1
2

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

SSLエラーが出ないSSL自己証明書を作る手順

Posted at

自己認証局を作り、その認証局にSSL自己証明書を発行してもらいましょう。
自己認証局の証明書はクライアントにインストールする必要があります。

自己認証局

認証局の秘密鍵を作る

openssl genrsa -des3 -out ca.key 2048

認証局の証明書を作る

openssl req -x509 -new -nodes -key ca.key -sha256 -days 36500 -out ca.pem
組織名だけでOK。

クライアントに認証局の証明書をインストール

MacOSならキーチェーンアクセスで「システム」に登録→「常に信頼」に設定
他OSはよしなに。

SSL自己証明書

SSL証明書の秘密鍵を作る

openssl genrsa -out server.key 2048

CSRを作る

openssl req -new -key server.key -out server.csr

マルチドメイン(SANs)を設定する

SANs設定ファイルを作る

server.ext
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = hoge.local
DNS.2 = fuga.local

SSL証明書を作る

openssl x509 -req -in server.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out server.crt -days 36500 -sha256 -extfile server.ext

1
2
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
1
2

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?