블로그

SSL 인증서 취약점을 체크할 수 있습니다.

https://www.ssllabs.com/ssldb/

1. SSL 발급 기관(전자인증업체)을 통해 인증서 발급(구매) 시 방법

openssl genrsa -des3 -out jsclub.key 2048     ; 키 생성
openssl req -new -key jsclub.key -out jsclub.csr     ; 인증서 생성
openssl x509 -req -days 3650 -in jsclub.csr -signkey jsclub.key -out jsclub.crt     ; 생성파일 전달해주면 알아서 해줌

2. 사설 인증서 생성 방법

[root@mail certs]# openssl req -new -key private.key -out private.csr
Enter pass phrase for private.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:KR
State or Province Name (full name) [Berkshire]:Seoul
Locality Name (eg, city) [Newbury]:seocho-dong
Organization Name (eg, company) [My Company Ltd]:gmate
Organizational Unit Name (eg, section) []:jsclub
Common Name (eg, your name or your server's hostname) []:ssl.gmate.co.kr
Email Address []:jungsik.lee@gmate.co.kr

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:gmate
[root@mail certs]#
[root@mail certs]#
[root@mail certs]# ls
private.csr private.key
[root@mail certs]# openssl x509 -req -days 3650 -in private.csr -signkey private.key -out private.crt
Signature ok
subject=/C=KR/ST=Seoul/L=Seocho-dong/O=gmate/OU=jsclub/CN=ssl.gmate.co.kr/emailAddress=jungsik.lee@gmate.co.kr
Getting Private key
Enter pass phrase for private.key:
[root@mail certs]# ls
private.crt private.csr private.key

## 인증서 확인

[root@mail certs]# openssl x509 -noout -text -in cacert.pem

Certificate:
Data:
Version: 3 (0x2)
Serial Number:
97:10:86:9b:c8:1f:b9:d4
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=KR, ST=SEOUL, L=SEOCHO, O=GMATE, OU=IT, CN=mail.gmate.co.kr/emailAddress=jungsik.lee@gmate.co.kr
Validity
Not Before: Mar 15 06:34:36 2010 GMT
Not After : Mar 15 06:34:36 2011 GMT
Subject: C=KR, ST=SEOUL, L=SEOCHO, O=GMATE, OU=IT, CN=mail.gmate.co.kr/emailAddress=jungsik.lee@gmate.co.kr
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:c9:06:0a:97:af:83:69:50:39:62:00:05:5f:de:
7f:21:c2:ec:6c:ba:76:0e:dd:15:ea:53:1e:59:2a:
11:ff:ef:b0:7a:86:88:36:b3:db:b9:fe:33:e0:7a:
6f:7e:e4:63:f7:ce:a3:4f:ae:55:3f:71:4d:ff:0a:
d1:d9:e8:ec:95:bb:79:7b:7e:f2:32:0e:fa:ee:9e:
c3:36:95:70:8b:ca:95:72:99:44:ae:a2:8a:cf:e3:
9d:52:7e:1e:f4:b7:df:6d:54:99:10:ef:a5:ae:8f:
44:ac:72:58:b8:d1:4b:b9:a6:ca:12:f5:07:9a:04:
9f:f2:58:ec:85:60:9b:22:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2D:FE:84:22:72:D1:BE:4F:31:45:F4:3D:15:86:50:40:97:90:95:0F
X509v3 Authority Key Identifier:
keyid:2D:FE:84:22:72:D1:BE:4F:31:45:F4:3D:15:86:50:40:97:90:95:0F
DirName:/C=KR/ST=SEOUL/L=SEOCHO /O=GMATE/OU=IT/CN=mail.gmate.co.kr/emailAddress=jungsik.lee@gmate.co.kr
serial:97:10:86:9B:C8:1F:B9:D4

X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
64:77:49:1d:29:2c:47:4a:af:62:39:c2:39:a5:8d:0c:ad:01:
92:1e:59:21:28:3c:44:b3:b7:ff:ed:04:06:01:f5:8b:0b:f4:
d5:26:0d:68:9c:b9:d0:c9:f4:c4:d6:06:53:81:d8:44:5a:62:
3c:30:89:71:d2:c6:74:72:de:3f:0c:3b:d1:37:c8:0f:43:d6:
c9:01:52:c2:11:5b:0b:6c:12:52:38:5d:ab:1c:2c:af:5b:18:
45:eb:54:df:12:d5:6d:df:51:5f:ec:7a:32:e2:23:c8:bf:8e:
4e:b3:f8:e3:6c:90:b8:71:d2:1f:ff:aa:dc:b0:87:80:28:bb:
2d:56