#contents();
*** 業者選択 [#qbde4d8d]
|[[べリサイン:http://www.verisign.co.jp/server/]]|年間 85,050円〜|
|[[セキュアステージ:http://www.securestage.com/jp/index.php]]|年間 18,900円〜|
|[[デジトラスト:https://www.digitrust.jp/]]|年間 15,540円〜|
|[[ハイパートラスト:http://www.ssl.ph/hypertrust/]]|年間 7,875円〜|
*** ハイパートラストの証明書申請 [#tfd8c984]
- お申し込み受付日時 = 2006/12/13 (Wed) 16:13:41
- お申し込み受付番号 = 1165994021
- ユーザーID = munakata
//- アクセスコード = 457fa825
- サービス名 = SSLサーバ証明書[新規] HyperTrust 
- 単価 = 7,875円
- コモンネーム = wiki.hmuna.com

- 2010年更新時のアカウント確認
 ------------------------------------------------
 ■SSLサーバ証明書 サービスマネジャー
  http://www.domain-keeper.net/usr/ssl/
 
  アカウント:public_mail@hmuna.com
  パスワード:47633ce9
 ------------------------------------------------

*** 申請書類 (控え) [#ifc14601]

 時間: 2006/12/13(WED) 16:25:01
 エージェント: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
 HOST:  [202.221.8.114]
 
 
 トラッキングNo. = [No.1165994473]
 order_type = new
 お支払い金額 = SSLサーバ証明書(wiki.hmuna.com) 7875円 x 1 = 7,875円
 お支払い合計 = 8,075円
 お申込み受付番号 = 1165994021
 会社名 = 宗像尚郎
 姓 = 宗像
 名 = 尚郎
 住所1 = 神奈川県横浜市中区山下町
 住所2 = 87−1 クリオレミントンハウス 1203号
 E-Mailアドレス = munakata@kk.iij4u.or.jp
 電話番号 = 0452227607
 支払い方法 = コンビニ決済
 入金年 = 2006
 入金月 = 12
 入金日 = 13
 入金時間 = 17
 振込み名義 = 宗像尚郎
 カード記載名 = 
 カード番号 = 
 カード期限月 = --
 カード期限年 = --
 備考 =
 
 申し込み時にクレジットカード支払いとしていましたが、セキュリティ上の
 配慮からコンビニ支払いとします

*** CSR の生成 [#u3b1b6a5]
- サーバー上のワークディレクトリの作成 ( /usr/local/cert_official )

 [root@spirit ~]# cd /usr/local/
 [root@spirit local]# mkdir certs_official
 [root@spirit local]# cd certs_official/
- 秘密鍵の生成 ・・・・・ &color(red){パスフレーズは munaofficial とした。};

 [root@spirit certs_official]# openssl genrsa -des3 -out ./sslkey/domainname.key 1024
 Generating RSA private key, 1024 bit long modulus
 .............++++++
 ................++++++
 e is 65537 (0x10001)
 Enter pass phrase for ./sslkey/domainname.key:  <----"munaofficial"
 Verifying - Enter pass phrase for ./sslkey/domainname.key:
- 秘密鍵のバックアップ ⇒ &ref(domainname.key);

 [root@spirit certs_official]# cat sslkey/domainname.key
 
 -----BEGIN RSA PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
 DEK-Info: DES-EDE3-CBC,B782061E62B2250D
 
