HomeServer18B
の編集
index.php?HomeServer18B
[
トップ
] [
編集
|
差分
|
履歴
|
添付
|
リロード
] [
新規
|
一覧
|
検索
|
最終更新
|
ヘルプ
]
-- 雛形とするページ --
(no template pages)
#contents() *** KEY ファイルの作成 [#e10f9d1f] - AWS のホームディレクトリで作成 - passphrase = nanamochahiko - module = &color(red){00:b1:45:a5:4e:ea:8f:....}; - &ref(hmuna_190831.key); [AWS] ubuntu:~/work20190831$ openssl genrsa -des3 2048 > hmuna_190831.key Generating RSA private key, 2048 bit long modulus ....................+++ .+++ e is 65537 (0x10001) Enter pass phrase: Verifying - Enter pass phrase: [AWS] ubuntu:~/work20190831$ ls -l total 4 -rw-rw-r-- 1 ubuntu ubuntu 1743 Aug 31 09:18 hmuna_190831.key [AWS] ubuntu:~/work20190831$ sudo openssl rsa -in hmuna_190831.key -text Enter pass phrase for hmuna_190831.key: Private-Key: (2048 bit) modulus: 00:b1:45:a5:4e:ea:8f:c1:f1:b4:53:36:50:0d:1d: 93:ec:f4:b8:55:5c:d1:0e:de:11:ab:88:53:ad:d6: 2c:28:81:b8:d2:dd:1c:ff:73:d6:93:7d:de:0c:54: c8:c4:a5:28:0a:83:e1:76:d2:3e:9a:59:1c:72:23: 32:51:10:db:e4:da:97:83:8b:95:d9:c7:7e:d1:f3: 44:fb:a8:d2:c2:7b:0a:b9:ce:4f:16:17:d9:d3:2e: a7:60:dc:d3:16:2c:8f:a7:55:12:4e:11:ad:9b:ee: ce:ca:30:db:5c:65:b6:e7:61:73:3b:db:16:f1:27: 17:ab:f8:ec:50:8c:0c:64:f1:a6:20:56:da:88:7d: 33:28:2e:1e:16:eb:44:c4:9f:eb:bd:64:ae:d3:e9: 9f:6d:7b:2f:37:b0:c1:69:22:f4:36:3c:6d:dd:e2: 35:00:d3:6f:a1:b8:8c:c4:d5:1f:c5:4c:d0:db:15: 0e:3f:8b:97:4d:0c:ea:35:9d:c1:90:49:b1:eb:f2: 16:9d:af:66:51:41:85:de:64:20:de:d0:37:dc:5d: a2:37:cb:14:67:61:6b:31:7c:01:01:8c:c4:b2:f1: a5:3f:43:c0:c4:d7:83:f9:0e:10:28:2b:e2:be:d2: 0e:89:74:7f:16:b6:12:6b:15:97:23:eb:ac:4f:8e: 32:b9 publicExponent: 65537 (0x10001) *** CSR ファイルの作成 [#a20a4427] - AWS のホームディレクトリで作成 - passphrase = nanamochahiko - module = &color(red){00:b1:45:a5:4e:ea:8f:....}; - &ref(hmuna_190831.csr); [AWS] ubuntu:~/work20190831$ openssl req -new -key hmuna_190831.key -out hmuna_190831.csr Enter pass phrase for hmuna_190831.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:JP State or Province Name (full name) [Some-State]:Kanagawa Locality Name (eg, city) []:Yokohama Organization Name (eg, company) [Internet Widgits Pty Ltd]:IT Admin Organizational Unit Name (eg, section) []:IT Common Name (e.g. server FQDN or YOUR name) []:mail.hmuna.com Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: [AWS] ubuntu:~/work20190831$ ls -la total 16 drwxrwxr-x 2 ubuntu ubuntu 4096 Aug 31 09:33 . drwxr-xr-x 7 ubuntu ubuntu 4096 Aug 31 09:17 .. -rw-rw-r-- 1 ubuntu ubuntu 1009 Aug 31 09:33 hmuna_190831.csr -rw-rw-r-- 1 ubuntu ubuntu 1743 Aug 31 09:18 hmuna_190831.key [AWS] ubuntu:~/work20190831$ sudo openssl req -in hmuna_190831.csr -text Certificate Request: Data: Version: 0 (0x0) Subject: C=JP, ST=Kanagawa, L=Yokohama, O=IT Admin, OU=IT, CN=mail.hmuna.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:b1:45:a5:4e:ea:8f:c1:f1:b4:53:36:50:0d:1d: 93:ec:f4:b8:55:5c:d1:0e:de:11:ab:88:53:ad:d6: 2c:28:81:b8:d2:dd:1c:ff:73:d6:93:7d:de:0c:54: c8:c4:a5:28:0a:83:e1:76:d2:3e:9a:59:1c:72:23: 32:51:10:db:e4:da:97:83:8b:95:d9:c7:7e:d1:f3: 44:fb:a8:d2:c2:7b:0a:b9:ce:4f:16:17:d9:d3:2e: a7:60:dc:d3:16:2c:8f:a7:55:12:4e:11:ad:9b:ee: ce:ca:30:db:5c:65:b6:e7:61:73:3b:db:16:f1:27: 17:ab:f8:ec:50:8c:0c:64:f1:a6:20:56:da:88:7d: 33:28:2e:1e:16:eb:44:c4:9f:eb:bd:64:ae:d3:e9: 9f:6d:7b:2f:37:b0:c1:69:22:f4:36:3c:6d:dd:e2: 35:00:d3:6f:a1:b8:8c:c4:d5:1f:c5:4c:d0:db:15: 0e:3f:8b:97:4d:0c:ea:35:9d:c1:90:49:b1:eb:f2: 16:9d:af:66:51:41:85:de:64:20:de:d0:37:dc:5d: a2:37:cb:14:67:61:6b:31:7c:01:01:8c:c4:b2:f1: a5:3f:43:c0:c4:d7:83:f9:0e:10:28:2b:e2:be:d2: 0e:89:74:7f:16:b6:12:6b:15:97:23:eb:ac:4f:8e: 32:b9 Exponent: 65537 (0x10001) *** [[SSLストア:https://www.ssl-store.jp/system/service.php/certificate]] から新規で Positive SSL(2年/2,400円)を購入 [#id1f488c] - OU を空欄にしないと審査に時間かかる事がある.... と書いてあったが、上記の設定(OU=IT) で申請した - &ref(【SSLストア】お申込み完了のご案内(cs1-0700584).eml); - 数分で証明書が発行された -----> &ref(mail_hmuna_com.zip); ************************************************** 証明書番号:cs1-0700584 商品名 :PositiveSSL 年数 :2年 ************************************************** ------------------------------------------------------ 証明書情報 ------------------------------------------------------ 証明書番号:cs1-0700584 コモンネーム:mail.hmuna.com CSR: -----BEGIN CERTIFICATE REQUEST----- MIICsTCCAZkCAQAwbDELMAkGA1UEBhMCSlAxETAPBgNVBAgMCEthbmFnYXdhMREw DwYDVQQHDAhZb2tvaGFtYTERMA8GA1UECgwISVQgQWRtaW4xCzAJBgNVBAsMAklU MRcwFQYDVQQDDA5tYWlsLmhtdW5hLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBALFFpU7qj8HxtFM2UA0dk+z0uFVc0Q7eEauIU63WLCiBuNLdHP9z 1pN93gxUyMSlKAqD4XbSPppZHHIjMlEQ2+Tal4OLldnHftHzRPuo0sJ7CrnOTxYX 2dMup2Dc0xYsj6dVEk4RrZvuzsow21xltudhczvbFvEnF6v47FCMDGTxpiBW2oh9 MyguHhbrRMSf671krtPpn217LzewwWki9DY8bd3iNQDTb6G4jMTVH8VM0NsVDj+L l00M6jWdwZBJsevyFp2vZlFBhd5kIN7QN9xdojfLFGdhazF8AQGMxLLxpT9DwMTX g/kOECgr4r7SDol0fxa2EmsVlyPrrE+OMrkCAwEAAaAAMA0GCSqGSIb3DQEBCwUA A4IBAQApBz5i+iAEC24wJVF4e87FgS1fj1pcY88wtT0R57D8sKPhJa1NbsfYxabZ ZGD1HejTqFwsFoT/9Ir+J6BtbcRd9FAhQuihqHvD/OAOC8+0mOJdteCxTLHBeHz8 C6GBcnPhlW4zut6DFaQ0UmrQzV41xal1ZQngFYepBgnpmXb8jHs8dcErT6hKx5Da KX8MSINqKV3AzlkHXOgv8LWE6apqKPR7bqWFszke0xIooLWnuiXC/lHb3Z5dd5YS Oug91HuQFFxiGAcaD0z1a4yXJCFO+KAivjMJm2dimGbyz9tqpqanntGQr0rxDMKD 932CvxEVTTSwViu63gzGU7U7kRDe -----END CERTIFICATE REQUEST----- *** メールサーバー(AWS) に証明書を転送 [#f5595f63] - ssh を使ったメールサーバー接続 -- ssh -i (秘密鍵) ubuntu@(公開DNS名) --- 秘密鍵 : &ref(magu-tokyo-messenger.pem); --- アカウント : ubuntu --- 接続先 : ec2-13-114-88-171.ap-northeast-1.compute.amazonaws.com - scp を使って証明書ファイルを AWS サーバーにアップロード -- scp -i (秘密鍵) (転送ファイル名) ubuntu@(公開DN名)&color(red){:~}; ← 最後のコロン+にょろ が重要 munakata@muna-E450:~/mail_cert_wk$ scp -i magu-tokyo-messenger.pem mail_hmuna_com.zip ubuntu@ec2-13-114-88-171.ap-northeast-1.compute.amazonaws.com:~ mail_hmuna_com.zip 100% 8467 501.1KB/s 00:00 munakata@muna-E450:~/mail_cert_wk$ -- AWS 側にファイルが転送された [AWS] ubuntu:~$ ls -l total 40 -rw------- 1 root root 312 Sep 1 2017 dkim.txt -rw-rw-r-- 1 ubuntu ubuntu 17501 Aug 25 2017 maildb_backup_20170825.sql -rw-rw-r-- 1 ubuntu ubuntu 8467 Aug 31 10:24 mail_hmuna_com.zip drwxrwxr-x 2 ubuntu ubuntu 4096 Aug 31 10:26 work20190831 *** 発行された証明書が KEY、CSR と一致するかを確認 ・・・・・ &color(red){当たり前だが、ちゃんと一致}; [#gdf23787] - module = &color(red){00:b1:45:a5:4e:ea:8f:c1:....}; [AWS] ubuntu:~/work20190831$ openssl x509 -text < mail_hmuna_com.crt Certificate: Data: Version: 3 (0x2) Serial Number: 87:58:60:51:f4:68:a1:b1:e7:e7:8b:d4:08:1b:1a:a6 Signature Algorithm: sha256WithRSAEncryption Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA Validity Not Before: Aug 31 00:00:00 2019 GMT Not After : Aug 30 23:59:59 2021 GMT Subject: OU=Domain Control Validated, CN=mail.hmuna.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:b1:45:a5:4e:ea:8f:c1:f1:b4:53:36:50:0d:1d: 93:ec:f4:b8:55:5c:d1:0e:de:11:ab:88:53:ad:d6: 2c:28:81:b8:d2:dd:1c:ff:73:d6:93:7d:de:0c:54: c8:c4:a5:28:0a:83:e1:76:d2:3e:9a:59:1c:72:23: 32:51:10:db:e4:da:97:83:8b:95:d9:c7:7e:d1:f3: 44:fb:a8:d2:c2:7b:0a:b9:ce:4f:16:17:d9:d3:2e: a7:60:dc:d3:16:2c:8f:a7:55:12:4e:11:ad:9b:ee: ce:ca:30:db:5c:65:b6:e7:61:73:3b:db:16:f1:27: 17:ab:f8:ec:50:8c:0c:64:f1:a6:20:56:da:88:7d: 33:28:2e:1e:16:eb:44:c4:9f:eb:bd:64:ae:d3:e9: 9f:6d:7b:2f:37:b0:c1:69:22:f4:36:3c:6d:dd:e2: 35:00:d3:6f:a1:b8:8c:c4:d5:1f:c5:4c:d0:db:15: 0e:3f:8b:97:4d:0c:ea:35:9d:c1:90:49:b1:eb:f2: 16:9d:af:66:51:41:85:de:64:20:de:d0:37:dc:5d: a2:37:cb:14:67:61:6b:31:7c:01:01:8c:c4:b2:f1: a5:3f:43:c0:c4:d7:83:f9:0e:10:28:2b:e2:be:d2: 0e:89:74:7f:16:b6:12:6b:15:97:23:eb:ac:4f:8e: 32:b9 Exponent: 65537 (0x10001) *** 証明書の調整(名前の変更、ワークディレクトリーへのコピー) [#b09b155e] - zip ファイルを展開 [AWS] ubuntu:~/work20190831$ ls -l total 24 -rw-rw-rw- 1 ubuntu ubuntu 1521 May 30 2000 AddTrustExternalCARoot.crt -rw-rw-rw- 1 ubuntu ubuntu 2269 Aug 31 00:00 mail_hmuna_com.crt -rw-rw-rw- 1 ubuntu ubuntu 2167 Nov 2 