:04:69:75:ad:85:11:53: 9b:1a -----BEGIN CERTIFICATE----- MIIC7zCCAligAwIBAgIBATANBgkqhkiG9w0BAQQFADCBnzELMAkGA1UEBhMCSlAx ETAPBgNVBAgTCEthbmFnYXdhMRUwEwYDVQQHEwxZb2tvaGFtYS1zaGkxETAPBgNV BAoTCExPQ0FMLUNBMQwwCgYDVQQLEwNjYTExGjAYBgNVBAMTEWNhMS5oaXRhY2hp LmNvLmpwMSkwJwYJKoZIhvcNAQkBFhpjYS1hZG1pbkBjYTEuaGl0YWNoaS5jby5q cDAeFw0wMjA2MDQwMTIwNTFaFw0wMzA2MDQwMTIwNTFaMIGnMQswCQYDVQQGEwJK UDERMA8GA1UECBMIS2FuYWdhd2ExFTATBgNVBAcTDFlva29oYW1hLXNoaTEQMA4G A1UEChMHSElUQUNISTEQMA4GA1UECxMHV2ViU2l0ZTEeMBwGA1UEAxMVd3d3Lmh3 cy5oaXRhY2hpLmNvLmpwMSowKAYJKoZIhvcNAQkBFht3d3ctYWRtaW5AaHdzLmhp dGFjaGkuY28uanAwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALDMLqhFGJJb nQYjclNCVMzhDfkwa+kOFlK+KNY4DX6iWfHLVlsRyOIjW6O2JomvECE/3N0laV9F OJwYcUXNTkNFrCHMi9u4jII/eXGvXSqiQBQQzpdoChUBu6E8xj8M8L0j0w+UBn4V kZbJMIxGMWpzypJpv8XD7MRtPnmgtmcvAgMBAAGjMTAvMC0GCWCGSAGG+EIBDQQg Fh5HZW5lcmF0ZWQgd2l0aCBSU0EgQlNBRkUgU1NMLUMwDQYJKoZIhvcNAQEEBQAD gYEAB8uMJmcszeM3ZuhwO2fSNj/dfRsdu4QS8i58IrEUUSx/nI7OAH5PENLSfH// oimR5LerTl1KQUMS1DqyjQRYxdgGbBm68wISnK9ZFr5MXjfRVfy3jDHem7bDxt10 h0FaGLvXXKO026Nvekad7aPZxsyebe3lp/AEaXWthRFTmxo= -----END CERTIFICATE----- |
All Rights Reserved. Copyright (C) 2006, 2007, Hitachi, Ltd.