OpenSSL<\/a>\u306f\u30aa\u30fc\u30d7\u30f3\u30bd\u30fc\u30b9\u30d9\u30fc\u30b9\u306ePKI\u8a8d\u8a3c\u30b7\u30b9\u30c6\u30e0\u3068\u3057\u3066\u6700\u3082\u5e83\u304f\u4f7f\u308f\u308c\u3066\u304a\u308a\u3001Mac OS X \u3067\u3082\u3053\u306eOpenSSL\u304c\u4f7f\u308f\u308c\u3066\u3044\u307e\u3059\uff0ePKI\u306e\u4ed5\u7d44\u307f\u3092\u7406\u89e3\u3059\u308b\u306e\u306f\u7d50\u69cb\u5927\u5909\u306a\u306e\u3067\u3059\u304c\u3001PKI\u306e\u4ed5\u7d44\u307f\u306b\u3064\u3044\u3066\u306f\u66f8\u7c4d\u306a\u3069\u3092\u53c2\u8003\u306b\u3057\u3066\u8cb0\u3046\u3068\u3057\u3066\u3001\u3053\u3053\u3067\u306f\u7c21\u5358\u306bPKI\u306e\u4ed5\u7d44\u307f\u3092\u8aac\u660e\u3057\u3066\u304a\u304d\u307e\u3059\uff0e<\/p>\r\n
\r\n PKI\u3068\u8a3c\u660e\u66f8 <\/h5>\n
PKI(Public Key Infrastructure\uff09\u3067\u306f\u3001\u516c\u958b\u9375\u3068\u79d8\u5bc6\u9375\u3068\u3044\u3046\u4e00\u5bfe\u306e\u6697\u53f7\u9375\u3092\u5229\u7528\u3057\u3066\u3044\u307e\u3059\uff0e\u3053\u308c\u3089\u306e\uff12\u3064\u306e\u9375\u306e\u3046\u3061\u306e\u3069\u3061\u3089\u304b\u4e00\u65b9\u3067\u6697\u53f7\u5316\u3055\u308c\u305f\u6587\u66f8\u306f\u3001\u3082\u3046\u4e00\u65b9\u306e\u9375\u3067\u3057\u304b\u5fa9\u53f7\u5316\u3067\u304d\u306a\u3044\u3068\u3044\u3046\u6027\u8cea\u304c\u3042\u308a\u307e\u3059\uff0e\u30c7\u30fc\u30bf\u306e\u6240\u6709\u8005\u304c\u7247\u65b9\u306e\u9375\uff08\u79d8\u5bc6\u9375\uff09\u3067\u6697\u53f7\u5316\u3057\u3001\u3082\u3046\u4e00\u65b9\u306e\u9375\uff08\u516c\u958b\u9375\uff09\u3092\u516c\u958b\u3057\u307e\u3059\uff0e<\/p>\r\n
\u79d8\u5bc6\u9375\u3067\u6697\u53f7\u5316\u3055\u308c\u305f\u30c7\u30fc\u30bf\u306f\u3001\u5bfe\u306b\u306a\u3063\u3066\u3044\u308b\u516c\u958b\u9375\u3067\u3057\u304b\u5fa9\u53f7\u5316\u3067\u304d\u306a\u3044\u306e\u3067\u3001\u305d\u306e\u30c7\u30fc\u30bf\u306e\u51fa\u6240\u3092\u8a3c\u660e\u3059\u308b\u3053\u3068\u306b\u306a\u308a\u307e\u3059\uff0e\u901a\u5e38\u3001\u8a3c\u660e\u66f8\u306b\u306f\u30e6\u30fc\u30b6\u306e\u60c5\u5831\uff08\u516c\u958b\u9375\u306e\u60c5\u5831\u3084\u6709\u52b9\u671f\u9650\u306a\u3069\uff09\u3092\u8a8d\u8a3c\u5c40(CA : Certificate Authority\uff09\u306e\u79d8\u5bc6\u9375\u3067\u6697\u53f7\u5316\u3057\u305f\u60c5\u5831\u304c\u66f8\u304d\u8fbc\u307e\u308c\u3066\u3044\u307e\u3059\uff0e\u901a\u5e38\u3001\u8a8d\u8a3c\u5c40\u306e\u516c\u958b\u9375\u306f\u30eb\u30fc\u30c8CA\u3068\u3057\u3066Mac OS X \u3084Windows\u306e\u4e2d\u306b\u7d44\u307f\u8fbc\u307e\u308c\u3066\u3044\u307e\u3059\u306e\u3067\u3001\u3053\u306e\u30eb\u30fc\u30c8CA\u306e\u516c\u958b\u9375\u3067\u5fa9\u53f7\u5316\u3059\u308b\u3053\u3068\u306b\u3088\u3063\u3066\u3001\u3053\u306e\u8a3c\u660e\u66f8\u304c\u8a8d\u8a3c\u5c40\u306b\u3088\u3063\u3066\u7f72\u540d\u30fb\u767a\u884c\u3055\u308c\u305f\u3082\u306e\u3067\u3042\u308b\u3053\u3068\u304c\u8a3c\u660e\u3055\u308c\u307e\u3059\uff0e<\/p>\r\n\r\n
