인증서
- public key에 대한 sign 파일
- private key로 서명요청파일(CSR)을 생성하여 인증서 생성시 public키가 포함된 인증서 파일이 생성됨
- 해당 public키를 이용하여 통신을 하며 해당 키가 정상적인 public key인지를 인증할 수 있음
- 이 public key에 대한 보증을 하는 단체를 중계인증기관, 최상위 인증 기관을 RootCA라고 부르며 최상위 인증기관은 중계 인증기관을 보증함. 인증 기관 없이 자기 자신을 인증된 것을 Self Sign 인증서라고 하며 다른 누구도 보증해주지 않는 신뢰할 수 없는 인증서가 됨.
인증기관 인증서 : 인증서<-중계인증기관<-최상위인증기관(Self Signed)
Self Sign 인증서 : 인증서(Self Signed)
인증서 생성 순서
1. 개인키(Private Key) 생성
2. 서명 요청 파일(CSR : 인증 서명 요청) 파일 생성
3. 인증서 생성
인증서 생성
1. 개인키(Private Key) 생성
- 개별적으로 개인키를 생성하며 별도의 개인키 생성 없이 바로 CSR을 생성하며 개인키 생성 가능
1.1 Without Password
# openssl genrsa -out <Key File Name> <Key Size>
$ openssl genrsa -out private_nopassword.key 2048
Generating RSA private key, 2048 bit long modulus
...............................................................+++
...............+++
e is 65537 (0x10001)
1.2 With Password
# openssl genrsa -<Algorithm> -out <Key File Name> <Key Size>
Alorithm : -aes128, -aes192, -aes256, -camellia192, -camellia256, -des, -des3 등
$ openssl genrsa -aes256 -out private_password.key 2048
Generating RSA private key, 2048 bit long modulus
.................................................................................................+++
...........................+++
e is 65537 (0x10001)
Enter pass phrase for private_password.key:
Verifying - Enter pass phrase for private_password.key:
1.3 생성된 개인키 정보 확인
# openssl rsa -text -in <Key File Name>
$ openssl rsa -text -in private_password.key
Enter pass phrase for private_password.key:
Private-Key: (2048 bit)
modulus:
00:c7:0f:3c:22:91:27:cd:d5:00:77:a7:bf:04:a4:
3c:a9:6c:b6:ee:83:81:6d:de:ff:36:a1:11:58:bf:
35:29:d3:61:93:e5:31:00:42:ad:49:21:eb:08:b0:
ef:60:0b:ab:a5:96:31:8c:b9:4e:02:84:11:e0:73:
86:58:c5:95:a1:39:42:34:9f:b3:3e:90:4b:c5:d1:
64:c4:47:d8:9d:9c:ad:c5:ee:e2:2f:1c:a4:ed:4f:
c8:4c:6f:19:6e:d2:5e:36:af:ba:23:84:72:a2:2d:
7a:be:76:94:30:6e:83:88:e6:24:8a:95:80:c0:07:
60:24:75:84:40:41:f9:63:b2:ac:7d:64:bf:46:9d:
e9:98:0d:ee:bf:0b:36:3f:79:b4:70:18:e2:b7:c1:
b6:9e:1d:8b:8e:76:da:28:dd:6a:25:fc:5f:96:50:
1f:97:8e:e5:4b:82:71:8b:56:b8:7c:04:c4:f9:35:
73:59:7c:d2:6a:10:a4:87:f9:2a:72:c6:55:f1:d2:
9e:a7:68:a5:ba:ac:55:f7:9f:c2:59:cb:b0:bb:af:
79:1a:bc:14:b3:8a:77:8e:b0:cd:59:c3:ce:88:f8:
02:10:c1:25:de:30:d6:08:07:cc:05:43:c5:27:2f:
dc:83:29:05:88:81:a9:44:30:3b:f7:c4:c8:fc:b4:
72:f1
publicExponent: 65537 (0x10001)
