{"id":219,"date":"2026-04-06T00:40:49","date_gmt":"2026-04-05T15:40:49","guid":{"rendered":"https:\/\/falcon21.space\/kazuya\/work\/?page_id=219"},"modified":"2026-04-06T00:40:49","modified_gmt":"2026-04-05T15:40:49","slug":"almalinux10-openssl-%e8%a8%ad%e5%ae%9a","status":"publish","type":"page","link":"https:\/\/falcon21.space\/kazuya\/work\/?page_id=219","title":{"rendered":"AlmaLinux10 openssl \u8a2d\u5b9a"},"content":{"rendered":"\n
\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000AlmaLinux10 openssl \u8a2d\u5b9a<\/strong>
**********************************************************************

AlmaLinux 10\u306b\u304a\u3051\u308bOpenSSL\u8a2d\u5b9a\u306f\u3001\u4e3b\u306b\/etc\/pki\/tls\/openssl.cnf\u30d5\u30a1\u30a4\u30eb\u306e\u7de8\u96c6<\/strong>\u3068\u3001OpenSSL\u30b3\u30de\u30f3\u30c9\u3092\u4f7f\u7528\u3057\u305f\u8a3c\u660e\u66f8\u7ba1\u7406\u3067\u884c\u308f\u308c\u307e\u3059\u3002\u6700\u65b0\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8981\u4ef6\uff08TLS 1.2\/1.3\uff09\u306b\u57fa\u3065\u304d\u3001\u6697\u53f7\u30b9\u30a4\u30fc\u30c8\u3084\u8a3c\u660e\u66f8\u767a\u884c\uff08CSR\u3001\u81ea\u5df1\u7f72\u540d\u8a3c\u660e\u66f8\uff09\u306e\u5b9a\u7fa9\u3092\u884c\u3044\u307e\u3059\u3002\u30d1\u30c3\u30b1\u30fc\u30b8\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u306b\u306fdnf\u3092\u4f7f\u7528\u3057\u307e\u3059\u3002

\u57fa\u672c\u8a2d\u5b9a\u624b\u9806
\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/strong>\u78ba\u8a8d (\u6700\u65b0\u30d0\u30fc\u30b8\u30e7\u30f3\u304c\u30d7\u30ea\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u3066\u3044\u308b\u5834\u5408\u304c\u591a\u3044)
bash
sudo dnf install openssl<\/strong>

root@falcon21:~# dnf -y reinstall openssl<\/strong>
\u518d\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u4e2d : openssl-1:3.5.1<\/strong>-7.el10_1.alma.1.x86_64 1\/2
\u6574\u7406 : openssl-1:3.5.1-7.el10_1.alma.1.x86_64 2\/2
scriptlet\u306e\u5b9f\u884c\u4e2d: openssl-1:3.5.1-7.el10_1.alma.1.x86_64 2\/2

\u518d\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u6e08\u307f:
openssl-1:3.5.1-7.el10_1.alma.1.x86_64

\u5b8c\u4e86\u3057\u307e\u3057\u305f!

——————-

\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306e\u7de8\u96c6
\/etc\/pki\/tls\/openssl.cnf\u3092\u5fc5\u8981\u306b\u5fdc\u3058\u3066\u7de8\u96c6<\/strong>\u3057\u3001\u30c7\u30d5\u30a9\u30eb\u30c8\u306e\u6697\u53f7\u5316\u65b9\u5f0f\uff08[ v3_ca ]\u30bb\u30af\u30b7\u30e7\u30f3\u306a\u3069\uff09\u3092\u4fee\u6b63\u3057\u307e\u3059

\u3002
\u8a3c\u660e\u66f8\u306e\u751f\u6210<\/strong>
\u79d8\u5bc6\u9375\u3068CSR\u3092\u751f\u6210\u3057\u3001\u5b89\u5168\u306a\u5834\u6240\u306b\u4fdd\u7ba1\u3057\u307e\u3059\u3002
bash
# \u79d8\u5bc6\u9375\u306e\u751f\u6210 <\/strong>(\u4f8b: 3072\u30d3\u30c3\u30c8 RSA)
openssl genrsa -out private.key 3072<\/strong>

# CSR\u306e\u4f5c\u6210<\/strong>
openssl req -new -key private.key -out request.csr -config \/etc\/pki\/tls\/openssl.cnf<\/strong>