\u30b0\u30ed\u30fc\u30d0\u30eb\u8a3c\u660e\u66f8\u3068\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u8a3c\u660e\u66f8 <\/h5>\n
\u5916\u90e8\u516c\u958bWEB\u30b5\u30fc\u30d0\u306a\u3069\u3092\u904b\u7528\u3059\u308b\u5834\u5408\u306f\u3001\u30b0\u30ed\u30fc\u30d0\u30eb\u8a3c\u660e\u66f8\u3068\u547c\u3070\u308c\u308bVerisign\u3084RSA\u306a\u3069\u306e\u304d\u3061\u3093\u3068\u30aa\u30fc\u30bd\u30e9\u30a4\u30ba\u3055\u308c\u305f\u8a8d\u8a3c\u6a5f\u95a2\u306b\u3088\u308a\u7f72\u540d\u3055\u308c\u305f\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u3092\u624b\u914d\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u304c\u3001\u3053\u308c\u3089\u306e\u30b5\u30fc\u30d3\u30b9\u306f\u6709\u6599\u3067\u9ad8\u4fa1\u306a\u3046\u3048\u3001\u8a3c\u660e\u66f8\u53d6\u5f97\u306e\u305f\u3081\u306e\u624b\u7d9a\u304d\u3082\u9762\u5012\u3067\u5384\u4ecb\u3067\u3059\uff0e\u7121\u7ddaLAN\u7b49\u306e\u8a8d\u8a3c\u7528\u9014\u306b\u4f7f\u3046\u306e\u3067\u3042\u308c\u3070\u3001\u3053\u308c\u3089\u306e\u30aa\u30fc\u30bd\u30e9\u30a4\u30ba\u3055\u308c\u305f\u8a3c\u660e\u66f8\u3067\u306a\u304f\u3066\u3082\u3001\u81ea\u5206\u3067\u52dd\u624b\u306b\u8a8d\u8a3c\u5c40\u3092\u8d77\u3061\u4e0a\u3052\u3066\u3001\u8a3c\u660e\u66f8\u306b\u7f72\u540d\u3059\u308b\u3060\u3051\u3067\u7c21\u5358\u306bPKI\u8a8d\u8a3c\u30b7\u30b9\u30c6\u30e0\u306e\u904b\u7528\u304c\u53ef\u80fd\u3067\u3059\uff0e\u3053\u306e\u3088\u3046\u306b\u7d44\u7e54\u306e\u5185\u90e8\u3060\u3051\u3067\u904b\u7528\u3059\u308b\u3088\u3046\u306a\u8a3c\u660e\u66f8\u3092\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u8a3c\u660e\u66f8\u3068\u547c\u3093\u3067\u3044\u307e\u3059\uff0e<\/p>\n
OpenSSL\u306b\u3088\u308bPKI\u30b7\u30b9\u30c6\u30e0\u306e\u69cb\u7bc9 <\/h5>\r\n\r\n
Mac OS X \u306e\u5834\u5408\u3001OpenSSL\u95a2\u4fc2\u306e\u30d5\u30a1\u30a4\u30eb\u306f “\/System\/Library\/OpenSSL” \u914d\u4e0b\u306b\u7f6e\u304b\u308c\u3066\u3044\u307e\u3059\uff0eMac OS X Server\u3067\u306f \u30b5\u30fc\u30d0\u95a2\u4fc2\u306e\u8a3c\u660e\u66f8\u306f “\/etc\/certificates” \u914d\u4e0b\u306b\u7f6e\u304b\u308c\u3066\u3044\u307e\u3059\uff0e<\/p>\n
\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u8a8d\u8a3c\u5c40\uff08CA\uff09\u306e\u4f5c\u6210<\/h5>\n