2018 SectigoRSADomainValidationSecureServerCA.crt -rw-rw-rw- 1 ubuntu ubuntu 1956 May 30 2000 USERTrustRSAAddTrustCA.crt - 中間証明所をマージ [AWS] ubuntu:~/work20190831$ cat AddTrustExternalCARoot.crt SectigoRSADomainValidationSecureServerCA.crt USERTrustRSAAddTrustCA.crt > mail_hmuna_com.ca-bundle - ファイル名を変更しながら、証明書置き場に移動 [AWS] ubuntu:~/work20190831$ sudo cp mail_hmuna_com.crt /etc/ssl/official_m4_20190831/mail_hmuna_com.crt [AWS] ubuntu:~/work20190831$ sudo cp hmuna_190831.key /etc/ssl/official_m4_20190831/mail_hmuna.key [AWS] ubuntu:~/work20190831$ sudo cp mail_hmuna_com.ca-bundle /etc/ssl/official_m4_20190831/ [AWS] ubuntu:~/work20190831$ sudo cp hmuna_190831.csr /etc/ssl/official_m4_20190831/mail_hmuna_com.csr - 証明書置き場 (=/etc/ssl/official_m4_20190831) [AWS] ubuntu:~/work20190831$ ls -la /etc/ssl/official_m4_20190831/ total 28 drwxr-xr-x 2 root root 4096 Aug 31 10:41 . drwxr-xr-x 7 root root 4096 Aug 31 08:07 .. -rw-r--r-- 1 root root 5644 Aug 31 10:39 mail_hmuna_com.ca-bundle -rw-r--r-- 1 root root 2269 Aug 31 10:38 mail_hmuna_com.crt -rw-r--r-- 1 root root 1009 Aug 31 10:40 mail_hmuna_com.csr -rw-r--r-- 1 root root 1743 Aug 31 10:39 mail_hmuna.key *** 証明書の配置 (従来の dovecot.conf の設定を踏襲) [#n8bb085d] ssl_ca = </etc/apache2/ssl.crt/mail_hmuna_com.ca-bundle <---------------------------- ssl_cert = </etc/ssl/certs/mail_hmuna_com.crt <------------------------------------------ ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA ssl_dh_parameters_length = 2048 ssl_key = </etc/ssl/private/mail_hmuna.key <--------------------------------------------- ssl_prefer_server_ciphers = yes [AWS] ubuntu:~/work20190831$ sudo ls -al /etc/apache2/ssl.crt/ total 32 drwxr-xr-x 2 root root 4096 Aug 31 10:52 . drwxr-xr-x 9 root root 4096 Aug 31 06:24 .. -rw-r--r-- 1 root root 5644 Aug 31 10:52 mail_hmuna_com.ca-bundle -rw-r--r-- 1 root root 5644 Jul 27 08:55 mail_hmuna_com.ca-bundle_notworks -rw-r--r-- 1 ubuntu ubuntu 4103 Aug 26 2017 mail_hmuna_com.ca-bundle_till201908 [AWS] ubuntu:~/work20190831$ sudo ls -la /etc/ssl/certs/mail_hmuna_com.* -rw-r--r-- 1 root root 2269 Aug 31 10:54 /etc/ssl/certs/mail_hmuna_com.crt -rw-r--r-- 1 root root 2269 Jul 14 12:11 /etc/ssl/certs/mail_hmuna_com.crt_notworks -rw-r--r-- 1 ubuntu ubuntu 2327 Aug 26 2017 /etc/ssl/certs/mail_hmuna_com.crt_till201908 [AWS] ubuntu:~/work20190831$ sudo ls -la /etc/ssl/private/ total 24 drwx--x--- 2 root ssl-cert 4096 Aug 31 10:56 . drwxr-xr-x 7 root root 4096 Aug 31 08:07 .. -rw------- 1 root root 424 Aug 25 2017 dhparams.pem -rw------- 1 root root 1743 Aug 31 10:56 mail_hmuna.key -rw------- 1 root root 1704 Jul 27 08:53 mail_hmuna.key_notworks -rw------- 1 root root 1679 Aug 26 2017 mail_hmuna.key_till201908 *** メールサーバーの証明書を更新 [#d8bef6b9] *** postfix ではパスフレーズ付きの KEYファイル(秘密鍵)は扱えない。 パスフレーズを削除する [#ibf5ac81] [AWS] ubuntu:~/work20190831$ openssl rsa -in hmuna_190831.key -out hmuna_190831_wopass.key - オリジナルの KEY ファイル(上の2行に 3DES 暗号化されていると記載) [AWS] ubuntu:~/work20190831$ cat hmuna_190831.key -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,08A385EA24594D48 iZdNp77bkfmhg7yiuFHcWq5OGb0WfCSu1rKXtLfgC7PA0dnRSVGf8j8YPQk8Mst2 aarQkuXPE4IMJ8TI6deKGRAHyF9MI0Ig6UrLSretPSTuJTq+OMLyuVq9pSrpdRja zI6DcLAPNf7ivqbDhkJOdIGZ9yCZjouhAXP1D9T1XOZq0k/MaYlacvq07aorcSli V3km2N+r/cl94N4DMErl2dhM2a5O5j8/vGqgrXNOGt9yDgCvimoVKAKQSjRfeguQ bqW3qVAf5aL5zrPuy4JHpflV9lkUiLeqe36S0emz1tfY7TJscH2f/7vyM/Q4xTmV vfYVD2NaU2hjZS7r2q9QNN5iM0L+7J1gpmB5D48oB51rP4kjtYHvWhwCfZ/TLcO8 IMkzyButmcYUoZa4mAXXAaxxOij2k3vqxYkZGOj5SiA7Qw+88Gk5rFok/ctFnP5D 5oDNAWuOVxop5ZOL9a/8vQTrCmHoWj6bp1/3ySNVsjejAGacrAEBzqamFg0+7Krz cqW3oyhBlt5ACtAYBD5plin/3h/iAzfvd0zueyyM5uHCHMXSN0pgfNgWrjSKSDPL 8xruxGXYPyetvQ+yHror6p/xGWGqbunLjocjR0gAonWNggnRTf/ZYhTmv/+RCbdO 8OcHYBC3S1m3u/ifw/jYQZFPv14AHCJt6v+hdpEhABfQcNexJpYHqOtVP1avr3cn V7aorNLMto07beOxqLxiE6nSxC+5Ko/hHbRv2GfLZJI5vGa/N96KjI2QXRIrH6jw