 mtvMZPHb6PaQ7rV3KHHkEgr3EfDY6ULvPDvV7i+d1/ikU8RiXBIMuE9exE285PAg
 w12BP2QAUFOJyIuDotEXcpKhaZzVdK8P5FXU7lYlabLj5ujvyTouppr0jBu5h2Yo
 +eVe2uoOAx3SpV8v2QFi2f7K+YCZazpDM4BFKvDz8OaWZb8k6S8pWpYzVWOEpfOn
 1ChhGFMSY6UumhkEIBoD3spQd0t0eOFH9dsVVLtcDsebm44KB8GrYW0GRbei2UFn
 jmXgzNENf3ZiYimdH9VspN8sjV0vqR94dPHJijavE653yX4DlPna5R2uorH6NcBO
 bBDwNZoTN9zMMkgBBYqboN2OMSbNkZEplEG+fISecQKd+CpwpHpaz2Ocy3owzSQD
 4qWDLeJ9wOws9T0e5Lqb/M2o68cUvjRKbyZS5VzxWar2HdpAuAj3G8GzFRXkg1U4
 PFoaPwaxUfxB2zFljTkITEJBoQ3kzXO8gukF4kvchx3S+fQe9o+MxI9u2bbNDaal
 grk+nMXQVtjM68xkmGQFOW5MQGDj4i0ieG5Ei88ygGchRUCEtcjknoAs0g3/owuU
 TSPMz33bPw/2L228OMoyHoY449AheOsTtZrQ7rEvpvyT0NAVD8cb8vNK+XWUiO+n
 LHaCwiwWnUL05U1pmvhrw7bOwV9jVRz5tINcmOz4x//6mATOHe9NeCM0BhDTiV+z
 DLS8Gk0ZE2p0VW3bsoljhfs5xwc+JSeXUOfezQOapQxKi+AZSQYs0uydBPvfdgYN
 WfkVKre0E7mQbDphs/qKWVQ8/BEGWdoriBMYzwPWtHdzSjPioD1UzA==
 -----END RSA PRIVATE KEY-----

- CSRの作成

 [root@spirit certs_official]# openssl req -new -key ./sslkey/domainname.key -out ./sslcsr/domainname.csr
 Enter pass phrase for ./sslkey/domainname.key:
 You are about to be asked to enter information that will be incorporated
 into your certificate request.
 What you are about to enter is what is called a Distinguished Name or a DN.
 There are quite a few fields but you can leave some blank
 For some fields there will be a default value,
 If you enter '.', the field will be left blank.
 -----
 Country Name (2 letter code) [GB]:JP
 State or Province Name (full name) [Berkshire]:Kanagawa
 Locality Name (eg, city) [Newbury]:Yokohama
 Organization Name (eg, company) [My Company Ltd]:Private IT admin
 Organizational Unit Name (eg, section) []:IT
 Common Name (eg, your name or your server's hostname) []:wiki.hmuna.com
 Email Address []:
 
 Please enter the following 'extra' attributes
 to be sent with your certificate request
 A challenge password []:
 An optional company name []:
- CSR の確認

 [root@spirit certs_official]# cat sslcsr/domainname.csr
 -----BEGIN CERTIFICATE REQUEST-----
 MIIBtDCCAR0CAQAwdDELMAkGA1UEBhMCSlAxETAPBgNVBAgTCEthbmFnYXdhMREw
 DwYDVQQHEwhZb2tvaGFtYTEZMBcGA1UEChMQUHJpdmF0ZSBJVCBhZG1pbjELMAkG
 A1UECxMCSVQxFzAVBgNVBAMTDndpa2kuaG11bmEuY29tMIGfMA0GCSqGSIb3DQEB
 AQUAA4GNADCBiQKBgQDCPAQjbKSliTsmYpDwBZGftVgpVXDyhZzpnapX0lWAJGG0
 +hPtlfe/W6D5RE+v4a54LcyLoH87fCk6xeyj0iKm8CS7/qXnQy8IC2hKNIXi/iWE
 smTQTo1rHlvcsKt+7tGb6j+JYDm6x6pmF/O7aiXNuhfHHrUZ72i296z5pmhyPQID
 AQABoAAwDQYJKoZIhvcNAQEEBQADgYEAqHM2xEScqFn7lYyQYcuJ3R6/GoGenOsS
 lzVv4O/JBegXzVkNy9hO/9JOZ5NRXl6HO23IMwnfPLV5cRMwGP2Tmg4gpUapbVJw
 6b1VxZQ211MOte+AqBpSpRkJwS2Wqp/7L3COJ4zUvjc2wVu9AuuUXp7t5stOJdgv
 LF0pCU1rQRE=
 -----END CERTIFICATE REQUEST-----