privateExponent:
00:ad:e5:e4:4d:fa:6b:40:88:f5:28:93:15:f0:13:
1e:9f:90:46:db:65:6d:1b:b3:f5:57:1f:2c:cd:4f:
f5:3c:bd:da:7f:de:78:89:56:b6:95:ae:18:ea:f5:
cf:99:23:78:e7:66:a7:90:dd:8d:85:eb:24:c6:e5:
85:97:65:bd:4b:24:7f:6f:03:99:0e:6d:f6:94:31:
52:8b:9a:8c:65:5c:ab:fe:bf:ab:3f:27:11:f9:f3:
79:f3:34:17:8e:d6:1e:d2:3d:80:2a:69:19:d0:0e:
55:2d:b0:df:d2:d3:a8:fb:5e:ba:cb:8a:c1:f8:80:
39:00:80:dd:71:59:71:6a:22:f1:bc:57:b7:48:42:
2c:86:fa:32:fe:dc:b9:b2:04:4a:1a:ff:e2:21:d6:
4b:98:6e:ad:8d:fb:26:d9:3a:ed:a2:95:4b:37:2f:
98:f8:c5:49:5c:ca:cb:ed:b0:56:3c:93:6d:bf:66:
8a:f5:7d:69:3a:ca:12:9b:0e:06:52:7a:f9:6c:4b:
dd:c9:dd:f0:86:f5:60:ef:ae:ce:1a:a5:33:83:49:
06:22:84:0e:af:c5:00:e3:cd:fd:93:81:51:8b:74:
c9:3b:23:23:28:1a:74:bb:1d:36:a3:14:fb:a1:67:
00:7e:03:ec:2c:50:7a:1b:3f:8b:06:06:42:19:95:
fe:c5
prime1:
00:e7:71:39:e7:41:ac:af:79:c9:40:1d:5c:a8:b2:
bf:66:b9:1c:1a:0f:72:6e:e8:54:86:86:47:fe:55:
9a:47:7d:45:df:65:e0:3b:32:62:16:e0:38:2e:6a:
3c:15:f5:2d:aa:5d:29:b8:7d:fe:4e:03:62:c4:ec:
a3:c7:0e:c9:2b:23:e2:96:18:cb:78:af:ff:e5:80:
d2:ed:22:bf:3f:27:e3:46:bf:1d:d2:d9:ca:97:7b:
65:37:17:f6:bf:40:ba:49:30:0c:72:3e:be:82:00:
09:fd:29:5d:eb:fc:27:ee:68:43:7f:62:94:0b:59:
4d:d2:7e:48:26:20:4c:1c:0b
prime2:
00:dc:2e:61:5e:99:5b:db:65:54:26:16:b6:6a:64:
74:3e:d4:09:bd:c5:59:72:33:ee:3d:4f:6f:91:bc:
ba:3c:57:22:02:f3:de:5b:60:84:e7:c5:7f:de:f0:
fd:a4:8c:55:25:71:c9:16:3a:dc:d6:77:ca:31:84:
76:ce:3f:f7:56:42:b5:ff:bd:9f:70:f0:a8:d5:fa:
41:63:aa:b0:c9:e0:41:80:63:d8:3c:9a:19:cc:ff:
31:45:6a:ad:c9:60:ab:d7:1d:13:a9:dd:7e:43:5a:
d9:d1:aa:6a:2e:1d:19:8c:3d:67:a3:ef:79:09:81:
31:04:86:af:63:e8:b9:ce:73
exponent1:
46:8e:2a:f3:c7:fe:a7:e3:fd:a9:31:0a:4d:57:68:
a8:1d:28:66:fd:6c:8a:49:03:73:9b:3e:19:57:e9:
57:7f:e6:2c:2b:77:87:34:5d:d8:d1:73:ef:1a:6d:
c4:d7:e0:9a:fe:19:b8:e7:97:fe:1a:64:22:da:6d:
37:42:d7:aa:f2:1e:a2:59:5e:b6:25:19:62:d2:b9:
fa:96:cc:2c:a9:b1:4c:a0:f8:ab:8d:bf:88:1c:93:
07:8f:a3:a6:3c:4a:4e:03:7a:d7:dd:2e:e0:9c:b8:
6e:d8:0c:8c:e3:6b:1c:ef:e6:1b:d0:66:87:6b:2b:
21:4f:64:19:53:61:40:6f
exponent2:
36:df:84:3a:bc:43:ad:48:f2:90:cf:86:44:bb:a6:
50:e6:2d:4b:53:3c:b8:7e:82:b8:5a:ec:b6:48:6f:
ad:8c:15:98:e0:c8:20:c3:cc:3b:aa:f7:f4:4a:e1:
1b:ba:31:9a:34:62:66:1c:e3:5e:bb:d9:f3:3f:4d:
10:97:d6:7f:73:fe:c1:ae:b3:66:c5:43:7e:98:70:
e5:72:eb:be:54:1a:5e:f2:03:39:0f:3a:b0:e1:44:
99:45:3d:ec:7b:20:38:6b:31:b4:5a:d4:15:db:35:
7f:d0:55:c8:0a:4e:8c:a9:dd:03:79:32:14:11:53:
73:0a:51:f9:b7:4d:5f:4b
coefficient:
31:2b:87:2f:62:16:32:2b:bc:a2:e3:4d:92:3b:b9:
ce:9d:f5:c5:dc:03:7a:47:fc:b8:8a:ec:3f:be:c7:
3c:08:d1:c0:80:29:ff:9d:f7:8d:ba:f2:08:2b:e0:
ae:15:80:0a:22:cc:07:87:4c:f7:06:0f:09:00:bd:
a0:a2:4d:9e:0d:3a:31:b9:ab:97:c0:b7:b6:ef:24:
46:d8:d1:20:fd:17:b4:31:8b:c7:c6:72:da:5c:35:
9f:68:95:2b:65:79:d8:bf:cd:5b:7d:6e:2c:25:60:
ef:96:1f:91:bb:f4:67:74:3a:c7:23:fd:ea:d1:08:
41:7d:dd:54:ce:c6:77:eb
writing RSA key
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAxw88IpEnzdUAd6e/BKQ8qWy27oOBbd7/NqERWL81KdNhk+Ux
AEKtSSHrCLDvYAurpZYxjLlOAoQR4HOGWMWVoTlCNJ+zPpBLxdFkxEfYnZytxe7i
Lxyk7U/ITG8ZbtJeNq+6I4Ryoi16vnaUMG6DiOYkipWAwAdgJHWEQEH5Y7KsfWS/
Rp3pmA3uvws2P3m0cBjit8G2nh2LjnbaKN1qJfxfllAfl47lS4Jxi1a4fATE+TVz
WXzSahCkh/kqcsZV8dKep2iluqxV95/CWcuwu695GrwUs4p3jrDNWcPOiPgCEMEl
3jDWCAfMBUPFJy/cgykFiIGpRDA798TI/LRy8QIDAQABAoIBAQCt5eRN+mtAiPUo
kxXwEx6fkEbbZW0bs/VXHyzNT/U8vdp/3niJVraVrhjq9c+ZI3jnZqeQ3Y2F6yTG
5YWXZb1LJH9vA5kObfaUMVKLmoxlXKv+v6s/JxH583nzNBeO1h7SPYAqaRnQDlUt
sN/S06j7XrrLisH4gDkAgN1xWXFqIvG8V7dIQiyG+jL+3LmyBEoa/+Ih1kuYbq2N
+ybZOu2ilUs3L5j4xUlcysvtsFY8k22/Zor1fWk6yhKbDgZSevlsS93J3fCG9WDv
rs4apTODSQYihA6vxQDjzf2TgVGLdMk7IyMoGnS7HTajFPuhZwB+A+wsUHobP4sG
BkIZlf7FAoGBAOdxOedBrK95yUAdXKiyv2a5HBoPcm7oVIaGR/5Vmkd9Rd9l4Dsy
YhbgOC5qPBX1LapdKbh9/k4DYsTso8cOySsj4pYYy3iv/+WA0u0ivz8n40a/HdLZ
ypd7ZTcX9r9AukkwDHI+voIACf0pXev8J+5oQ39ilAtZTdJ+SCYgTBwLAoGBANwu
YV6ZW9tlVCYWtmpkdD7UCb3FWXIz7j1Pb5G8ujxXIgLz3ltghOfFf97w/aSMVSVx
yRY63NZ3yjGEds4/91ZCtf+9n3DwqNX6QWOqsMngQYBj2DyaGcz/MUVqrclgq9cd
E6ndfkNa2dGqai4dGYw9Z6PveQmBMQSGr2Pouc5zAoGARo4q88f+p+P9qTEKTVdo
qB0oZv1sikkDc5s+GVfpV3/mLCt3hzRd2NFz7xptxNfgmv4ZuOeX/hpkItptN0LX
qvIeolletiUZYtK5+pbMLKmxTKD4q42/iByTB4+jpjxKTgN6190u4Jy4btgMjONr
HO/mG9Bmh2srIU9kGVNhQG8CgYA234Q6vEOtSPKQz4ZEu6ZQ5i1LUzy4foK4Wuy2
SG+tjBWY4Mggw8w7qvf0SuEbujGaNGJmHONeu9nzP00Ql9Z/c/7BrrNmxUN+mHDl
cuu+VBpe8gM5Dzqw4USZRT3seyA4azG0WtQV2zV/0FXICk6Mqd0DeTIUEVNzClH5
t01fSwKBgDErhy9iFjIrvKLjTZI7uc6d9cXcA3pH/LiK7D++xzwI0cCAKf+d9426
8ggr4K4VgAoizAeHTPcGDwkAvaCiTZ4NOjG5q5fAt7bvJEbY0SD9F7Qxi8fGctpc
NZ9olStledi/zVt9biwlYO+WH5G79Gd0Oscj/erRCEF93VTOxnfr
-----END RSA PRIVATE KEY-----
1.4 개인키로부터 공개키 생성
# openssl rsa -in <Generated Private Key> -pubout -out <Public Key File Name to Generate>
$ openssl rsa -in private_password.key -pubout -out public_password.key