\u4e3b\u306a\u8a2d\u5b9a\u9805\u76ee<\/strong>
\u30d5\u30a1\u30a4\u30eb\u30d1\u30b9: \/etc\/pki\/tls\/openssl.cnf<\/strong>
\u8a3c\u660e\u66f8\u4fdd\u7ba1\u5834\u6240: \/etc\/pki\/tls\/certs\/<\/strong>
\u79d8\u5bc6\u9375\u4fdd\u7ba1\u5834\u6240: \/etc\/pki\/tls\/private\/<\/strong>

\u6700\u65b0\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6a19\u6e96\uff08\u4f8b\uff1aMinProtocol = TLSv1.2\uff09\u306b\u5f93\u3044\u3001\u69cb\u6210\u30d5\u30a1\u30a4\u30eb\u3092\u8abf\u6574\u3057\u3066\u304f\u3060\u3055\u3044\u3002 OpenStandia?\u3010NRI\u3011\u3001note\u3002

\u3000
**********************************************************************

AlmaLinux 10\uff08Red Hat Enterprise Linux 10 \u4e92\u63db\uff09<\/strong>\u306b\u304a\u3051\u308b OpenSSL \u306e\u8a2d\u5b9a\u306f\u3001\u3053\u308c\u307e\u3067\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\uff08AlmaLinux 8\/9\uff09\u3068\u540c\u69d8\u306b\u3001\u30d1\u30c3\u30b1\u30fc\u30b8\u7ba1\u7406\u30c4\u30fc\u30eb dnf \u3092\u4f7f\u7528\u3057\u305f\u7ba1\u7406\u3068\u3001\/etc\/pki\/tls\/ \u914d\u4e0b\u3067\u306e\u69cb\u6210\u304c\u57fa\u672c\u3068\u306a\u308a\u307e\u3059\u3002
\u7279\u306b AlmaLinux 10 \u3067\u306f\u3001\u6a19\u6e96\u3067 OpenSSL 3.x \u7cfb\u304c\u63a1\u7528<\/strong>\u3055\u308c\u3066\u304a\u308a\u3001\u8010\u91cf\u5b50\u8a08\u7b97\u6a5f\u6697\u53f7 (PQC) \u3078\u306e\u5bfe\u5fdc\u306a\u3069\u3001\u6b21\u4e16\u4ee3\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u57fa\u6e96\u304c\u5c0e\u5165\u3055\u308c\u3066\u3044\u307e\u3059


1. \u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3068\u30d0\u30fc\u30b8\u30e7\u30f3\u78ba\u8a8d
\u901a\u5e38\u3001AlmaLinux 10 \u306b\u306f\u6a19\u6e96\u3067\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u3066\u3044\u307e\u3059\u304c\u3001\u6700\u65b0\u306e\u72b6\u614b\u306b\u3059\u308b\u306b\u306f\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u307e\u3059\u3002
\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\/\u66f4\u65b0<\/strong>: sudo dnf install openssl<\/strong>
\u30d0\u30fc\u30b8\u30e7\u30f3\u78ba\u8a8d:<\/strong> openssl version<\/strong>

root@falcon21:~# openssl version<\/strong>
OpenSSL 3.5.1 1<\/strong> Jul 2025 (Library: OpenSSL 3.5.1 1 Jul 2025)


2. \u4e3b\u306a\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3068\u30c7\u30a3\u30ec\u30af\u30c8\u30ea
\u8a2d\u5b9a\u3084\u8a3c\u660e\u66f8\u306e\u914d\u7f6e\u5834\u6240\u306f\u4ee5\u4e0b\u306e\u901a\u308a\u3067\u3059\u3002
\u30e1\u30a4\u30f3\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb: \/etc\/pki\/tls\/openssl.cnf<\/strong>

\u30b7\u30b9\u30c6\u30e0\u5168\u4f53\u306e\u30c7\u30d5\u30a9\u30eb\u30c8\u8a2d\u5b9a\uff08\u6697\u53f7\u5316\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0\u306e\u512a\u5148\u9806\u4f4d\u306a\u3069\uff09\u3092\u7ba1\u7406\u3057\u307e\u3059\u3002
\u79d8\u5bc6\u9375\u306e\u914d\u7f6e\u5148<\/strong>: \/etc\/pki\/tls\/private\/<\/strong>
\u8a3c\u660e\u66f8\u306e\u914d\u7f6e\u5148: \/etc\/pki\/tls\/certs\/<\/strong>