\u8a8d\u8a3c\u5c40\u3092\u4f5c\u6210\u3059\u308b\u3068\u3044\u3046\u3068\u4f55\u304b\u7279\u5225\u306a\u30b5\u30fc\u30d3\u30b9\u3092\u63d0\u4f9b\u3059\u308b\u3068\u3044\u3046\u30a4\u30e1\u30fc\u30b8\u304c\u3042\u308a\u307e\u3059\u304c\u3001\u5358\u306bCA\u8a3c\u660e\u66f8\u3092\u4f5c\u6210\u3059\u308b\u3060\u3051\u3067\u3059\uff0e”\/System\/Library\/OpenSSL\/misc”\u3068\u3044\u3046\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306b “CA.pl”\u3068”CA.sh”\u3068\u3044\u3046\uff12\u3064\u306e\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u304c\u3042\u308a\u307e\u3059\uff0e\u3053\u308c\u3089\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u306f\u8a8d\u8a3c\u5c40\u3092\u4f5c\u6210\u3057\u305f\u308a\u8a3c\u660e\u66f8\u3092\u4f5c\u6210\u3059\u308b\u305f\u3081\u306b\u7528\u610f\u3055\u308c\u3066\u3044\u307e\u3059\uff0ePerl\u30b9\u30af\u30ea\u30d7\u30c8\u3068shell\u30b9\u30af\u30ea\u30d7\u30c8\u306e\u3069\u3061\u3089\u3092\u7528\u3044\u3066\u3082\u51e6\u7406\u5185\u5bb9\u306f\u540c\u3058\u3067\u3059\uff0e<\/p>\n
\nsh-3.2# cd \/System\/Library\/OpenSSL\/misc\nsh-3.2# ls -la\ntotal 56\ndrwxr-xr-x 11 root wheel 374 Nov 30 23:51 .\ndrwxr-xr-x 6 root wheel 204 Nov 30 23:35 ..\n-rwxr-xr-x 1 root wheel 5502 Sep 24 08:23 CA.pl\n-rwxr-xr-x 1 root wheel 3583 Sep 24 08:23 CA.sh\n-rwxr-xr-x 1 root wheel 119 Sep 24 08:23 c_hash\n-rwxr-xr-x 1 root wheel 152 Sep 24 08:23 c_info\n-rwxr-xr-x 1 root wheel 112 Sep 24 08:23 c_issuer\n-rwxr-xr-x 1 root wheel 110 Sep 24 08:23 c_name\ndrwxr-xr-x 13 root wheel 442 Nov 30 23:48 demoCA\n<\/code><\/pre>\n\u3053\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u3067\u306f\u3001\u3053\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u304c\u7f6e\u304b\u308c\u3066\u3044\u308b\u540c\u3058\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306b”demoCA”\u3068\u3044\u3046\u540d\u524d\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u7f6e\u304d\u3001\u305d\u3053\u306b\u5404\u7a2e\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3059\u308b\u3088\u3046\u306b\u306a\u3063\u3066\u3044\u307e\u3059\uff0e\u3053\u306e\u307e\u307e\u3067\u3082\u826f\u3044\u306e\u3067\u3059\u304c\u3001\u4eca\u56de\u306f\u5c02\u7528\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u7528\u610f\u3057\u3001\u305d\u3053\u306b\u5404\u7a2e\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3059\u308b\u3088\u3046\u306b\u3057\u307e\u3059\uff0e\u3068\u308a\u3042\u3048\u305a\u3001myCA\u3068\u3067\u3082\u3057\u3066\u304a\u304d\u307e\u3059\uff0e<\/p>\r\n\r\n
\r\n\r\nCATOP=.\/demoCA \u2190 CATOP=.\/myCA\nCAKEY=.\/cakey.pem\nCACERT=.\/cacert.pem\r\n\r\n<\/code><\/pre>\r\n\r\n\u4e0a\u8a18\u306e\u4f8b\u306f \u30b7\u30a7\u30eb\u30b9\u30af\u30ea\u30d7\u30c8”CA.sh”\u306e\u5834\u5408\u3067\u3001Perl\u30b9\u30af\u30ea\u30d7\u30c8 “CA.pl”\u306e\u5834\u5408\u306f $CATOP\u306e\u3088\u3046\u306b\u5148\u982d\u306b$\u304c\u4ed8\u304d\u307e\u3059\uff0e\u540c\u69d8\u306b\u3001openssl\u30b3\u30de\u30f3\u30c9\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb “\/System\/Library\/OpenSSL\/openssl.cnf” \u306e\u5185\u5bb9\u3082\u66f8\u304d\u63db\u3048\u307e\u3059\uff0e\u5148\u982d\u304b\u308937\u884c\u76ee\u8fba\u308a\u306b\u3042\u308b “[ CA_default ]” \u30bb\u30af\u30b7\u30e7\u30f3\u306e “dir “\u3068\u3044\u3046\u9805\u76ee\u3092\u4fee\u6b63\u3057\u307e\u3059\uff0e<\/p>\n
