vi /etc/ssl/openssl.cnf
[ client_cert ]
basicConstraints=CA:FALSE
keyUsage = digitalSignature, keyEncipherment
extendedKeyUsage = clientAuth
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
クライアント証明書作成
# openssl req -config openssl.cnf -new -keyout yone.key.pem -out yone.req.pem -days 365 -extensions client_cert
Generating a 1024 bit RSA private key
認証局が署名
# openssl ca -config openssl.cnf -policy policy_anything -out yone.cert.pem -extensions client_cert -infiles yone.req.pem
Using configuration from openssl.cnf
ユーザに配布するファイルを作成。
# openssl pkcs12 -export -in newcerts/04.pem -inkey private/04.pem -certfile cacert.pem -out yone.p12
by http://www.webtech.co.jp/blog/optpix_labs/server/1780/
http://qiita.com/mitzi2funk/items/602d9c5377f52cb60e54
0 件のコメント:
コメントを投稿