*** サーバー証明書 (発行されたもの) [#t1364983]

-  ◆サーバ証明書 wiki_hmuna_com.crt
-- &ref(wiki_hmuna_com.crt);

 -----BEGIN CERTIFICATE-----
 MIIE3TCCA8WgAwIBAgIQPZY0g0om9/etTh43tJeIhDANBgkqhkiG9w0BAQUFADB7
 MQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD
 VQQHEwdTYWxmb3JkMRowGAYDVQQKExFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE
 AxMYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTA2MTIxNDAwMDAwMFoXDTA3
 MTIxNDIzNTk1OVowgfwxCzAJBgNVBAYTAkpQMREwDwYDVQQREwgyMzEtMDAyMzER
 MA8GA1UECBMIS2FuYWdhd2ExETAPBgNVBAcTCFlva29oYW1hMSowKAYDVQQJEyFu
 YWthLXdhcmQgeWFtYXNoaXRhLWNobyA4Ny0xLTEyMDMxGTAXBgNVBAoTEFByaXZh
 dGUgSVQgYWRtaW4xCzAJBgNVBAsTAklUMScwJQYDVQQLEx5Qcm92aWRlZCBieSBI
 eXBlciBCb3ggQ28uLEx0ZC4xHjAcBgNVBAsTFUh5cGVyVHJ1c3QgSW5zdGFudFNT
 TDEXMBUGA1UEAxMOd2lraS5obXVuYS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0A
 MIGJAoGBAMI8BCNspKWJOyZikPAFkZ+1WClVcPKFnOmdqlfSVYAkYbT6E+2V979b
 oPlET6/hrngtzIugfzt8KTrF7KPSIqbwJLv+pedDLwgLaEo0heL+JYSyZNBOjWse
 W9ywq37u0ZvqP4lgObrHqmYX87tqJc26F8cetRnvaLb3rPmmaHI9AgMBAAGjggFd
 MIIBWTAfBgNVHSMEGDAWgBQwQ9xkzRlcqfMZ0jcJlpGeDOjWPTAdBgNVHQ4EFgQU
 o8cF8TsdrBn4PlUttTnaanVb+oswDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQC
 MAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBEGCWCGSAGG+EIBAQQE
 AwIGwDBGBgNVHSAEPzA9MDsGDCsGAQQBsjEBAgEDBDArMCkGCCsGAQUFBwIBFh1o
 dHRwczovL3NlY3VyZS5jb21vZG8ubmV0L0NQUzB/BgNVHR8EeDB2MDqgOKA2hjRo
 dHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzXzIu
 Y3JsMDigNqA0hjJodHRwOi8vY3JsLmNvbW9kby5uZXQvQUFBQ2VydGlmaWNhdGVT
 ZXJ2aWNlc18yLmNybDANBgkqhkiG9w0BAQUFAAOCAQEArz+qFoFrMb7n10uoGGtX
 Zk8vnFfyR0iO0pL/EfRsnHMRKqiDnCTBmTky3+Ey67eKvQ79AM6d/Wgk0CaQ6gF+
 +dtasnPnN60FSlD7n1JnzDjY1jYP4VB5FXOp4YmklHuQnNHArxLMLOkllQLj3VqQ
 ipooFv61WaSfWXQ9rEr0ptxXnGTKDMetNbce5CoOi7TLML+6uqJs7HHQSseY3Owb
 lkaEjbzIi63iqfRzJKE05Fb30TzitMHqd0XlOmTiaWsdW7HWCFEUbwk/39LlgijG
 iB6YyIE7os34VvuaDdz9gOCtpXJz/YyWlzTgZd7WawzgNpqHxFMDB8xX7tciHfHm
 GA==
 -----END CERTIFICATE-----