Yy57MwIc6AtabTV6ButO/hvorRIqyE8E0F4aFwkGpZKvrTKAzc6O0s47jLAWeYBt nXti9TY8vFPWeY8BbwD1cL64bdZCDAOud56+4EJgmrDkZM9lFuNdpS7wjLqgbVHR XnhKBt/1g0IHNteW1PBhmr+XhnikklG8fy8UJrz5H7vNeLIfFGOweHF7wVdzD2F9 KiH6nikETh2uKWnQxUNMl9z9t66IZWaS3KhWXHIBMQZZ7uJ6SYQXWi1MdKJNrF0+ 2hbM10yEFWA6NIOpSCyrWLL/LBY/DimMxI8abSKdvN6TBpA3Tc+Nq1VChAzazakp 58cGcnn+5yvZDq5hBrCi6QyN7of1n6joHfwJVwSPOVycFWk2TSX/OjwGLHRkEzPM 6Fo+26bjzN7K+VkP+OSe+QZHnE7rvEQUDC53nlWrO8+/zCWQa6dMLaDPbPcasCnM S2Gyu6bmfbLFogZZQEcsjaUuzO+JGf6wjiftvG0vOt9CnKDDHaXCrIhocLySFb4N HNYS9PnYLTYH5B8WX1wv5/golZr/cqAFBSWsDOoGUSIAMq5XBjPe85ZcdPQ0NJbt CEx8LIDJyY5BX87ibWGysKUnLfSLT1Ed0CDKCAKO+RDJ0KvDofWgnC5VAnrgLGKv WlCESq2WKMbd/c2TuIIfZvsA9DoNhNm/RXeYzWgazg6HxRRcoG17vJ5VAvPlfVD9 yuWXxf23ulrspbeliEzREbhnRNz7Hzyxxol/wWPAxcMrqNwFgjKjZnKc68QL+71f TYEWAaHbpLbkZwvjMBOI6+0zWYHuYbDms5r6k1PnIUN3r9HTKoRqaA== -----END RSA PRIVATE KEY----- - パスフレーズを取った新しい KEY ファイル [AWS] ubuntu:~/work20190831$ cat hmuna_190831_wopass.key -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAsUWlTuqPwfG0UzZQDR2T7PS4VVzRDt4Rq4hTrdYsKIG40t0c /3PWk33eDFTIxKUoCoPhdtI+mlkcciMyURDb5NqXg4uV2cd+0fNE+6jSwnsKuc5P FhfZ0y6nYNzTFiyPp1USThGtm+7OyjDbXGW252FzO9sW8ScXq/jsUIwMZPGmIFba iH0zKC4eFutExJ/rvWSu0+mfbXsvN7DBaSL0Njxt3eI1ANNvobiMxNUfxUzQ2xUO P4uXTQzqNZ3BkEmx6/IWna9mUUGF3mQg3tA33F2iN8sUZ2FrMXwBAYzEsvGlP0PA xNeD+Q4QKCvivtIOiXR/FrYSaxWXI+usT44yuQIDAQABAoIBAC/6InBGSVv7F4vB 0k6KZ8Okw9LOiQIWFgAvqD4PDep0mVnwX+2/Ix7N3O/HboLSFBEsejPXWPwbC/jU D8Ui4/B/PKxsdcT4GhmmVlAp88iQ1mlNLdhT4i8mnEQ536NLsiFeg9K/NBZUvoC4 UlYibSsYE8DqXb4sj1qKxyJRlPUoghVL9R2FRGUyKYUMf5vh6ZvPkWDsvMsBoQXe uXObDR5CVdCzm6qHmkDcJcYxryw7RBnCxGXRtR0BAFMPjOsZBU3y2DwycTunydly n8TtWNBtZiX7H8F7z5S58qi/0deOk9c+9JZE9o373te2iMfgPxmVNHm5e0zZOA4P s2DXXAUCgYEA33Q7/dDXHQdaq9ofw+wk9mIGtx8JA1080JJ6DoKLYNpPrK7V19pQ QqNStgwflUNTyn14x3Ig99aA8RiqtaQ3xoyL4TDVHIEP/xIq8m6XOtXGSsV4/gyC CKInpquGO9Vop4G7wgSSj7bce73iBhc4Wye1x04ePnj2Wa+fJ5c5OysCgYEAyxd1 MWsawB1ancsl/UhJOrKRwDf1CVrI1ytFoeiBItk5/C+P0LbeUu6D/qrcdjr8AfpE 8Ib7Plx+TNpivqNQR3Ee9te4VeC/eAd+SLLbzCxF33G5l0byXRT8oyfKFIslGAo/ AmKMGPLDHHtqSTbvZ6Orx+RViUsCDsYJf8pgh6sCgYEAlZCdXwRcF6gGfqSfQmpb SzbNu+BgDgpoXErOu8uRMyCs166mn7YWpqPfBs8SjLvl59EX+JdhjcHbyIR0LuRe GN2V+wLOgie450fnyyFOxCi2cvG+TH1exByVYa/JR19Oj1/8pp6c4ujIp2KvWNhN 9mWb/G1DPRmF+v3cD4ne2sUCgYBweI84TP5FgnwagtSJDi0vypCZCOQ0yAgN0TMA 1UgeynooRRa6GWvKNbj3ohvxhfzmA3mGUtp00LhJS2//72WYCveA8DpvpMWkbVHs ZNEAo0wW0F5dfrbeAa9fk7t/4Qcr5xC5+2Vms5qF/XsBDOFMXgHV84fDPrzm/Zlp IeSPfQKBgBdYSFSGqkL7Mi9LyUbTbu7UZShT0167nt6eqfCLqzpMzNFA4HEMnYa4 rjPRb0lip4uOOnCX+rO7bp21ORrwUzjaQ45ICk2nfTKj40jNLZBTGvW7jm/rLTkV U9RLB87zzrZcgdK4+bXySmJSkJxWdCPRdUqgTZcC53i5AnFftvPW -----END RSA PRIVATE KEY----- - パスフレーズを取った KEY ファイルの module 情報を確認 [AWS] ubuntu:~/work20190831$ sudo openssl rsa -in hmuna_190831_wopass.key -text Private-Key: (2048 bit) modulus: 00:b1:45:a5:4e:ea:8f:c1:f1:b4:53:36:50:0d:1d: 93:ec:f4:b8:55:5c:d1:0e:de:11:ab:88:53:ad:d6: 2c:28:81:b8:d2:dd:1c:ff:73:d6:93:7d:de:0c:54: c8:c4:a5:28:0a:83:e1:76:d2:3e:9a:59:1c:72:23: 32:51:10:db:e4:da:97:83:8b:95:d9:c7:7e:d1:f3: 44:fb:a8:d2:c2:7b:0a:b9:ce:4f:16:17:d9:d3:2e: a7:60:dc:d3:16:2c:8f:a7:55:12:4e:11:ad:9b:ee: ce:ca:30:db:5c:65:b6:e7:61:73:3b:db:16:f1:27: 17:ab:f8:ec:50:8c:0c:64:f1:a6:20:56:da:88:7d: 33:28:2e:1e:16:eb:44:c4:9f:eb:bd:64:ae:d3:e9: 9f:6d:7b:2f:37:b0:c1:69:22:f4:36:3c:6d:dd:e2: 35:00:d3:6f:a1:b8:8c:c4:d5:1f:c5:4c:d0:db:15: 0e:3f:8b:97:4d:0c:ea:35:9d:c1:90:49:b1:eb:f2: 16:9d:af:66:51:41:85:de:64:20:de:d0:37:dc:5d: a2:37:cb:14:67:61:6b:31:7c:01:01:8c:c4:b2:f1: a5:3f:43:c0:c4:d7:83:f9:0e:10:28:2b:e2:be:d2: 0e:89:74:7f:16:b6:12:6b:15:97:23:eb:ac:4f:8e: 32:b9 publicExponent: 65537 (0x10001) *** postfix / dovecot を再起動して正常に動作する事を確認できた。 [#m643af37] - 今回利用したファイル ------> &ref(SSL_20190831.tgz);
タイムスタンプを変更しない
