最終更新:2023-11-07 (火) 07:12:27 (170d)
openssl
Top / openssl
OpenSSL command line tool
DESCRIPTION
- OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by them.
- The openssl program is a command line tool for using the various cryptography functions of OpenSSL’s crypto library from the shell. It can be used for
- Creation of RSA, DH and DSA key parameters
- Creation of X.509 certificates, CSRs and CRLs
- Calculation of Message Digests
- Encryption and Decryption with Ciphers
- SSL/TLS Client and Server Tests
- Handling of S/MIME? signed or encrypted mail
Ubuntu/パッケージ
- Linux/usr/lib/ssl/misc/CA.pl
- Linux/etc/ssl/openssl.cnf?
- Linux/usr/lib/ssl/openssl.cnf?
依存
OpenSSL/標準コマンド
openssl genrsa
- 秘密鍵の作成
openssl genrsa -rand (擬似乱数ファイル名) -des3 (キー長) -out (秘密鍵ファイル名) openssl genrsa -des3 -out domainname.key 1024 openssl genrsa -out domainname.key 1024 #パスフレーズ不要
openssl req
- CSRの作成
openssl req -new -key (秘密鍵ファイル名) -out (CSRファイル名)
openssl rsa
- RSA key processing tool
CSR(Certificate Signing Request)作成
openssl req -new -key domainname.key -out domainname.csr
CRT(CeRTificate?)作成
openssl req -utf8 -new -key domainname.key -x509 -days 3650 -out domainname.crt -set_serial 0
パスフレーズの削除
openssl rsa -in domainname.key -out domainname.key
内容を表示
openssl req -text -in domainname.csr
Linux/etc/pki/tls/certs/Makefile
SERIAL=0 /usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days 365 -out $@ -set_serial $(SERIAL)