秘密鍵と公開鍵の生成
RSA秘密鍵の生成
[root@falcon21 ~]# openssl genrsa 1024 > private-key.pem
Generating RSA private key, 1024 bit long modulus
..++++++
...................++++++
e is 65537 (0x10001)
-------------------------
RSA公開鍵の生成
[root@falcon21 ~]# openssl rsa -in private-key.pem -pubout -out public-key.pem
writing RSA key
---------------------------
証明書署名要求 (Certificate Signing Request, CSR)生成
[root@falcon21 ~]# openssl req -new -key private-key.pem > my-request.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
-----
Country Name (2 letter code) [JP]:JP
State or Province Name (full name) [Gifu]:
Locality Name (eg, city) [anpachi]:
Organization Name (eg, company) [falcon21.space]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:falcon21.space
Email Address [webmaster@falcon21.space]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
------------------------------------
CSRから証明書を発行する
[root@falcon21 ~]# openssl x509 -req -in my-request.csr -signkey private-key.pem -out public-key.crt -days 3650
Signature ok
subject=/C=JP/ST=Gifu/L=anpachi/O=falcon21.space/CN=falcon21.space/emailAddress=webmaster@falcon21.space
Getting Private key
------------------------------------
certbot SSLサーバー証明を使っているので、必要ない。