自前認証局の作成

先ずは、設定ファイルのtemplateを拝借

# cd /etc/pki/
# mkdir myCA 
# cp tls/misc/CA myCA/
# cp tls/openssl.cnf myCA/
# echo 01 > myCA/crlnumber
# vi myCA/CA 

#以下の項目を追加、編集
SSLEAY_CONFIG="-config /etc/pki/myCA/openssl.cnf"
CATOP=/etc/pki/myCA 

$CA -out ${CATOP}/$CACERT $CADAYS -batch \
        -extensions v3_ca \
# vi myCA/openssl.cnf 

[ CA_default ]
dir             = /etc/pki/exampleCA

[ req_distinguished_name ]
countryName_default             = JP
stateOrProvinceName_default     = Tokyo
localityName_default            = Minato-ku
0.organizationName_default      = myCA.

[ usr_cert ]
basicConstraints=CA:FALSE
keyUsage = digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
#nsComment                      = "OpenSSL Generated Certificate"

[ v3_ca ]
keyUsage = cRLSign, keyCertSign

認証局の作成

# ./CA -newca

証明書の発行、署名

# ./CA -newreq
# ./CA -sign