Help us understand the problem. What is going on with this article?

Android端末にインストール可能なDER形式の自己証明書作成

More than 3 years have passed since last update.

opensslはインストール済みの前提。

1.秘密鍵の作成作成

$openssl genrsa 2048 > server.key

2. CSRファイルの作成

$openssl req -new -key server.key > server.csr
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:Fukuoka
Locality Name (eg, city) []:Fukuoka
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Company
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:example.com
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

3. 証明書の作成

$openssl x509 -req -in server.csr -signkey server.key -out server.crt -days 3650 -extfile v3.ext

※v3.extは以下の内容であらかじめ作成

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:TRUE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment

keyUsageの内容は以下のサイトがわかりやすかったです。
http://oxynotes.com/?p=4516

4.証明書のチェック

$openssl x509 -in server.crt -text -noout  
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            8a:・・・
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=JP, ST=Fukuoka, L=Fukuoka, O=Company, CN=example.com
        Validity
            Not Before: Feb 22 02:18:10 2017 GMT
            Not After : Feb 20 02:18:10 2027 GMT
        Subject: C=JP, ST=Fukuoka, L=Fukuoka, O=Company, CN=example.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:・・・
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                DirName:/C=JP/ST=Fukuoka/L=Fukuoka/O=Company/CN=example.com
                serial:・・・

            X509v3 Basic Constraints: 
                CA:TRUE
            X509v3 Key Usage: 
                Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment
    Signature Algorithm: sha1WithRSAEncryption
        93:・・・

5.DER形式に変換

$openssl x509 -in server.crt -out server.der.crt -outform der

6.Android端末にserver.der.crtをコピー

7.設定->セキュリティ->SDカードからインストールから、server.der.crtを選択

8.信頼できる認証情報->ユーザーに証明書が追加されていることを確認。

Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
Comments
No comments
Sign up for free and join this conversation.
If you already have a Qiita account
Why do not you register as a user and use Qiita more conveniently?
You need to log in to use this function. Qiita can be used more conveniently after logging in.
You seem to be reading articles frequently this month. Qiita can be used more conveniently after logging in.
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
ユーザーは見つかりませんでした