Enter pass phrase for private_password.key:
writing RSA key
$ ls | grep public_pasword.key
public_password.key
$ cat ./public_password.key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxw88IpEnzdUAd6e/BKQ8
qWy27oOBbd7/NqERWL81KdNhk+UxAEKtSSHrCLDvYAurpZYxjLlOAoQR4HOGWMWV
oTlCNJ+zPpBLxdFkxEfYnZytxe7iLxyk7U/ITG8ZbtJeNq+6I4Ryoi16vnaUMG6D
iOYkipWAwAdgJHWEQEH5Y7KsfWS/Rp3pmA3uvws2P3m0cBjit8G2nh2LjnbaKN1q
JfxfllAfl47lS4Jxi1a4fATE+TVzWXzSahCkh/kqcsZV8dKep2iluqxV95/CWcuw
u695GrwUs4p3jrDNWcPOiPgCEMEl3jDWCAfMBUPFJy/cgykFiIGpRDA798TI/LRy
8QIDAQAB
-----END PUBLIC KEY-----
2. 서명 요청 파일(CSR : 인증 서명 요청) 파일 생성
2.1 개인키를 이용한 CSR 파일 생성
# openssl req -new -key <Private Key> -out <CSR File Name>
$ openssl req -new -key private_password.key -out cert.csr
Enter pass phrase for private_password.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:KR
State or Province Name (full name) [Some-State]:Seoul
Locality Name (eg, city) []:Junggu
Organization Name (eg, company) [Internet Widgits Pty Ltd]:StudyLang
Organizational Unit Name (eg, section) []:RnD
Common Name (e.g. server FQDN or YOUR name) []:AProgrammer
Email Address []:aprog@thiscompany.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
$ ls | grep csr
cert.csr
2.2 개인키 생성과 동시에 CSR 파일 생성
# openssl req -new -out <CSR File Name> -keyout <Private Key File Name> -newkey rsa:<Key Size>
$ openssl req -new -out cert_with_new_privkey.csr -keyout privkey_with_new_cert.key -newkey rsa:2048
Generating a 2048 bit RSA private key
..............................................................+++
............................................................................................+++
writing new private key to 'privkey_with_new_cert.key'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:kr
State or Province Name (full name) [Some-State]:Seoul
Locality Name (eg, city) []:Junggu
Organization Name (eg, company) [Internet Widgits Pty Ltd]:ThisCompany
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:AProgrammer
Email Address []:mail@thiscompany.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
$ ls | grep privkey
cert_with_new_privkey.csr
privkey_with_new_cert.key
2.3 CSR 파일 정보 확인
# openssl req -text -in <CSR File Name> -noout
$ openssl req -text -in cert_with_new_privkey.csr
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=kr, ST=Seoul, L=Junggu, O=ThisCompany, CN=AProgrammer/emailAddress=mail@thiscompany.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:9f:99:b0:94:17:6e:39:64:cc:86:da:e6:05:d6:
77:70:04:f9:3c:58:6f:c9:4b:9e:19:45:db:a6:fa:
6b:e5:63:db:eb:88:a2:14:53:e6:5a:ab:cc:8e:48:
d7:cf:08:37:06:06:33:19:ee:b1:88:6e:ac:74:24:
d2:46:0e:fb:bb:ea:3f:75:a5:c6:99:29:35:85:aa:
1e:1d:5d:95:93:bf:9b:2f:e9:54:f3:0c:a9:b9:3e:
12:d5:1e:fb:24:7d:6d:06:5c:06:ae:6d:41:66:74:
12:20:2a:d2:f7:67:f8:02:29:7f:aa:94:4b:ea:6a:
8c:87:9b:07:4c:1c:66:45:4b:07:54:ba:5e:26:e0:
7b:92:5c:0e:ec:68:fb:c0:a4:2e:f4:e8:51:9e:c0:
b8:bb:86:86:7b:b8:9a:32:8e:18:0a:bd:5d:df:01:
ae:6f:6e:2d:42:96:d4:8a:71:3c:ef:6d:c4:0c:60:
5f:a1:90:29:63:16:0c:b9:6b:c3:02:a4:3c:8c:f9:
97:c6:a0:42:1b:87:28:ae:ee:f9:c0:43:d2:47:9a:
73:35:01:ef:72:19:da:a7:7b:c6:0a:dc:f3:e6:cb:
8b:59:72:33:96:8c:02:e6:c5:9f:d5:20:4c:1c:f2:
98:9a:54:24:fa:1f:83:a5:78:c5:7d:fe:92:06:6a:
d1:a1
Exponent: 65537 (0x10001)
Attributes:
a0:00
Signature Algorithm: sha256WithRSAEncryption
13:a6:b5:0a:a5:4e:0e:31:af:60:a0:4f:c8:bc:9d:e6:de:63:
e7:18:45:4b:c5:7d:bd:7b:82:84:95:a1:20:de:b5:fb:e7:a6:
11:7b:ed:bf:6b:03:83:0d:05:b5:40:3f:39:a1:a8:ce:5b:3f:
f3:98:a3:e3:7e:51:38:cd:d4:b1:4e:55:d7:3e:eb:60:da:65:
43:6a:6a:e9:f1:f6:e4:4e:31:7d:c4:bf:a6:e9:3c:d1:25:61:
c1:0e:be:3e:32:3a:09:8a:73:9b:90:56:2a:06:6e:a3:31:29:
12:27:ba:16:cb:ff:7d:37:0b:35:a3:5c:d9:22:1b:53:9b:33:
81:cf:37:b7:6f:ff:d7:40:bb:56:d5:8f:7d:6b:2b:09:a0:7d:
fd:23:60:17:64:31:49:19:be:45:e7:7d:95:b2:55:5f:4b:d5:
1c:06:42:b0:28:e7:1c:29:52:bb:6a:74:2e:d0:75:4c:2f:00:
54:d6:36:87:fc:67:b6:05:3f:c1:d8:12:f2:45:3c:81:77:33:
9f:82:f5:eb:35:0e:68:af:5b:d1:ba:43:b5:3f:63:fa:27:82:
4a:1c:56:d6:1e:7b:d1:85:e9:db:ca:5b:b4:26:64:95:60:95:
7e:5f:a6:42:3a:02:d6:16:5a:3a:a3:21:fc:43:61:af:9f:50:
4c:a9:22:7f
-----BEGIN CERTIFICATE REQUEST-----
MIICxDCCAawCAQAwfzELMAkGA1UEBhMCa3IxDjAMBgNVBAgMBVNlb3VsMQ8wDQYD
VQQHDAZKdW5nZ3UxFDASBgNVBAoMC1RoaXNDb21wYW55MRQwEgYDVQQDDAtBUHJv
Z3JhbW1lcjEjMCEGCSqGSIb3DQEJARYUbWFpbEB0aGlzY29tcGFueS5jb20wggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfmbCUF245ZMyG2uYF1ndwBPk8
WG/JS54ZRdum+mvlY9vriKIUU+Zaq8yOSNfPCDcGBjMZ7rGIbqx0JNJGDvu76j91
pcaZKTWFqh4dXZWTv5sv6VTzDKm5PhLVHvskfW0GXAaubUFmdBIgKtL3Z/gCKX+q
lEvqaoyHmwdMHGZFSwdUul4m4HuSXA7saPvApC706FGewLi7hoZ7uJoyjhgKvV3f
Aa5vbi1CltSKcTzvbcQMYF+hkCljFgy5a8MCpDyM+ZfGoEIbhyiu7vnAQ9JHmnM1
Ae9yGdqne8YK3PPmy4tZcjOWjALmxZ/VIEwc8piaVCT6H4OleMV9/pIGatGhAgMB
