yum install mod_ssl
# cd /etc/pki/tls/certs/ # sed -i 's/365/3650/g' Makefile ※サーバー用証明書有効期限を1年から10年に変更 # make server.crt
# openssl genrsa -des3 2048 > ./ssl.key/ssl.globalsign.com.key
# openssl rsa -in server.key -out server.key
# vi /etc/ssl/certs/pass_phrase.sh #!/bin/sh echo "your passphrase"
# chmod 500 /etc/ssl/certs/pass_phrase.sh
# vi /etc/httpd/conf.d/ssl.conf SSLPassPhraseDialog exec:/etc/ssl/certs/pass_phrase.sh
# openssl req -new -key server.key -out server.csr
# openssl x509 -in server.csr -days 365 -req -signkey server.key > server.crt
# openssl x509 -x509toreq -in 証明書 -signkey 鍵ファイル -out 署名要求
# openssl x509 -x509toreq -in server.pem -signkey server.key -out server.csr
openssl rsa -in [秘密鍵] -pubout openssl x509 -in [証明書] -pubkey
# openssl rsa -in /etc/pki/tls/certs/server.key -pubout writing RSA key -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/smbmb0cX7DLKTTtDrbAEcORd RKwFLXB4kysLD5M8rdZ7mrKatJxkJy0G1zTaGGgRRn4vnK9gpAiG1st8JLEtV3H3 8RWbS14che8EmuKNn4U5pf6M67d68V9eMsBKFAERTWHGihoVGQ04rflzoaegdjQA 5dmU5eL0l8ktANsZ5QIDAQAB -----END PUBLIC KEY----- # openssl x509 -in /etc/pki/tls/certs/server.crt -pubkey -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/smbmb0cX7DLKTTtDrbAEcORd RKwFLXB4kysLD5M8rdZ7mrKatJxkJy0G1zTaGGgRRn4vnK9gpAiG1st8JLEtV3H3 8RWbS14che8EmuKNn4U5pf6M67d68V9eMsBKFAERTWHGihoVGQ04rflzoaegdjQA 5dmU5eL0l8ktANsZ5QIDAQAB -----END PUBLIC KEY----- -----BEGIN CERTIFICATE----- MIIDcTCCAtqgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMCSkEx EDAOBgNVBAgTB1RvdWt5b3UxEjAQBgNVBAcTCVR5dXVvdS1rdTEWMBQGA1UEChMN RmxhdEVpZ2h0LmNvbTEYMBYGA1UEAxMPd3d3LmZsYXQ4LmNvLmpwMSEwHwYJKoZI hvcNAQkBFhJtYXRzdWlAZmxhdDguY28uanAwHhcNMTAwNDI3MDIwODA4WhcNMjAw NDI0MDIwODA4WjCBiDELMAkGA1UEBhMCSkExEDAOBgNVBAgTB1RvdWt5b3UxEjAQ BgNVBAcTCVR5dXVvdS1rdTEWMBQGA1UEChMNRmxhdEVpZ2h0LmNvbTEYMBYGA1UE AxMPd3d3LmZsYXQ4LmNvLmpwMSEwHwYJKoZIhvcNAQkBFhJtYXRzdWlAZmxhdDgu Y28uanAwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL+yZuZvRxfsMspNO0Ot sARw5F1ErAUtcHiTKwsPkzyt1nuaspq0nGQnLQbXNNoYaBFGfi+cr2CkCIbWy3wk sS1XcffxFZtLXhyF7wSa4o2fhTml/ozrt3rxX14ywEoUARFNYcaKGhUZDTit+XOh p6B2NADl2ZTl4vSXyS0A2xnlAgMBAAGjgegwgeUwHQYDVR0OBBYEFOoA+LP6/ew0 dD+cHN1/ddKZxlooMIG1BgNVHSMEga0wgaqAFOoA+LP6/ew0dD+cHN1/ddKZxloo oYGOpIGLMIGIMQswCQYDVQQGEwJKQTEQMA4GA1UECBMHVG91a3lvdTESMBAGA1UE BxMJVHl1dW91LWt1MRYwFAYDVQQKEw1GbGF0RWlnaHQuY29tMRgwFgYDVQQDEw93 d3cuZmxhdDguY28uanAxITAfBgkqhkiG9w0BCQEWEm1hdHN1aUBmbGF0OC5jby5q cIIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAD5mWuFfXRZAXzXc iGsAY4oS1tQHl9NVGkEy7BF8lRNc7gLZjyxgApq6OcULUuPGALQcHCxOTHNLvQU+ AeKfYDuOKrjZxXnHS/+V5iM9hq+WoeAnZpkfA3MW7qdDlkC3L+/bqcZNvF0/Jlnc U19qc1XDEGuVRTBgaJtk+XKwC+QO -----END CERTIFICATE-----
# openssl req -in fl8.jp.csr -text
# openssl rsa -in fl8.jp.key -text
# openssl x509 -in fl8.jp.crt -text
openssl gendsa -out pkcs8_proxyhostip.com.key proxyhostip.com.key
このハッシュ値が合致していればOK
$ openssl x509 -issuer_hash -noout -in [サーバ証明書].crt 8d28ae65 $ openssl x509 -subject_hash -noout -in [中間証明書].crt 8d28ae65
中間証明書がちゃんと反映されている確認
03 SSL中間証明書確認