- ◆中間証明書 AAACertificateServices_2.crt
-- &ref(AAACertificateServices_2.crt);

 -----BEGIN CERTIFICATE-----
 MIIE+TCCBGKgAwIBAgIEQobyPTANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC
 VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u
 ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc
 KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u
 ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEw
 MTkxNDM5NTFaFw0xMjEwMTkxNTA5NTFaMHsxCzAJBgNVBAYTAkdCMRswGQYDVQQI
 ExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoT
 EUNvbW9kbyBDQSBMaW1pdGVkMSEwHwYDVQQDExhBQUEgQ2VydGlmaWNhdGUgU2Vy
 dmljZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwTi7RP1GPN5ld
 dmz44SMCk0QrTIjyUASQxtfK10D+zRfalGtz8D0KmyPdmBgHYqhuEZl4PXKQFJZx
 /vqP9QOEjvuFpcXk9+3keL7fqsecx5/fId99z2DUcLvUyqZbudcObpRVdi0ZjJU6
 Ji6RZ5NnJ/6UCkhinY+Y4SVjS74rkjZPEUg5ZuGxHCY1Vuk9247/H24kYw91dVMX
 SFwwj9AEul7D6dsvHRgGFnH/ivaZwXlfgu3YoC9GBqTrKeaO/VKNvYNX0C9xFQ7M
 C/aO+qsO+qCsaJet/Vn8GRMzewuDapBjVSbneAWKuBzvdcHCJ59OlwQp0JfBQdi8
 DxPcoli5AgMBAAGjggG7MIIBtzASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdJQQW
 MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUMEPcZM0ZXKnzGdI3CZaR
 ngzo1j0wggEYBgNVHR8EggEPMIIBCzAooCagJIYiaHR0cDovL2NybC5lbnRydXN0
 Lm5ldC9zZXJ2ZXIxLmNybDCB3qCB26CB2KSB1TCB0jELMAkGA1UEBhMCVVMxFDAS
 BgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5uZXQvQ1BT
 IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMcKGMpIDE5
 OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5uZXQgU2Vj
 dXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTENMAsGA1UEAxMEQ1JM
 MTALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8BdiE1U9s/8KAGv7UISX8+1i0Bow
 GQYJKoZIhvZ9B0EABAwwChsEVjcuMQMCAIEwDQYJKoZIhvcNAQEFBQADgYEAVIA4
 t7BnKt3gENkLFmXzlm9BMD7f3rv4WjZRMdcvD/pdI5aYqkWgGAqCmhE2Y1hQUKXB
 wyo+HeFt9n49StOZzv6orwtFwtvCuOlJxaFi7XVm5t6LW3Nw+pxLkFET10iYxlQS
 1O6Jx8nPADfns9Nliyzn+D/xC+N6Bvkpfs+5FHY=
 -----END CERTIFICATE-----

- EntrustSecureServerCA.crtはルート証明書となり通常利用いたしません。
--&ref(wiki_hmuna_com.zip);

*** サーバー証明書(2007-12 更新) [#dd881b6e]

◆サーバ証明書 wiki_hmuna_com.crt
‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾
-- &ref(wiki_hmuna_com_2008.crt);

