/* Create documents by Steve KIM on June 24th, 2010 */
/* Modified by Steve KIM on August 12th, 2014 */
/* Make a RootCA and CA */
1. Make a RootCA.
1.1. Create a directory
"mkdir RootCA"
"cd RootCA"
1.2. Create a initial files
"mkdir private newcerts"
"echo '01' > serial"
"touch index"
1.3. Make a private key and a private certificate for RootCA.
"openssl req -nodes -config ./openssl.cnf -days 1825 -x509 -newkey rsa:2048 -out ca-cert.pem -outform PEM"
/* create ./ca-cert.pem, ./private/ca-key.pem */
2. Make a CA.
2.1. Create a directory
"cd .."
"mkdir demoCA"
"cd demoCA"
2.2. Create a initial files
"mkdir private newcerts"
"echo '01' > serial"
"touch index"
"cd ../RootCA"
2.3. Make a private key and a private certificate for a CA.
"openssl req -new -x509 -config ./openssl.cnf -keyout ../demoCA/private/ca-key.pem -out ../demoCA/ca-cert.pem -days 1825"
"cd ../demoCA"
3. Make a certificate for a SD:
3.1. For a CSR(Certificate Signing Request)
"openssl ca -out ./newcerts/SDcert-out.pem -config ./openssl.cnf -infiles ./newcerts/SDcert-req.pem"
/* RootCA certificate $dir/RoodCA/ca-cert.pem */
/* CA certificate $dir/demoCA/ca-cert.pem */
/* a signed certificate $dir/demoCA/newcerts/SDcert-out.pem */
/* password : test */
4. Make a certificate for a device:
4.1. Make a CSR to get a certificate from other CA
"openssl req -new -nodes -out Device-Req.pem -config ./openssl.cnf -key ./private/ca-key.pem"
/* a private key $dir/demoCA/private/ca-key.pem */
/* a private certificate is a signed certificate received from other CA */
4.2. Make a private key and a private certificate for a device
"openssl req -new -x509 -config ./openssl.cnf -keyout ./newcerts/device-key.pem -out ./newcerts/device-cert.pem -days 1825"
/* RootCA certificate $dir/RoodCA/ca-cert.pem */
/* CA certificate $dir/demoCA/ca-cert.pem */
/* a private key $dir/demoCA/newcerts/device-key.pem */
/* a private certificate $dir/demoCA/newcerts/device-cert.pem */
5. Viewing pem files
5.1 openssl x509 -in target.pem -inform pem -noout -text
댓글 없음:
댓글 쓰기