3. \u6697\u53f7\u5316\u30dd\u30ea\u30b7\u30fc\u306e\u7ba1\u7406 (Crypto Policies)
AlmaLinux 10 \u3067\u306f\u3001\u500b\u5225\u306e openssl.cnf \u3092\u7de8\u96c6\u3059\u308b\u3088\u308a\u3082\u3001\u30b7\u30b9\u30c6\u30e0\u5168\u4f53\u306e\u6697\u53f7\u5316\u30dd\u30ea\u30b7\u30fc (update-crypto-policies) \u3092\u4f7f\u7528\u3057\u3066\u3001OS \u5168\u4f53\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30ec\u30d9\u30eb\u3092\u4e00\u62ec\u8a2d\u5b9a\u3059\u308b\u3053\u3068\u304c\u63a8\u5968\u3055\u308c\u307e\u3059\u3002

\u73fe\u5728\u306e\u30dd\u30ea\u30b7\u30fc\u78ba\u8a8d:<\/strong> update-crypto-policies –show<\/strong>

\u30dd\u30ea\u30b7\u30fc\u306e\u5909\u66f4\u4f8b (DEFAULT \u3078\u306e\u8a2d\u5b9a)<\/strong>: sudo update-crypto-policies –set DEFAULT<\/strong>
\u3088\u308a\u53b3\u683c\u306a\u8a2d\u5b9a\u304c\u5fc5\u8981\u306a\u5834\u5408\u306f FUTURE\u3001\u4e92\u63db\u6027\u512a\u5148\u306e\u5834\u5408\u306f LEGACY \u3092\u6307\u5b9a\u3057\u307e\u3059\u304c\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5411\u4e0a\u306e\u305f\u3081 DEFAULT \u4ee5\u4e0a\u304c\u63a8\u5968\u3055\u308c\u307e\u3059\u3002


4. \u4e00\u822c\u7684\u306a\u64cd\u4f5c\u30b3\u30de\u30f3\u30c9\u4f8b
OpenSSL \u3092\u4f7f\u7528\u3057\u305f\u8a3c\u660e\u66f8\u4f5c\u6210\u306a\u3069\u306e\u57fa\u672c\u64cd\u4f5c\u306f\u4ee5\u4e0b\u306e\u901a\u308a\u3067\u3059\u3002
\u79d8\u5bc6\u9375\u306e\u751f\u6210: openssl genrsa -out server.key 2048<\/strong>
CSR\uff08\u8a3c\u660e\u66f8\u7f72\u540d\u8981\u6c42\uff09\u306e\u751f\u6210:<\/strong> openssl req -new -key server.key -out server.csr<\/strong>
\u81ea\u5df1\u7f72\u540d\u8a3c\u660e\u66f8\u306e\u4f5c\u6210:<\/strong> openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt<\/strong>


**********************************************************************

root@falcon21:~# openssl version<\/strong>
OpenSSL 3.5.1 1 Jul 2025 (Library: OpenSSL 3.5.1 1 Jul 2025)

root@falcon21:~# update-crypto-policies –show<\/strong>
DEFAULT


\u79d8\u5bc6\u9375\u306e\u751f\u6210:<\/strong>
root@falcon21:~# openssl genrsa -des3 2048 > falcon21.space.key<\/strong>
Enter PEM pass phrase: o90okm,.loss<\/strong>
Verify failure
40977A87107F0000:error:1400006B:UI routines:UI_process:processing error:crypto\/ui\/ui_lib.c:552:while reading strings
40977A87107F0000:error:0480006D:PEM routines:PEM_def_callback:problems getting password:crypto\/pem\/pem_lib.c:62:
40977A87107F0000:error:07880109:common libcrypto routines:do_ui_passphrase:interrupted or cancelled:crypto\/passphrase.c:178:
40977A87107F0000:error:1C80009F:Provider routines:p8info_to_encp8:unable to get passphrase:providers\/implementations\/encode_decode\/encode_key2any.c:123:

CSR\uff08\u8a3c\u660e\u66f8\u7f72\u540d\u8981\u6c42\uff09\u306e\u751f\u6210:<\/strong>
root@falcon21:~# openssl req -new -key server.key -out falcon21.space.csr<\/strong>
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [XX]:JP<\/strong>
State or Province Name (full name) []:Gifu<\/strong>
Locality Name (eg, city) [Default City]:Anpachi<\/strong>
Organization Name (eg, company) [Default Company Ltd]:falcon21<\/strong>
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server’s hostname) []:falcon21.space<\/strong>
Email Address []:root@falcon21.space<\/strong>

