Edited at


More than 1 year has passed since last update.


cd /root

mkdir csr

cd csr

touch csr

openssl sha1 * > sha1.dat


openssl genrsa -des3 -out server.key -rand sh1.dat 2048

Enter pass phrase for server.key:xxxxxxxxxx

Verifying - Enter pass phrase for server.key:xxxxxxxxxx

openssl req -new -key server.key -out CSRyyyymmdd.txt

Country Name (2 letter code) [XX]:JP

State or Province Name (full name) []:

Locality Name (eg, city) [Default City]:

Organization Name (eg, company) [Default Company Ltd]:test

Organizational Unit Name (eg, section) []:test

Common Name (eg, your name or your server's hostname) []:www.test.jp

Email Address []:

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

openssl asn1parse -in CSRyyyymmdd.txt


vi /etc/pki/tsl/openssl.cnf


string_mask = utf8only

string_mask = nombstr


service sshd restart