4.10.3 Procedure for confirming files used for HTTPS communications
This section describes the procedure for confirming the contents of the private server key, certificate signing request (CSR), and server certificate files.
- Organization of this subsection
(1) Procedure for confirming private server key encryption
You can verify whether the private server key is encrypted by opening it in a text editor. The format used for private server key files is shown below for each encryption method.
(a) When using RSA encryption
- Format of an unencrypted private server key file
-----BEGIN RSA PRIVATE KEY----- ...Multi-line enumeration of alphanumeric characters and symbols... -----END RSA PRIVATE KEY-----
- Format of an encrypted private server key file
-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: information-on-the-encryption-method ...Multi-line enumeration of alphanumeric characters and symbols... -----END RSA PRIVATE KEY-----
(b) When using ECC
- Format of an unencrypted private server key file
-----BEGIN EC PRIVATE KEY----- ...Multi-line enumeration of alphanumeric characters and symbols... -----END EC PRIVATE KEY-----
- Format of an encrypted private server key file
-----BEGIN ENCRYPTED PRIVATE KEY----- ...Multi-line enumeration of alphanumeric characters and symbols... -----END ENCRYPTED PRIVATE KEY-----
(2) Procedure for confirming a certificate signing request (CSR)
You can verify the encryption method used for the public key, the SAN (Subject Alternative Name), and other information included in the certificate signing request (CSR) by executing the following command to output the information in text form.
- Format
"%UCNP_HOME%\PP\uCPSB\httpsd\sbin\openssl.bat" x509 -in server-certificate-file-path -noout -text
- Command execution example (when using RSA encryption)
"%UCNP_HOME%\PP\uCPSB\httpsd\sbin\openssl.bat" req -in "%UCNP_HOME%\PP\uCPSB\httpsd\conf\ssl\server\httpsd.csr" -text
(3) Procedure for confirming the server certificate
You can verify the encryption method used for the public key, the SAN (Subject Alternative Name), and other information included in the server certificate by executing the following command to output the information in text form.
- Format
"%UCNP_HOME%\PP\uCPSB\httpsd\sbin\openssl.bat" x509 -in server-certificate-file-path -noout -text
- Command execution example (when using RSA encryption)
"%UCNP_HOME%\PP\uCPSB\httpsd\sbin\openssl.bat" x509 -in "%UCNP_HOME%\PP\uCPSB\httpsd\conf\ssl\server\httpsd.pem" -noout -text