AAGgADANBgkqhkiG9w0BAQsFAAOCAQEAE6a1CqVODjGvYKBPyLyd5t5j5xhFS8V9
vXuChJWhIN61++emEXvtv2sDgw0FtUA/OaGozls/85ij435ROM3UsU5V1z7rYNpl
Q2pq6fH25E4xfcS/puk80SVhwQ6+PjI6CYpzm5BWKgZuozEpEie6Fsv/fTcLNaNc
2SIbU5szgc83t2//10C7VtWPfWsrCaB9/SNgF2QxSRm+Red9lbJVX0vVHAZCsCjn
HClSu2p0LtB1TC8AVNY2h/xntgU/wdgS8kU8gXczn4L16zUOaK9b0bpDtT9j+ieC
ShxW1h570YXp28pbtCZklWCVfl+mQjoC1hZaOqMh/ENhr59QTKkifw==
-----END CERTIFICATE REQUEST-----
3. 인증서 생성
3.1 Self Sign 인증서
3.1.1 CSR 파일을 이용한 인증서 생성
# openssl x509 -req -days <Number of Days> -in <CSR File Name> -signkey <Private Key> -out <Output File Name>
$ openssl x509 -req -days 365 -in ./cert.csr -signkey ./private_password.key -out cert.crt
Signature ok
subject=/C=KR/ST=Seoul/L=Junggu/O=StudyLang/OU=RnD/CN=AProgrammer/emailAddress=aprog@thiscompany.com
Getting Private key
Enter pass phrase for ./private_password.key:
$ ls | grep cert.crt
cert.crt
3.1.2 CSR 파일 없이 인증서 생성(CSR 즉시 생성하여 사용함, Private Key가 있어야 함)
# openssl -req -new -x509 -days <Number of Days> -key <Private Key> -out <Output File Name>
$ openssl req -new -x509 -days 365 -key ./private_password.key -out cert_no_csr.crt
Enter pass phrase for ./private_password.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:KR
State or Province Name (full name) [Some-State]:Seoul
Locality Name (eg, city) []:Junggu
Organization Name (eg, company) [Internet Widgits Pty Ltd]:ThisCompany
Organizational Unit Name (eg, section) []:RnD
Common Name (e.g. server FQDN or YOUR name) []:AProgrammer
Email Address []:thisemail@anywhere.com
$ ls | grep cert_no_csr
cert_no_csr.crt
$ cat ./cert_no_csr.crt
-----BEGIN CERTIFICATE-----
MIID8zCCAtugAwIBAgIJAKYcr5/Y+EbcMA0GCSqGSIb3DQEBCwUAMIGPMQswCQYD
VQQGEwJLUjEOMAwGA1UECAwFU2VvdWwxDzANBgNVBAcMBkp1bmdndTEUMBIGA1UE
CgwLVGhpc0NvbXBhbnkxDDAKBgNVBAsMA1JuRDEUMBIGA1UEAwwLQVByb2dyYW1t
ZXIxJTAjBgkqhkiG9w0BCQEWFnRoaXNlbWFpbEBhbnl3aGVyZS5jb20wHhcNMTgw
MTAyMjM1MDE3WhcNMTkwMTAyMjM1MDE3WjCBjzELMAkGA1UEBhMCS1IxDjAMBgNV
BAgMBVNlb3VsMQ8wDQYDVQQHDAZKdW5nZ3UxFDASBgNVBAoMC1RoaXNDb21wYW55
MQwwCgYDVQQLDANSbkQxFDASBgNVBAMMC0FQcm9ncmFtbWVyMSUwIwYJKoZIhvcN
AQkBFhZ0aGlzZW1haWxAYW55d2hlcmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAxw88IpEnzdUAd6e/BKQ8qWy27oOBbd7/NqERWL81KdNhk+Ux
AEKtSSHrCLDvYAurpZYxjLlOAoQR4HOGWMWVoTlCNJ+zPpBLxdFkxEfYnZytxe7i
Lxyk7U/ITG8ZbtJeNq+6I4Ryoi16vnaUMG6DiOYkipWAwAdgJHWEQEH5Y7KsfWS/