 -----BEGIN CERTIFICATE-----
 MIIE3jCCA8agAwIBAgIRAJkU313pNHrvHI3tQsdXjw8wDQYJKoZIhvcNAQEFBQAw
 ezELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
 A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNV
 BAMTGEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczAeFw0wNzEyMjEwMDAwMDBaFw0x
 MDEyMjAyMzU5NTlaMIH8MQswCQYDVQQGEwJKUDERMA8GA1UEERMIMjMxLTAwMjMx
 ETAPBgNVBAgTCEthbmFnYXdhMREwDwYDVQQHEwhZb2tvaGFtYTEqMCgGA1UECRMh
 bmFrYS13YXJkIHlhbWFzaGl0YS1jaG8gODctMS0xMjAzMRkwFwYDVQQKExBQcml2
 YXRlIElUIGFkbWluMQswCQYDVQQLEwJJVDEnMCUGA1UECxMeUHJvdmlkZWQgYnkg
 SHlwZXIgQm94IENvLixMdGQuMR4wHAYDVQQLExVIeXBlclRydXN0IEluc3RhbnRT
 U0wxFzAVBgNVBAMTDndpa2kuaG11bmEuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN
 ADCBiQKBgQC+H6yxwxT+vdKI6sfLl9rzN4bQojutc6/mZC0FN9t+E9IwVuIfIPGr
 mWofKy8zvh5OH4jXsmZkVNdsFKF4D7axnJ9cA17h4AXy0M3NHnhXE5VdQGGZwy6R
 HbxO9PvoVZzqiVWsGdzbWx32dbZJv9YtAxy4FxB6PYmd8q1z4HugWwIDAQABo4IB
 XTCCAVkwHwYDVR0jBBgwFoAUMEPcZM0ZXKnzGdI3CZaRngzo1j0wHQYDVR0OBBYE
 FLwjTxLAUU4fxYzdv4arZAuHZrrnMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8E
 AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjARBglghkgBhvhCAQEE
 BAMCBsAwRgYDVR0gBD8wPTA7BgwrBgEEAbIxAQIBAwQwKzApBggrBgEFBQcCARYd
 aHR0cHM6Ly9zZWN1cmUuY29tb2RvLm5ldC9DUFMwfwYDVR0fBHgwdjA6oDigNoY0
 aHR0cDovL2NybC5jb21vZG9jYS5jb20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNlc18y
 LmNybDA4oDagNIYyaHR0cDovL2NybC5jb21vZG8ubmV0L0FBQUNlcnRpZmljYXRl
 U2VydmljZXNfMi5jcmwwDQYJKoZIhvcNAQEFBQADggEBAIvbjlUM/HtXUC1OpPt2
 GUJqZOpixoZwfsk/eg7jYO6oGRog19wbRIzQKn2cdHzDXgqiYpX44aA4/B5uuL4j
 FDaolKR07nil9sStc7vsoNhnD4IAKB2kCyzERZBM7uVRqUvofGedloDzkHiPU4xb
 gJlzsQBX/Yo90OLsM4gYt2voI23u7xkUupIu6jImKwWByoegbo9eHM9NJmBZFZUF
 /OK53K/3txMlsPRz5Cw0y7FQLQqY19HGMLlBVJgzWslYCGIIJusEZsSHo+ZKtfFj
 GtkMm2l7Cj9SBhhmzUOunfeAJUPQ01cxM0tLRw9G4HRDLAFiyyIQTurd218f4Eg6
 pp8=
 -----END CERTIFICATE-----



◆中間証明書 AAACertificateServices_2.crt
‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾
-- &ref(AAACertificateServices_2_2008.crt);