#contents() *** KEY ファイルの作成 [#e10f9d1f] - AWS のホームディレクトリで作成 - passphrase = nanamochahiko - module = &color(red){00:b1:45:a5:4e:ea:8f:....}; - &ref(hmuna_190831.key); [AWS] ubuntu:~/work20190831$ openssl genrsa -des3 2048 > hmuna_190831.key Generating RSA private key, 2048 bit long modulus ....................+++ .+++ e is 65537 (0x10001) Enter pass phrase: Verifying - Enter pass phrase: [AWS] ubuntu:~/work20190831$ ls -l total 4 -rw-rw-r-- 1 ubuntu ubuntu 1743 Aug 31 09:18 hmuna_190831.key [AWS] ubuntu:~/work20190831$ sudo openssl rsa -in hmuna_190831.key -text Enter pass phrase for hmuna_190831.key: Private-Key: (2048 bit) modulus: 00:b1:45:a5:4e:ea:8f:c1:f1:b4:53:36:50:0d:1d: 93:ec:f4:b8:55:5c:d1:0e:de:11:ab:88:53:ad:d6: 2c:28:81:b8:d2:dd:1c:ff:73:d6:93:7d:de:0c:54: c8:c4:a5:28:0a:83:e1:76:d2:3e:9a:59:1c:72:23: 32:51:10:db:e4:da:97:83:8b:95:d9:c7:7e:d1:f3: 44:fb:a8:d2:c2:7b:0a:b9:ce:4f:16:17:d9:d3:2e: a7:60:dc:d3:16:2c:8f:a7:55:12:4e:11:ad:9b:ee: ce:ca:30:db:5c:65:b6:e7:61:73:3b:db:16:f1:27: 17:ab:f8:ec:50:8c:0c:64:f1:a6:20:56:da:88:7d: 33:28:2e:1e:16:eb:44:c4:9f:eb:bd:64:ae:d3:e9: 9f:6d:7b:2f:37:b0:c1:69:22:f4:36:3c:6d:dd:e2: 35:00:d3:6f:a1:b8:8c:c4:d5:1f:c5:4c:d0:db:15: 0e:3f:8b:97:4d:0c:ea:35:9d:c1:90:49:b1:eb:f2: 16:9d:af:66:51:41:85:de:64:20:de:d0:37:dc:5d: a2:37:cb:14:67:61:6b:31:7c:01:01:8c:c4:b2:f1: a5:3f:43:c0:c4:d7:83:f9:0e:10:28:2b:e2:be:d2: 0e:89:74:7f:16:b6:12:6b:15:97:23:eb:ac:4f:8e: 32:b9 publicExponent: 65537 (0x10001) *** CSR ファイルの作成 [#a20a4427] - AWS のホームディレクトリで作成 - passphrase = nanamochahiko - module = &color(red){00:b1:45:a5:4e:ea:8f:....}; - &ref(hmuna_190831.csr); [AWS] ubuntu:~/work20190831$ openssl req -new -key hmuna_190831.key -out hmuna_190831.csr Enter pass phrase for hmuna_190831.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:JP State or Province Name (full name) [Some-State]:Kanagawa Locality Name (eg, city) []:Yokohama Organization Name (eg, company) [Internet Widgits Pty Ltd]:IT Admin Organizational Unit Name (eg, section) []:IT Common Name (e.g. server FQDN or YOUR name) []:mail.hmuna.com Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: [AWS] ubuntu:~/work20190831$ ls -la total 16 drwxrwxr-x 2 ubuntu ubuntu 4096 Aug 31 09:33 . drwxr-xr-x 7 ubuntu ubuntu 4096 Aug 31 09:17 .. -rw-rw-r-- 1 ubuntu ubuntu 1009 Aug 31 09:33 hmuna_190831.csr -rw-rw-r-- 1 ubuntu ubuntu 1743 Aug 31 09:18 hmuna_190831.key [AWS] ubuntu:~/work20190831$ sudo openssl req -in hmuna_190831.csr -text Certificate Request: Data: Version: 0 (0x0) Subject: C=JP, ST=Kanagawa, L=Yokohama, O=IT Admin, OU=IT, CN=mail.hmuna.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:b1:45:a5:4e:ea:8f:c1:f1:b4:53:36:50:0d:1d: 93:ec:f4:b8:55:5c:d1:0e:de:11:ab:88:53:ad:d6: 2c:28:81:b8:d2:dd:1c:ff:73:d6:93:7d:de:0c:54: c8:c4:a5:28:0a:83:e1:76:d2:3e:9a:59:1c:72:23: 32:51:10:db:e4:da:97:83:8b:95:d9:c7:7e:d1:f3: 44:fb:a8:d2:c2:7b:0a:b9:ce:4f:16:17:d9:d3:2e: a7:60:dc:d3:16:2c:8f:a7:55:12:4e:11:ad:9b:ee: ce:ca:30:db:5c:65:b6:e7:61:73:3b:db:16:f1:27: 17:ab:f8:ec:50:8c:0c:64:f1:a6:20:56:da:88:7d: 33:28:2e:1e:16:eb:44:c4:9f:eb:bd:64:ae:d3:e9: 9f:6d:7b:2f:37:b0:c1:69:22:f4:36:3c:6d:dd:e2: 35:00:d3:6f:a1:b8:8c:c4:d5:1f:c5:4c:d0:db:15: 0e:3f:8b:97:4d:0c:ea:35:9d:c1:90:49:b1:eb:f2: 16:9d:af:66:51:41:85:de:64:20:de:d0:37:dc:5d: a2:37:cb:14:67:61:6b:31:7c:01:01:8c:c4:b2:f1: a5:3f:43:c0:c4:d7:83:f9:0e:10:28:2b:e2:be:d2: 0e:89:74:7f:16:b6:12:6b:15:97:23:eb:ac:4f:8e: 32:b9 Exponent: 65537 (0x10001) *** [[SSLストア:https://www.ssl-store.jp/system/service.php/certificate]] から新規で Positive SSL(2年/2,400円)を購入 [#id1f488c] - OU を空欄にしないと審査に時間かかる事がある.... と書いてあったが、上記の設定(OU=IT) で申請した - &ref(【SSLストア】お申込み完了のご案内(cs1-0700584).eml); - 数分で証明書が発行された -----> &ref(mail_hmuna_com.zip); ************************************************** 証明書番号:cs1-0700584 商品名 :PositiveSSL 年数 :2年 ************************************************** ------------------------------------------------------ 証明書情報 ------------------------------------------------------ 証明書番号:cs1-0700584 