\n[ CA_default ]\r\n\r\ndir = .\/myCA # Where everything is kept \u3000\u2190\u3000\u66f8\u304d\u63db\u3048\ncerts = $dir\/certs # Where the issued certs are kept\ncrl_dir = $dir\/crl # Where the issued crl are kept\ndatabase = $dir\/index.txt # database index file.\n<\/code><\/pre>\r\n\r\n\u8a8d\u8a3c\u5c40(CA)\u3092\u4f5c\u308b\u306b\u306f\u3001\u201dopenssl.cnf” \u306e “[ usr_cert ]” \u30bb\u30af\u30b7\u30e7\u30f3\u306b\u3042\u308b\u3001 “nsCertType=”\u306e\u9805\u76ee\u3092\u5168\u3066\u30b3\u30e1\u30f3\u30c8\u30a2\u30a6\u30c8\uff08\u5148\u982d\u306b#\u3092\u4ed8\u3051\u308b\uff09\u3057\u3066\u304a\u304d\u307e\u3059\uff0e”[ v3_ca ]” \u30bb\u30af\u30b7\u30e7\u30f3\u306b\r\n
\r\n
nsCertType = sslCA,emailCA\n \u3068\u3044\u3046\u30e9\u30a4\u30f3\u3092\u8ffd\u52a0\u3057\u307e\u3059\uff0e\u3053\u308c\u3067\u8a8d\u8a3c\u5c40(CA) \u3092\u4f5c\u6210\u3059\u308b\u6e96\u5099\u304c\u6574\u3044\u307e\u3057\u305f\uff0e<\/p>\n
\n[ v3_ca ]\r\n\r\nnsCertType = sslCA, emailCA \u3000\u3000\u2190 \u8ffd\u52a0\u3059\u308b\r\n\r\n<\/code><\/pre>\n“\/System\/Library\/OpenSSL\/misc” \u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306b\u79fb\u52d5\u3057\u3001”-newca” \u3068\u3044\u3046\u5f15\u6570\u3092\u4ed8\u3051\u3066\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u5b9f\u884c\u3057\u307e\u3059\uff0e<\/p>\n
\nsh-3.2# .\/CA.pl -newca\nCA certificate filename (or enter to create) \u2190 \u4f55\u3082\u5165\u529b\u305b\u305a\u306b\"return\"\u30ad\u30fc\u3092\u62bc\u3059\r\n\r\nMaking CA certificate ...\nGenerating a 1024 bit RSA private key\n.........................................++++++\n........................................++++++\nwriting new private key to '.\/myCA\/private\/cakey.pem'\nEnter PEM pass phrase: \u2190 CA\u7528\u306e\u79d8\u5bc6\u9375\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba\u3092\u5165\u529b\nVerifying - Enter PEM pass phrase: \u2190 \u518d\u78ba\u8a8d\u306e\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba\n-----\nYou are about to be asked to enter information that will be incorporated\ninto your certificate request.\nWhat you are about to enter is what is called a Distinguished Name or a DN.\nThere are quite a few fields but you can leave some blank\nFor some fields there will be a default value,\nIf you enter '.', the field will be left blank.