 -----BEGIN CERTIFICATE-----
 MIIE+TCCBGKgAwIBAgIEQobyPTANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC
 VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u
 ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc
 KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u
 ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEw
 MTkxNDM5NTFaFw0xMjEwMTkxNTA5NTFaMHsxCzAJBgNVBAYTAkdCMRswGQYDVQQI
 ExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoT
 EUNvbW9kbyBDQSBMaW1pdGVkMSEwHwYDVQQDExhBQUEgQ2VydGlmaWNhdGUgU2Vy
 dmljZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwTi7RP1GPN5ld
 dmz44SMCk0QrTIjyUASQxtfK10D+zRfalGtz8D0KmyPdmBgHYqhuEZl4PXKQFJZx
 /vqP9QOEjvuFpcXk9+3keL7fqsecx5/fId99z2DUcLvUyqZbudcObpRVdi0ZjJU6
 Ji6RZ5NnJ/6UCkhinY+Y4SVjS74rkjZPEUg5ZuGxHCY1Vuk9247/H24kYw91dVMX
 SFwwj9AEul7D6dsvHRgGFnH/ivaZwXlfgu3YoC9GBqTrKeaO/VKNvYNX0C9xFQ7M
 C/aO+qsO+qCsaJet/Vn8GRMzewuDapBjVSbneAWKuBzvdcHCJ59OlwQp0JfBQdi8
 DxPcoli5AgMBAAGjggG7MIIBtzASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdJQQW
 MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUMEPcZM0ZXKnzGdI3CZaR
 ngzo1j0wggEYBgNVHR8EggEPMIIBCzAooCagJIYiaHR0cDovL2NybC5lbnRydXN0
 Lm5ldC9zZXJ2ZXIxLmNybDCB3qCB26CB2KSB1TCB0jELMAkGA1UEBhMCVVMxFDAS
 BgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5uZXQvQ1BT
 IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMcKGMpIDE5
 OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5uZXQgU2Vj
 dXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTENMAsGA1UEAxMEQ1JM
 MTALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8BdiE1U9s/8KAGv7UISX8+1i0Bow
 GQYJKoZIhvZ9B0EABAwwChsEVjcuMQMCAIEwDQYJKoZIhvcNAQEFBQADgYEAVIA4
 t7BnKt3gENkLFmXzlm9BMD7f3rv4WjZRMdcvD/pdI5aYqkWgGAqCmhE2Y1hQUKXB
 wyo+HeFt9n49StOZzv6orwtFwtvCuOlJxaFi7XVm5t6LW3Nw+pxLkFET10iYxlQS
 1O6Jx8nPADfns9Nliyzn+D/xC+N6Bvkpfs+5FHY=
 -----END CERTIFICATE-----

- EntrustSecureServerCA.crtはルート証明書となり通常利用いたしません。
--&ref(wiki_hmuna_com_2008.zip);


*** サーバー鍵へのパスフレーズの埋め込み [#gb5eb1c8]
mod_ssl の Private key ファイル(/usr/local/certs_official/sslkey/domainname.key )に、OpenSSL のコマンドを使用してパスフレーズを埋め込んでおくことで Apacheを起動する度にパスフレーズの入力を求められることがなくなます。

- Private key にパスフレーズを埋め込む

 [root@spirit ~]# cd /usr/local/certs_official/sslkey/
 [root@spirit sslkey]# openssl rsa < domainname.key > server.key.out
 Enter pass phrase: <--- "munaofficial"
 writing RSA key
 [root@spirit sslkey]# mv domainname.key domainname.key_without_passphrase
 [root@spirit sslkey]# mv server.key.out domainname.key

- パスフレーズを聞かれずに立ち上がるようになった

 [root@spirit sslkey]# service httpd restart
 httpd を停止中:                                            [  OK  ]
 httpd を起動中:                                            [  OK  ]


*** 2007.12 に更新時期となったので 3年間のキーを再申請した [#i91e2438]

- パスフレーズは (前回と同じ) munaofficial
- CSR 申請用のデータも上記と同じ
- /etc/httpd/conf の下にファイルを生成した

 [root@spirit conf]# ls -lR
 .:
 合計 88
 -rw-r--r-- 1 root root 45426  9月  5 17:04 httpd.conf
 -rw-r--r-- 1 root root 12958  6月 27 08:34 magic
 drwxr-xr-x 2 root root  4096 12月 21 13:11 ssl.csr
 drwxr-xr-x 2 root root  4096 12月 21 13:02 ssl.key
 
