opensslはインストール済みの前提。
1.秘密鍵の作成作成
$openssl genrsa 2048 > server.key
2. CSRファイルの作成
$openssl req -new -key server.key > server.csr
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:Fukuoka
Locality Name (eg, city) []:Fukuoka
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Company
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:example.com
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
3. 証明書の作成
$openssl x509 -req -in server.csr -signkey server.key -out server.crt -days 3650 -extfile v3.ext
※v3.extは以下の内容であらかじめ作成
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:TRUE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
keyUsageの内容は以下のサイトがわかりやすかったです。
http://oxynotes.com/?p=4516
4.証明書のチェック
$openssl x509 -in server.crt -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
8a:・・・
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=JP, ST=Fukuoka, L=Fukuoka, O=Company, CN=example.com
Validity
Not Before: Feb 22 02:18:10 2017 GMT
Not After : Feb 20 02:18:10 2027 GMT
Subject: C=JP, ST=Fukuoka, L=Fukuoka, O=Company, CN=example.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:・・・
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
DirName:/C=JP/ST=Fukuoka/L=Fukuoka/O=Company/CN=example.com
serial:・・・
X509v3 Basic Constraints:
CA:TRUE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment
Signature Algorithm: sha1WithRSAEncryption
93:・・・
5.DER形式に変換
$openssl x509 -in server.crt -out server.der.crt -outform der
6.Android端末にserver.der.crtをコピー
7.設定->セキュリティ->SDカードからインストールから、server.der.crtを選択
8.信頼できる認証情報->ユーザーに証明書が追加されていることを確認。