\n-----\nCountry Name (2 letter code) [AU]:JP\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u2190 \u56fd\u540d JP\nState or Province Name (full name) [Some-State]:Kanagawa \u2190 \u5dde\u3001\u770c\u540d\u306a\u3069\nLocality Name (eg, city) []:Sagamihara \u2190 \u90fd\u5e02\u540d\u306a\u3069\nOrganization Name (eg, company) [Internet Widgits Pty Ltd]:y2itec \u2190 \u7d44\u7e54\u540d\nOrganizational Unit Name (eg, section) []:Lab. \u2190 \u90e8\u7f72\u540d\nCommon Name (eg, YOUR name) []:y2itec \u2190 \u8a8d\u8a3c\u5c40\u306e\u540d\u524d\nEmail Address []:admin@y2tech.net \u2190 \u8a8d\u8a3c\u5c40\u306e\u7ba1\u7406\u8005\u306e\u30e1\u30fc\u30eb\nsh-3.2#\r\n\r\nsh-3.2# ls -la myCA\ntotal 16\ndrwxr-xr-x 9 root wheel 306 Dec 8 22:45 .\ndrwxr-xr-x 9 root wheel 306 Dec 8 22:41 ..\n-rw-r--r-- 1 root wheel 1298 Dec 8 22:45 cacert.pem \u2190 CA\u8a3c\u660e\u66f8\ndrwxr-xr-x 2 root wheel 68 Dec 8 22:41 certs\ndrwxr-xr-x 2 root wheel 68 Dec 8 22:41 crl\n-rw-r--r-- 1 root wheel 0 Dec 8 22:41 index.txt\ndrwxr-xr-x 2 root wheel 68 Dec 8 22:41 newcerts \u2190 \u3053\u306e\u4e2d\u306bCA\u306e\u79d8\u5bc6\u9375 \"cakey.pem\" \u304c\u7f6e\u304b\u308c\u3066\u3044\u308b\ndrwxr-xr-x 3 root wheel 102 Dec 8 22:41 private\n-rw-r--r-- 1 root wheel 17 Dec 8 22:45 serial\nsh-3.2#\n<\/code><\/pre>\r\n\r\n \u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u306e\u767a\u884c<\/h5>\n
\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u3092\u767a\u884c\u3059\u308b\u306b\u306f\u3001\u307e\u305a\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u7533\u8acb\u7528\u306e\u30d5\u30a1\u30a4\u30eb(CSR)\u3092\u4f5c\u6210\u3057\u307e\u3059\uff0e\u6b21\u306b\u3001\u3053\u306e\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u7533\u8acb\u30d5\u30a1\u30a4\u30eb\u306b\u3001\u5148\u307b\u3069\u4f5c\u6210\u3057\u305f\u8a8d\u8a3c\u5c40(CA)\u306e\u79d8\u5bc6\u9375\u3092\u7528\u3044\u3066\u7f72\u540d\u3057\u307e\u3059\uff0e\u3053\u306e\u7f72\u540d\u3055\u308c\u305f\u8a3c\u660e\u66f8\u304c\u30b5\u30fc\u30d0\u306e\u8a3c\u660e\u66f8\u3068\u306a\u308a\u307e\u3059\uff0e\u30b7\u30a7\u30eb\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u5b9f\u884c\u3059\u308b\u524d\u306b\u3001”openssl.cnf” \u306e “[ user_cert ]” \u30bb\u30af\u30b7\u30e7\u30f3\u306b\u3042\u308b “nsCertType = server” \u306e\u30b3\u30e1\u30f3\u30c8\u3092\u89e3\u9664\u3057\u3066\u3001\u4ed6\u306e “nsCertType”\u3092\u5168\u3066\u30b3\u30e1\u30f3\u30c8\u306b\u3057\u307e\u3059\uff0e<\/p>\n
\nsh-3.2# .\/CA.pl -newreq \u2190 \u8a3c\u660e\u66f8\u767a\u884c\u8981\u6c42\nGenerating a 1024 bit RSA private key\n...................................++++++\n.............................++++++\nwriting new private key to 'newkey.pem'\nEnter PEM pass phrase: \u2190 \u30b5\u30fc\u30d0\u306e\u79d8\u5bc6\u9375\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba\nVerifying - Enter PEM pass phrase:\n-----\nYou are about to be asked to enter information that will be incorporated\ninto your certificate request.