コモンネーム:mail.hmuna.com CSR: -----BEGIN CERTIFICATE REQUEST----- MIICsTCCAZkCAQAwbDELMAkGA1UEBhMCSlAxETAPBgNVBAgMCEthbmFnYXdhMREw DwYDVQQHDAhZb2tvaGFtYTERMA8GA1UECgwISVQgQWRtaW4xCzAJBgNVBAsMAklU MRcwFQYDVQQDDA5tYWlsLmhtdW5hLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBALFFpU7qj8HxtFM2UA0dk+z0uFVc0Q7eEauIU63WLCiBuNLdHP9z 1pN93gxUyMSlKAqD4XbSPppZHHIjMlEQ2+Tal4OLldnHftHzRPuo0sJ7CrnOTxYX 2dMup2Dc0xYsj6dVEk4RrZvuzsow21xltudhczvbFvEnF6v47FCMDGTxpiBW2oh9 MyguHhbrRMSf671krtPpn217LzewwWki9DY8bd3iNQDTb6G4jMTVH8VM0NsVDj+L l00M6jWdwZBJsevyFp2vZlFBhd5kIN7QN9xdojfLFGdhazF8AQGMxLLxpT9DwMTX g/kOECgr4r7SDol0fxa2EmsVlyPrrE+OMrkCAwEAAaAAMA0GCSqGSIb3DQEBCwUA A4IBAQApBz5i+iAEC24wJVF4e87FgS1fj1pcY88wtT0R57D8sKPhJa1NbsfYxabZ ZGD1HejTqFwsFoT/9Ir+J6BtbcRd9FAhQuihqHvD/OAOC8+0mOJdteCxTLHBeHz8 C6GBcnPhlW4zut6DFaQ0UmrQzV41xal1ZQngFYepBgnpmXb8jHs8dcErT6hKx5Da KX8MSINqKV3AzlkHXOgv8LWE6apqKPR7bqWFszke0xIooLWnuiXC/lHb3Z5dd5YS Oug91HuQFFxiGAcaD0z1a4yXJCFO+KAivjMJm2dimGbyz9tqpqanntGQr0rxDMKD 932CvxEVTTSwViu63gzGU7U7kRDe -----END CERTIFICATE REQUEST----- *** メールサーバー(AWS) に証明書を転送 [#f5595f63] - ssh を使ったメールサーバー接続 -- ssh -i (秘密鍵) ubuntu@(公開DNS名) --- 秘密鍵 : &ref(magu-tokyo-messenger.pem); --- アカウント : ubuntu --- 接続先 : ec2-13-114-88-171.ap-northeast-1.compute.amazonaws.com - scp を使って証明書ファイルを AWS サーバーにアップロード -- scp -i (秘密鍵) (転送ファイル名) ubuntu@(公開DN名)&color(red){:~}; ← 最後のコロン+にょろ が重要 munakata@muna-E450:~/mail_cert_wk$ scp -i magu-tokyo-messenger.pem mail_hmuna_com.zip ubuntu@ec2-13-114-88-171.ap-northeast-1.compute.amazonaws.com:~ mail_hmuna_com.zip 100% 8467 501.1KB/s 00:00 munakata@muna-E450:~/mail_cert_wk$ -- AWS 側にファイルが転送された [AWS] ubuntu:~$ ls -l total 40 -rw------- 1 root root 312 Sep 1 2017 dkim.txt -rw-rw-r-- 1 ubuntu ubuntu 17501 Aug 25 2017 maildb_backup_20170825.sql -rw-rw-r-- 1 ubuntu ubuntu 8467 Aug 31 10:24 mail_hmuna_com.zip drwxrwxr-x 2 ubuntu ubuntu 4096 Aug 31 10:26 work20190831 *** 発行された証明書が KEY、CSR と一致するかを確認 ・・・・・ &color(red){当たり前だが、ちゃんと一致}; [#gdf23787] - module = &color(red){00:b1:45:a5:4e:ea:8f:c1:....}; [AWS] ubuntu:~/work20190831$ openssl x509 -text < mail_hmuna_com.crt Certificate: Data: Version: 3 (0x2) Serial Number: 87:58:60:51:f4:68:a1:b1:e7:e7:8b:d4:08:1b:1a:a6 Signature Algorithm: sha256WithRSAEncryption Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA Validity Not Before: Aug 31 00:00:00 2019 GMT Not After : Aug 30 23:59:59 2021 GMT Subject: OU=Domain Control Validated, CN=mail.hmuna.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:b1:45:a5:4e:ea:8f:c1:f1:b4:53:36:50:0d:1d: 93:ec:f4:b8:55:5c:d1:0e:de:11:ab:88:53:ad:d6: 2c:28:81:b8:d2:dd:1c:ff:73:d6:93:7d:de:0c:54: c8:c4:a5:28:0a:83:e1:76:d2:3e:9a:59:1c:72:23: 32:51:10:db:e4:da:97:83:8b:95:d9:c7:7e:d1:f3: 44:fb:a8:d2:c2:7b:0a:b9:ce:4f:16:17:d9:d3:2e: a7:60:dc:d3:16:2c:8f:a7:55:12:4e:11:ad:9b:ee: ce:ca:30:db:5c:65:b6:e7:61:73:3b:db:16:f1:27: 17:ab:f8:ec:50:8c:0c:64:f1:a6:20:56:da:88:7d: 33:28:2e:1e:16:eb:44:c4:9f:eb:bd:64:ae:d3:e9: 9f:6d:7b:2f:37:b0:c1:69:22:f4:36:3c:6d:dd:e2: 35:00:d3:6f:a1:b8:8c:c4:d5:1f:c5:4c:d0:db:15: 0e:3f:8b:97:4d:0c:ea:35:9d:c1:90:49:b1:eb:f2: 16:9d:af:66:51:41:85:de:64:20:de:d0:37:dc:5d: a2:37:cb:14:67:61:6b:31:7c:01:01:8c:c4:b2:f1: a5:3f:43:c0:c4:d7:83:f9:0e:10:28:2b:e2:be:d2: 0e:89:74:7f:16:b6:12:6b:15:97:23:eb:ac:4f:8e: 32:b9 Exponent: 65537 (0x10001) *** 証明書の調整(名前の変更、ワークディレクトリーへのコピー) [#b09b155e] - zip ファイルを展開 [AWS] ubuntu:~/work20190831$ ls -l total 24 -rw-rw-rw- 1 ubuntu ubuntu 1521 May 30 2000 AddTrustExternalCARoot.crt -rw-rw-rw- 1 ubuntu ubuntu 2269 Aug 31 00:00 mail_hmuna_com.crt -rw-rw-rw- 1 ubuntu ubuntu 2167 Nov 2 2018 SectigoRSADomainValidationSecureServerCA.crt -rw-rw-rw- 1 ubuntu ubuntu 1956 May 30 2000 USERTrustRSAAddTrustCA.crt - 中間証明所をマージ [AWS] ubuntu:~/work20190831$ cat AddTrustExternalCARoot.crt SectigoRSADomainValidationSecureServerCA.crt USERTrustRSAAddTrustCA.crt > mail_hmuna_com.ca-bundle - ファイル名を変更しながら、証明書置き場に移動 [AWS] ubuntu:~/work20190831$ sudo cp mail_hmuna_com.crt /etc/ssl/official_m4_20190831/mail_hmuna_com.crt [AWS] ubuntu:~/work20190831$ sudo cp hmuna_190831.key /etc/ssl/official_m4_20190831/mail_hmuna.key [AWS] ubuntu:~/work20190831$ sudo cp mail_hmuna_com.ca-bundle /etc/ssl/official_m4_20190831/ [AWS] ubuntu:~/work20190831$ sudo cp hmuna_190831.csr /etc/ssl/official_m4_20190831/mail_hmuna_com.csr - 証明書置き場 (=/etc/ssl/official_m4_20190831) [AWS] ubuntu:~/work20190831$ ls -la /etc/ssl/official_m4_20190831/ total 28 drwxr-xr-x 2 root root 4096 Aug 31 10:41 . drwxr-xr-x 7 root root 4096 Aug 31 08:07 .. -rw-r--r-- 1 root root 5644 Aug 31 10:39 mail_hmuna_com.ca-bundle -rw-r--r-- 1 root root 2269 Aug 31 10:38 mail_hmuna_com.crt -rw-r--r-- 1 root root 1009 Aug 31 10:40 mail_hmuna_com.csr -rw-r--r-- 1 root root 1743 Aug 31 10:39 mail_hmuna.key *** 証明書の配置 (従来の dovecot.conf の設定を踏襲) [#n8bb085d] ssl_ca = </etc/apache2/ssl.crt/mail_hmuna_com.ca-bundle <---------------------------- ssl_cert = </etc/ssl/certs/mail_hmuna_com.crt <------------------------------------------ ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA ssl_dh_parameters_length = 2048 ssl_key = </etc/ssl/private/mail_hmuna.key <--------------------------------------------- ssl_prefer_server_ciphers = yes [AWS] ubuntu:~/work20190831$ sudo ls -al /etc/apache2/ssl.crt/ total 32 drwxr-xr-x 2 root root 4096 Aug 31 10:52 . drwxr-xr-x 9 root root 4096 Aug 31 06:24 .. -rw-r--r-- 1 root root 5644 Aug 31 10:52 mail_hmuna_com.ca-bundle -rw-r--r-- 1 root root 5644 Jul 27 08:55 mail_hmuna_com.ca-bundle_notworks -rw-r--r-- 1 ubuntu ubuntu 4103 Aug 26 2017 mail_hmuna_com.ca-bundle_till201908 [AWS] ubuntu:~/work20190831$ sudo ls -la /etc/ssl/certs/mail_hmuna_com.* -rw-r--r-- 1 root root 2269 Aug 31 10:54 /etc/ssl/certs/mail_hmuna_com.crt -rw-r--r-- 1 root root 2269 Jul 14 12:11 /etc/ssl/certs/mail_hmuna_com.crt_notworks -rw-r--r-- 1 ubuntu ubuntu 2327 Aug 26 2017 /etc/ssl/certs/mail_hmuna_com.crt_till201908 [AWS] ubuntu:~/work20190831$ sudo ls -la /etc/ssl/private/ total 24 drwx--x--- 2 root ssl-cert 4096 Aug 31 10:56 . drwxr-xr-x 7 root root 4096 Aug 31 08:07 .. -rw------- 1 root root 424 Aug 25 2017 dhparams.pem -rw------- 1 root root 1743 Aug 31 10:56 mail_hmuna.key -rw------- 1 root root 1704 Jul 27 08:53 mail_hmuna.key_notworks -rw------- 1 root root 1679 Aug 26 2017 mail_hmuna.key_till201908 *** メールサーバーの証明書を更新 [#d8bef6b9] *** postfix ではパスフレーズ付きの KEYファイル(秘密鍵)は扱えない。 パスフレーズを削除する [#ibf5ac81] [AWS] ubuntu:~/work20190831$ openssl rsa -in hmuna_190831.key -out hmuna_190831_wopass.key - オリジナルの KEY ファイル(上の2行に 3DES 暗号化されていると記載) [AWS] ubuntu:~/work20190831$ cat hmuna_190831.key -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,08A385EA24594D48 iZdNp77bkfmhg7yiuFHcWq5OGb0WfCSu1rKXtLfgC7PA0dnRSVGf8j8YPQk8Mst2 aarQkuXPE4IMJ8TI6deKGRAHyF9MI0Ig6UrLSretPSTuJTq+OMLyuVq9pSrpdRja zI6DcLAPNf7ivqbDhkJOdIGZ9yCZjouhAXP1D9T1XOZq0k/MaYlacvq07aorcSli V3km2N+r/cl94N4DMErl2dhM2a5O5j8/vGqgrXNOGt9yDgCvimoVKAKQSjRfeguQ bqW3qVAf5aL5zrPuy4JHpflV9lkUiLeqe36S0emz1tfY7TJscH2f/7vyM/Q4xTmV vfYVD2NaU2hjZS7r2q9QNN5iM0L+7J1gpmB5D48oB51rP4kjtYHvWhwCfZ/TLcO8 IMkzyButmcYUoZa4mAXXAaxxOij2k3vqxYkZGOj5SiA7Qw+88Gk5rFok/ctFnP5D 5oDNAWuOVxop5ZOL9a/8vQTrCmHoWj6bp1/3ySNVsjejAGacrAEBzqamFg0+7Krz cqW3oyhBlt5ACtAYBD5plin/3h/iAzfvd0zueyyM5uHCHMXSN0pgfNgWrjSKSDPL 8xruxGXYPyetvQ+yHror6p/xGWGqbunLjocjR0gAonWNggnRTf/ZYhTmv/+RCbdO 8OcHYBC3S1m3u/ifw/jYQZFPv14AHCJt6v+hdpEhABfQcNexJpYHqOtVP1avr3cn V7aorNLMto07beOxqLxiE6nSxC+5Ko/hHbRv2GfLZJI5vGa/N96KjI2QXRIrH6jw Yy57MwIc6AtabTV6ButO/hvorRIqyE8E0F4aFwkGpZKvrTKAzc6O0s47jLAWeYBt nXti9TY8vFPWeY8BbwD1cL64bdZCDAOud56+4EJgmrDkZM9lFuNdpS7wjLqgbVHR XnhKBt/1g0IHNteW1PBhmr+XhnikklG8fy8UJrz5H7vNeLIfFGOweHF7wVdzD2F9 KiH6nikETh2uKWnQxUNMl9z9t66IZWaS3KhWXHIBMQZZ7uJ6SYQXWi1MdKJNrF0+ 2hbM10yEFWA6NIOpSCyrWLL/LBY/DimMxI8abSKdvN6TBpA3Tc+Nq1VChAzazakp 