 ./ssl.csr:
 合計 8
 -rw-r--r-- 1 root root 668 12月 21 13:11 domainname.csr
 
 ./ssl.key:
 合計 8
 -rw-r--r-- 1 root root 963 12月 21 13:06 domainname.key

- 今回生成し直した 秘密鍵(domainname.key)とサーバー証明書(domainame.csr)
-- domainname.key (2007-12-21)
 [root@spirit conf]# cat ./ssl.key/domainname.key
 -----BEGIN RSA PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
 DEK-Info: DES-EDE3-CBC,948273E63447D5FA
 
 pH8yW01PXCvQkoTa+esTMYnWECODWzJnkbja3T1nc39NY0AFaSEjJ2Ji3Q3pAkXg
 u6i/EyAMkToZKZba6GGLjAwsiNr9RqweTGIQbIyHuZYB+oG+10XiDqFVxx4R/czs
 Bb26KjLP+6cxo9px0Ilmm3BYfwWoM7VOJmqytKJB4G8qs1aecqYL+usNniOQ3XlF
 GsX+iXB7KN6uqkJ3Etp9nSfkvzTIA3Y9IGna/gYc7B3qS850BXQiEYpUSohUW+R9
 i67cfi7iVP2bQTbVrf79ndiX0xX8El1llLZSOrZ7lkEZ1uCngaT3Tu518BXDetIo
 N5e1QyxxaWx86bvl8yrS8JzstqJzRdmDg9eKhhgUyxT/7tiYUs0/Gn7slgmvHzFa
 03ZyR69qmMlO6YzMjLl3XtpIsY7hGqczrSRwfbb/3OJfg22EwXArGxl3elymOUO6
 Q4MslddleD0B6j86fS0MCQ0dB5FHHm+QdQI+hrHanOaoejHr0+2RWsux2dUu22Ui
 +r/ps08YmLvAKApXiTacWVdtX6xIxWmJEFjUyXaAYo10Jn3lGM2D+i8k/61m38vs
 g7ReESmbH2S2i+Xk+o2J7r+PlaLHOCCs328PAKahAc8a/7taZ4G6NmcKXTliAj5E
 O7HrQ3cG7Hu+IKNZAOYUnxYGtfwbBUv/Au1HgeEAociE+ZpzmgsN3LBpZXz2QuMM
 kWMyc3D4k2ZCV5lcr33SBfwqM79MeSwNdzea+4q4T44lwzHtYO57Mn+UPHhkkmde
 RLeG2iMWX5rau4cu2O71ZuAnUrqeen6toWiXEmdliQ9yfwTZLLWiMw==
 -----END RSA PRIVATE KEY-----

-- domainname.csr (2007-12-21)
 [root@spirit conf]# cat ./ssl.csr/domainname.csr
 -----BEGIN CERTIFICATE REQUEST-----
 MIIBtDCCAR0CAQAwdDELMAkGA1UEBhMCSlAxETAPBgNVBAgTCEthbmFnYXdhMREw
 DwYDVQQHEwhZb2tvaGFtYTEZMBcGA1UEChMQUHJpdmF0ZSBJVCBhZG1pbjELMAkG
 A1UECxMCSVQxFzAVBgNVBAMTDndpa2kuaG11bmEuY29tMIGfMA0GCSqGSIb3DQEB
 AQUAA4GNADCBiQKBgQC+H6yxwxT+vdKI6sfLl9rzN4bQojutc6/mZC0FN9t+E9Iw
 VuIfIPGrmWofKy8zvh5OH4jXsmZkVNdsFKF4D7axnJ9cA17h4AXy0M3NHnhXE5Vd
 QGGZwy6RHbxO9PvoVZzqiVWsGdzbWx32dbZJv9YtAxy4FxB6PYmd8q1z4HugWwID
 AQABoAAwDQYJKoZIhvcNAQEFBQADgYEAuknehigV42BZI0BxhkHNsXzZLrUWnWcY
 ze4tqL1WZaToTVdlceKULVGyCtyIK7n/StfINtWwjZMzKV09scYtJh8fzkta4kLQ
 fCFxBdePdYhL4K72AMwU2sWHoJTzLKQAYFda1/rNochhtFDuWJfG1nVxvbDbK/Xx
 a/BA40iC/iM=
 -----END CERTIFICATE REQUEST-----
トップ   編集 差分 履歴 添付 複製 名前変更 リロード   新規 一覧 検索 最終更新   ヘルプ   最終更新のRSS