Help us understand the problem. What is going on with this article?

OpenSSLコマンドの備忘録

More than 5 years have passed since last update.

OpenSSLコマンドはいつも忘れてしまうので備忘に。

秘密鍵の作成

# 暗号化しない
openssl genrsa -out server.key 1024

# 3DESを使ってパスフレーズで暗号化する
openssl genrsa -aes128 -out server.key 1024

# 既にある秘密鍵の暗号化を解く (サービスを自動で起動する時などに必要。セキュリティーは落ちる)
openssl rsa -in server.key -out server.key

# 既にある秘密鍵を暗号化する
openssl rsa -aes128 -in server.key -out server.key

# 秘密鍵の中身をみる
openssl rsa -noout -text -in server.key

証明書署名要求(CSR)の作成

# 証明書署名要求(CSR)の作成
openssl req -new -days 365 -key server.key -out server.csr

# 秘密鍵作成とCSR作成を一度にする(秘密鍵を暗号化しない)
openssl req -nodes -new -keyout server.key -out server.csr -days 365

# 秘密鍵作成とCSR作成を一度にする(秘密鍵を暗号化する)
openssl req -new -keyout server.key -out server.csr -days 365

# CSRの内容を確認
openssl req -in newreq.pem -text

署名

# 自分の秘密鍵で自己署名した証明書を作成する
openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365

# 秘密鍵作成,CSR作成,自己署名を一度にする(秘密鍵を暗号化しない)
openssl req -x509 -nodes -new -keyout server.key -out server.crt -days 365

# 秘密鍵作成,CSR作成,自己署名を一度にする(秘密鍵を暗号化する)
openssl req -x509 -new -keyout server.key -out server.crt -days 365

失効処理

# 証明書の失効処理
openssl ca -revoke newcerts/01.pem

# CRLの生成
openssl ca -gencrl -out CA.crl

# CRLの内容を確認
openssl crl -in CA.crl -text

証明書の内容を確認する

# TEXT形式で表示
openssl x509 -in server.crt -text

# 証明書の使用目的を表示
openssl x509 -in server.crt -purpose

# ASN.1形式で表示
openssl asn1parse -in server.crt

# 証明書から公開鍵を取り出す
openssl x509 -in server.crt -pubkey -noout

形式の変換

# PKCS#12形式にする 秘密鍵と公開鍵をPKCS#12形式1ファイルにする
openssl pkcs12 -export -inkey server.key -in server.crt -out server.p12

# PKCS#12形式をpem形式に戻す
openssl pkcs12 -in server.p12 -out server.pem

# DER形式のファイルを作成
openssl x509 -inform pem -outform der -in server.crt -out cacert.der
Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
Comments
No comments
Sign up for free and join this conversation.
If you already have a Qiita account
Why do not you register as a user and use Qiita more conveniently?
You need to log in to use this function. Qiita can be used more conveniently after logging in.
You seem to be reading articles frequently this month. Qiita can be used more conveniently after logging in.
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
ユーザーは見つかりませんでした