Rp3pmA3uvws2P3m0cBjit8G2nh2LjnbaKN1qJfxfllAfl47lS4Jxi1a4fATE+TVz
WXzSahCkh/kqcsZV8dKep2iluqxV95/CWcuwu695GrwUs4p3jrDNWcPOiPgCEMEl
3jDWCAfMBUPFJy/cgykFiIGpRDA798TI/LRy8QIDAQABo1AwTjAdBgNVHQ4EFgQU
foXzBv2lgcml/BiFLSIOPVD480swHwYDVR0jBBgwFoAUfoXzBv2lgcml/BiFLSIO
PVD480swDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEANeoIdSqDZPoC
k0DSICKps7DoRRptkfrJRWanUanyHMcYNqRCzlyPTrv3ASxyQ3AOIwN7imweQAl4
G9pef1NOUGbWt7V1iRsvQdhXgS6mAtNAb8PDkNvDzPVoJBAZAJYLjWVw43u+gAj5
0klHs2AXFS9+wsIMoND3W49w31UJt/VkYC+b7VUACnwNRxNVG1gDKL7IvT15tlnp
8hjEyX9aSavKZefIVwVXJfyAbI58Jz82IVZtbrlP01Mc8qk97I8HEwhybCkfMYcE
VzTFAfaWxI5mwXkukKG0QCZ8OGpsKFy02mCnQpseeLItScI+OAAcj+bt2+J7AhWp
VdHsFpJweA==
-----END CERTIFICATE-----
3.2 CA(Certificate Authorit)
3.1.1 별 가이드 이용
3.1.2 CA List
* https://letsencrypt.org/ : 무료
3.2 인증서 파일 정보 확인
# openssl x509 -text -in <File name> -noout(optional)
$ openssl x509 -text -in ./cert.crt
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 9822855223582509766 (0x8851cac839b9cac6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=KR, ST=Seoul, L=Junggu, O=StudyLang, OU=RnD, CN=AProgrammer/emailAddress=aprog@thiscompany.com
Validity
Not Before: Jan 2 23:41:05 2018 GMT
Not After : Jan 2 23:41:05 2019 GMT
Subject: C=KR, ST=Seoul, L=Junggu, O=StudyLang, OU=RnD, CN=AProgrammer/emailAddress=aprog@thiscompany.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c7:0f:3c:22:91:27:cd:d5:00:77:a7:bf:04:a4:
3c:a9:6c:b6:ee:83:81:6d:de:ff:36:a1:11:58:bf:
35:29:d3:61:93:e5:31:00:42:ad:49:21:eb:08:b0:
ef:60:0b:ab:a5:96:31:8c:b9:4e:02:84:11:e0:73:
86:58:c5:95:a1:39:42:34:9f:b3:3e:90:4b:c5:d1:
64:c4:47:d8:9d:9c:ad:c5:ee:e2:2f:1c:a4:ed:4f:
c8:4c:6f:19:6e:d2:5e:36:af:ba:23:84:72:a2:2d:
7a:be:76:94:30:6e:83:88:e6:24:8a:95:80:c0:07:
60:24:75:84:40:41:f9:63:b2:ac:7d:64:bf:46:9d:
e9:98:0d:ee:bf:0b:36:3f:79:b4:70:18:e2:b7:c1:
b6:9e:1d:8b:8e:76:da:28:dd:6a:25:fc:5f:96:50:
1f:97:8e:e5:4b:82:71:8b:56:b8:7c:04:c4:f9:35:
73:59:7c:d2:6a:10:a4:87:f9:2a:72:c6:55:f1:d2:
9e:a7:68:a5:ba:ac:55:f7:9f:c2:59:cb:b0:bb:af:
79:1a:bc:14:b3:8a:77:8e:b0:cd:59:c3:ce:88:f8:
02:10:c1:25:de:30:d6:08:07:cc:05:43:c5:27:2f:
dc:83:29:05:88:81:a9:44:30:3b:f7:c4:c8:fc:b4:
72:f1
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
5e:dd:60:47:29:54:25:44:1d:9b:83:d5:31:57:b9:34:a9:af:
a3:cb:c3:b2:0c:62:bb:b4:66:d0:8e:0f:f6:b5:cd:86:60:91:
66:94:99:28:eb:fb:c2:08:f3:c5:4e:d0:29:e2:fe:60:79:ea:
cd:2c:2c:6a:ce:4f:ce:1c:11:c7:21:c2:33:6d:b0:b5:65:e7:
ae:e6:9a:e4:f5:e9:a4:5e:ab:8c:80:0f:61:56:95:3e:33:5b:
36:73:9d:01:bb:a7:f1:8e:1a:99:4f:0f:b8:ff:b8:79:a3:c8:
1e:8c:41:46:67:c6:30:d5:d3:52:76:04:9b:af:2d:9a:4e:6b:
90:2f:86:7c:22:28:13:5e:81:1c:f8:f5:0f:53:65:c1:b8:a4:
a4:45:c0:4c:7b:b7:99:20:4b:5d:36:bc:bf:f3:5a:21:93:60:
e0:b2:e4:1c:45:73:b6:b8:b0:2a:39:38:3c:da:da:cf:f3:25:
65:59:aa:a4:ef:bb:3b:2d:47:1a:75:3d:43:2c:ad:06:e7:4d:
db:d4:5a:d3:76:5b:e8:7f:25:4c:cd:20:c5:a4:8a:d4:ae:b2:
78:fc:4b:8b:88:2f:d4:87:7b:bb:eb:0c:a5:a2:b4:ac:b5:14:
10:10:ae:3d:c2:c5:4d:1f:cc:39:f3:1a:64:fa:2d:e6:47:d4:
9b:49:d3:7a
-----BEGIN CERTIFICATE-----
MIIDljCCAn4CCQCIUcrIObnKxjANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMC
S1IxDjAMBgNVBAgMBVNlb3VsMQ8wDQYDVQQHDAZKdW5nZ3UxEjAQBgNVBAoMCVN0
dWR5TGFuZzEMMAoGA1UECwwDUm5EMRQwEgYDVQQDDAtBUHJvZ3JhbW1lcjEkMCIG
CSqGSIb3DQEJARYVYXByb2dAdGhpc2NvbXBhbnkuY29tMB4XDTE4MDEwMjIzNDEw
NVoXDTE5MDEwMjIzNDEwNVowgYwxCzAJBgNVBAYTAktSMQ4wDAYDVQQIDAVTZW91
bDEPMA0GA1UEBwwGSnVuZ2d1MRIwEAYDVQQKDAlTdHVkeUxhbmcxDDAKBgNVBAsM
A1JuRDEUMBIGA1UEAwwLQVByb2dyYW1tZXIxJDAiBgkqhkiG9w0BCQEWFWFwcm9n
QHRoaXNjb21wYW55LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AMcPPCKRJ83VAHenvwSkPKlstu6DgW3e/zahEVi/NSnTYZPlMQBCrUkh6wiw72AL
q6WWMYy5TgKEEeBzhljFlaE5QjSfsz6QS8XRZMRH2J2crcXu4i8cpO1PyExvGW7S
XjavuiOEcqIter52lDBug4jmJIqVgMAHYCR1hEBB+WOyrH1kv0ad6ZgN7r8LNj95
tHAY4rfBtp4di4522ijdaiX8X5ZQH5eO5UuCcYtWuHwExPk1c1l80moQpIf5KnLG
VfHSnqdopbqsVfefwlnLsLuveRq8FLOKd46wzVnDzoj4AhDBJd4w1ggHzAVDxScv
3IMpBYiBqUQwO/fEyPy0cvECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAXt1gRylU
JUQdm4PVMVe5NKmvo8vDsgxiu7Rm0I4P9rXNhmCRZpSZKOv7wgjzxU7QKeL+YHnq
zSwsas5PzhwRxyHCM22wtWXnruaa5PXppF6rjIAPYVaVPjNbNnOdAbun8Y4amU8P
uP+4eaPIHoxBRmfGMNXTUnYEm68tmk5rkC+GfCIoE16BHPj1D1NlwbikpEXATHu3
mSBLXTa8v/NaIZNg4LLkHEVztriwKjk4PNraz/MlZVmqpO+7Oy1HGnU9QyytBudN
29Ra03Zb6H8lTM0gxaSK1K6yePxLi4gv1Id7u+sMpaK0rLUUEBCuPcLFTR/MOfMa
ZPot5kfUm0nTeg==
-----END CERTIFICATE-----
변환 옵션
1. PEM -> DER
# openssl x509 -inform PEM -in <Input PEM File Name> -outform DER -out <Output DER File Name>
2. DER -> PEM
# openssl x509 -inform DER -in <Input DER File Name> -output PEM -out <Output PEM File Name>
3. PEM -> PKCS#12(PFX) 변환
# openssl pkcs12 -in <Input PFX File Name> -out <Output PEM File Name> -nodes
정보 출처
https://blog.hangadac.com
Ubuntu 16.04.2se Man Page