CSRの作成

CSRの作成の詳細

以下にCSRを作成する例を示します.

% openssl req -new -keyout key.pem -out csr.pem
Using configuration from /usr/local/ssl/openssl.cnf
Generating a 1024 bit RSA private key
...........................................++++++
...................................................................++++++
writing new private key to 'key.pem'
Enter PEM pass phrase:(秘密鍵のパスフレーズを入力)
Verifying password - Enter PEM pass phrase:(もう一度入力)
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:Fukuoka
Locality Name (eg, city) []:Kitakyushu
Organization Name (eg, company) [Internet Widgits Pty Ltd]:FC Lab
Organizational Unit Name (eg, section) []:lab
Common Name (eg, YOUR name) []:FC Lab WWW server
Email Address []:info@fc-lab.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:(チャレンジパスワードを指定)
An optional company name []:Fujiki Computer Laboratory
赤く表示されている部分が入力した部分です

これによりkey.pemに秘密鍵が、csr.pemに証明書要求(CSR)ができます。

補足: "CA.sh -newreq"とコマンド実行するとnewreq.pemというファイルができ、 private keyまでこのファイルに入ってしまいます。秘密鍵は別ファイルに したいので、上記のコマンドのほうがよいと思います.

 

Copyright (C)2001 Takeshi FUJIKI