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:ol.,mko09oss<\/strong>
An optional company name []:


CSR\u306e\u5185\u5bb9\u3092\u78ba\u8a8d<\/strong>
root@falcon21:~# openssl req -text -noout -in falcon21.space.csr<\/strong>

41:2f Exponent: 65537 (0x10001) Attributes: challengePassword :ol.,mko09oss Requested Extensions: Signature Algorithm: sha256WithRSAEncryption Signature Value: 5b:c7:95:5c:a7:e9:10:da:3b:d2:c2:e7:f9:68:4e:28:2d:ce: 8e:e9:0b:60:cc:c4:c7:34:58:db:17:90:26:eb:ef:1a:c7:63: 37:dd:2e:17:fb:6f:a1:be:99:56:3c:ab:e8:7f:f3:bd:f0:d8: c4:64:85:c9:38:76:e8:f3:c7:d5:95:1e:b8:88:c5:02:fd:a2: 50:6c:86:ac:ac:2f:77:98:a4:8e:ad:03:92:53:75:74:64:ca: 85:ea:23:5b:1e:36:e0:22:e2:e1:38:e3:05:e8:8c:90:c8:b9: 73:e1:aa:b4:1d:f8:92:c4:32:1f:3b:a3:ac:6f:b2:a6:5e:ad: 73:7b:df:18:d5:20:74:d7:ff:b4:ea:e8:33:df:7a:52:d3:de: e5:67:0b:28:c6:a9:b2:4a:1f:d3:82:47:c9:12:09:6e:8d:5e: bc:dd:02:da:d9:63:ad:50:64:05:49:f5:5b:9e:21:52:0c:99: d7:08:fc:1c:9d:62:f6:89:17:26:cb:c6:ce:12:20:46:11:63: 1d:0b:2b:ac:12:90:ae:84:56:df:c0:33:9d:5a:0b:ea:e9:96: 42:1f:95:88:45:d7:3c:50:c1:c6:e9:42:7a:78:60:82:10:4e: 6e:57:0f:79:79:54:b6:3a:28:84:f1:37:47:e3:d8:ad:e8:d8: f1:89:e0:34

root@falcon21:~# systemctl restart httpd<\/strong>


5. AlmaLinux 10 \u306e\u7279\u7b46\u70b9\uff1a\u8010\u91cf\u5b50\u6697\u53f7 (PQC)
AlmaLinux 10 \u3067\u306f\u3001\u5c06\u6765\u7684\u306a\u91cf\u5b50\u30b3\u30f3\u30d4\u30e5\u30fc\u30bf\u306b\u3088\u308b\u89e3\u8aad\u30ea\u30b9\u30af\u306b\u5099\u3048\u3001\u8010\u91cf\u5b50\u8a08\u7b97\u6a5f\u6697\u53f7 (PQC) \u3092\u8a66\u7528\u30fb\u8a2d\u5b9a\u3067\u304d\u308b\u74b0\u5883\u304c\u6574\u3044\u59cb\u3081\u3066\u3044\u307e\u3059\u3002\u7279\u5b9a\u306e\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0\u3092\u5229\u7528\u3059\u308b\u5834\u5408\u306f\u3001OpenSSL \u306e\u30d7\u30ed\u30d0\u30a4\u30c0\u8a2d\u5b9a\u304c\u5fc5\u8981\u306b\u306a\u308b\u3053\u3068\u304c\u3042\u308a\u307e\u3059
\u3000<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000AlmaLinux10 openssl \u8a2d\u5b9a********************************************************************** Al […]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-219","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/falcon21.space\/kazuya\/work\/index.php?rest_route=\/wp\/v2\/pages\/219","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/falcon21.space\/kazuya\/work\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/falcon21.space\/kazuya\/work\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/falcon21.space\/kazuya\/work\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/falcon21.space\/kazuya\/work\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=219"}],"version-history":[{"count":1,"href":"https:\/\/falcon21.space\/kazuya\/work\/index.php?rest_route=\/wp\/v2\/pages\/219\/revisions"}],"predecessor-version":[{"id":220,"href":"https:\/\/falcon21.space\/kazuya\/work\/index.php?rest_route=\/wp\/v2\/pages\/219\/revisions\/220"}],"wp:attachment":[{"href":"https:\/\/falcon21.space\/kazuya\/work\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=219"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}