58cGcnn+5yvZDq5hBrCi6QyN7of1n6joHfwJVwSPOVycFWk2TSX/OjwGLHRkEzPM 6Fo+26bjzN7K+VkP+OSe+QZHnE7rvEQUDC53nlWrO8+/zCWQa6dMLaDPbPcasCnM S2Gyu6bmfbLFogZZQEcsjaUuzO+JGf6wjiftvG0vOt9CnKDDHaXCrIhocLySFb4N HNYS9PnYLTYH5B8WX1wv5/golZr/cqAFBSWsDOoGUSIAMq5XBjPe85ZcdPQ0NJbt CEx8LIDJyY5BX87ibWGysKUnLfSLT1Ed0CDKCAKO+RDJ0KvDofWgnC5VAnrgLGKv WlCESq2WKMbd/c2TuIIfZvsA9DoNhNm/RXeYzWgazg6HxRRcoG17vJ5VAvPlfVD9 yuWXxf23ulrspbeliEzREbhnRNz7Hzyxxol/wWPAxcMrqNwFgjKjZnKc68QL+71f TYEWAaHbpLbkZwvjMBOI6+0zWYHuYbDms5r6k1PnIUN3r9HTKoRqaA== -----END RSA PRIVATE KEY----- - パスフレーズを取った新しい KEY ファイル [AWS] ubuntu:~/work20190831$ cat hmuna_190831_wopass.key -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAsUWlTuqPwfG0UzZQDR2T7PS4VVzRDt4Rq4hTrdYsKIG40t0c /3PWk33eDFTIxKUoCoPhdtI+mlkcciMyURDb5NqXg4uV2cd+0fNE+6jSwnsKuc5P FhfZ0y6nYNzTFiyPp1USThGtm+7OyjDbXGW252FzO9sW8ScXq/jsUIwMZPGmIFba iH0zKC4eFutExJ/rvWSu0+mfbXsvN7DBaSL0Njxt3eI1ANNvobiMxNUfxUzQ2xUO P4uXTQzqNZ3BkEmx6/IWna9mUUGF3mQg3tA33F2iN8sUZ2FrMXwBAYzEsvGlP0PA xNeD+Q4QKCvivtIOiXR/FrYSaxWXI+usT44yuQIDAQABAoIBAC/6InBGSVv7F4vB 0k6KZ8Okw9LOiQIWFgAvqD4PDep0mVnwX+2/Ix7N3O/HboLSFBEsejPXWPwbC/jU D8Ui4/B/PKxsdcT4GhmmVlAp88iQ1mlNLdhT4i8mnEQ536NLsiFeg9K/NBZUvoC4 UlYibSsYE8DqXb4sj1qKxyJRlPUoghVL9R2FRGUyKYUMf5vh6ZvPkWDsvMsBoQXe uXObDR5CVdCzm6qHmkDcJcYxryw7RBnCxGXRtR0BAFMPjOsZBU3y2DwycTunydly n8TtWNBtZiX7H8F7z5S58qi/0deOk9c+9JZE9o373te2iMfgPxmVNHm5e0zZOA4P s2DXXAUCgYEA33Q7/dDXHQdaq9ofw+wk9mIGtx8JA1080JJ6DoKLYNpPrK7V19pQ QqNStgwflUNTyn14x3Ig99aA8RiqtaQ3xoyL4TDVHIEP/xIq8m6XOtXGSsV4/gyC CKInpquGO9Vop4G7wgSSj7bce73iBhc4Wye1x04ePnj2Wa+fJ5c5OysCgYEAyxd1 MWsawB1ancsl/UhJOrKRwDf1CVrI1ytFoeiBItk5/C+P0LbeUu6D/qrcdjr8AfpE 8Ib7Plx+TNpivqNQR3Ee9te4VeC/eAd+SLLbzCxF33G5l0byXRT8oyfKFIslGAo/ AmKMGPLDHHtqSTbvZ6Orx+RViUsCDsYJf8pgh6sCgYEAlZCdXwRcF6gGfqSfQmpb SzbNu+BgDgpoXErOu8uRMyCs166mn7YWpqPfBs8SjLvl59EX+JdhjcHbyIR0LuRe GN2V+wLOgie450fnyyFOxCi2cvG+TH1exByVYa/JR19Oj1/8pp6c4ujIp2KvWNhN 9mWb/G1DPRmF+v3cD4ne2sUCgYBweI84TP5FgnwagtSJDi0vypCZCOQ0yAgN0TMA 1UgeynooRRa6GWvKNbj3ohvxhfzmA3mGUtp00LhJS2//72WYCveA8DpvpMWkbVHs ZNEAo0wW0F5dfrbeAa9fk7t/4Qcr5xC5+2Vms5qF/XsBDOFMXgHV84fDPrzm/Zlp IeSPfQKBgBdYSFSGqkL7Mi9LyUbTbu7UZShT0167nt6eqfCLqzpMzNFA4HEMnYa4 rjPRb0lip4uOOnCX+rO7bp21ORrwUzjaQ45ICk2nfTKj40jNLZBTGvW7jm/rLTkV U9RLB87zzrZcgdK4+bXySmJSkJxWdCPRdUqgTZcC53i5AnFftvPW -----END RSA PRIVATE KEY----- - パスフレーズを取った KEY ファイルの module 情報を確認 [AWS] ubuntu:~/work20190831$ sudo openssl rsa -in hmuna_190831_wopass.key -text Private-Key: (2048 bit) modulus: 00:b1:45:a5:4e:ea:8f:c1:f1:b4:53:36:50:0d:1d: 93:ec:f4:b8:55:5c:d1:0e:de:11:ab:88:53:ad:d6: 2c:28:81:b8:d2:dd:1c:ff:73:d6:93:7d:de:0c:54: c8:c4:a5:28:0a:83:e1:76:d2:3e:9a:59:1c:72:23: 32:51:10:db:e4:da:97:83:8b:95:d9:c7:7e:d1:f3: 44:fb:a8:d2:c2:7b:0a:b9:ce:4f:16:17:d9:d3:2e: a7:60:dc:d3:16:2c:8f:a7:55:12:4e:11:ad:9b:ee: ce:ca:30:db:5c:65:b6:e7:61:73:3b:db:16:f1:27: 17:ab:f8:ec:50:8c:0c:64:f1:a6:20:56:da:88:7d: 33:28:2e:1e:16:eb:44:c4:9f:eb:bd:64:ae:d3:e9: 9f:6d:7b:2f:37:b0:c1:69:22:f4:36:3c:6d:dd:e2: 35:00:d3:6f:a1:b8:8c:c4:d5:1f:c5:4c:d0:db:15: 0e:3f:8b:97:4d:0c:ea:35:9d:c1:90:49:b1:eb:f2: 16:9d:af:66:51:41:85:de:64:20:de:d0:37:dc:5d: a2:37:cb:14:67:61:6b:31:7c:01:01:8c:c4:b2:f1: a5:3f:43:c0:c4:d7:83:f9:0e:10:28:2b:e2:be:d2: 0e:89:74:7f:16:b6:12:6b:15:97:23:eb:ac:4f:8e: 32:b9 publicExponent: 65537 (0x10001) *** postfix / dovecot を再起動して正常に動作する事を確認できた。 [#m643af37] - 今回利用したファイル ------> &ref(SSL_20190831.tgz);
テキスト整形のルールを表示する
添付ファイル:
SSL_20190831.tgz
15件
[
詳細
]
magu-tokyo-messenger.pem
18件
[
詳細
]
mail_hmuna_com.zip
16件
[
詳細
]
【SSLストア】お申込み完了のご案内(cs1-0700584).eml
17件
[
詳細
]
hmuna_190831.csr
20件
[
詳細
]
hmuna_190831.key
16件
[
詳細
]
![[PukiWiki]](image/taikyoku.gif "[PukiWiki]")
SSL_20190831.tgz 15件
[詳細]
magu-tokyo-messenger.pem 18件
[詳細]
mail_hmuna_com.zip 16件
[詳細]
【SSLストア】お申込み完了のご案内(cs1-0700584).eml 17件
[詳細]
hmuna_190831.csr 20件
[詳細]
hmuna_190831.key 16件
[詳細]