\nWhat you are about to enter is what is called a Distinguished Name or a DN.\nThere are quite a few fields but you can leave some blank\nFor some fields there will be a default value,\nIf you enter '.', the field will be left blank.\n-----\nCountry Name (2 letter code) [AU]:JP\nState or Province Name (full name) [Some-State]:Kanagawa\nLocality Name (eg, city) []:Sagamihara\nOrganization Name (eg, company) [Internet Widgits Pty Ltd]:y2itec\nOrganizational Unit Name (eg, section) []:Home\nCommon Name (eg, YOUR name) []:server2.home.yoko \u2190 \u30b5\u30fc\u30d0\u306eFQDN\nEmail Address []:admin@y2tech.net\r\n\r\nPlease enter the following 'extra' attributes\nto be sent with your certificate request\nA challenge password []: \u2190 \u4f55\u3082\u5165\u529b\u305b\u305a\u306b\"return\"\u30ad\u30fc\nAn optional company name []: \u2190 \u540c\u4e0a\nRequest is in newreq.pem, private key is in newkey.pem\r\n\r\n<\/code><\/pre>\n“newreq.pem” \u3068\u3044\u3046\u7f72\u540d\u8981\u6c42\u30d5\u30a1\u30a4\u30eb(CSR)\u3068 “newkey.pem” \u3068\u3044\u3046\u30b5\u30fc\u30d0\u79d8\u5bc6\u9375\u30d5\u30a1\u30a4\u30eb\u304c\u4f5c\u6210\u3055\u308c\u307e\u3059\uff0e\u5f15\u304d\u7d9a\u304d\u8a8d\u8a3c\u5c40(CA)\u306b\u3088\u308b\u7f72\u540d\u624b\u7d9a\u304d\u3092\u884c\u3044\u307e\u3059\uff0e<\/p>\n
\nsh-3.2# .\/CA.pl -sign \u2190 \u7f72\u540d\u624b\u7d9a\u304d\u3092\u5b9f\u884c\nUsing configuration from \/System\/Library\/OpenSSL\/openssl.cnf\nEnter pass phrase for .\/myCA\/private\/cakey.pem: \u2190 \u8a8d\u8a3c\u5c40\u306e\u79d8\u5bc6\u9375\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba\u3092\u5165\u529b\nCheck that the request matches the signature\nSignature ok\nCertificate Details:\n Serial Number:\n 93:3f:af:8b:b1:51:e6:55\n Validity\n Not Before: Dec 8 14:39:13 2007 GMT\n Not After : Dec 7 14:39:13 2008 GMT\n Subject:\n countryName = JP\n stateOrProvinceName = Kanagawa\n localityName = Sagamihara\n organizationName = 2itec\n organizationalUnitName = Home\n commonName = server2.home.yoko\n emailAddress = admin@y2tech.net\n X509v3 extensions:\n X509v3 Basic Constraints:\n CA:FALSE\n Netscape Cert Type:\n SSL Server\n Netscape Comment:\n OpenSSL Generated Certificate\n X509v3 Subject Key Identifier:\n DD:15:CB:CC:D3:31:65:16:E9:10:89:A2:E7:D9:B5:E0:D0:A3:F3:5E\n X509v3 Authority Key Identifier:\n keyid:C5:AF:D1:2F:89:13:20:3D:82:D6:7F:83:EA:74:F3:B0:CF:23:B3:46\n DirName:\/C=JP\/ST=Kanagawa\/L=Sagamihara\/O=y2itec\/OU=Lab.\/CN=y2itec\/emailAddress=admin@y2tech.net\n serial:93:3F:AF:8B:B1:51:E6:54\r\n\r\nCertificate is to be certified until Dec 7 14:39:13 2008 GMT (365 days)\nSign the certificate? [y\/n]:y \u2190 \u7f72\u540d\u3059\u308b(Yes)\r\n\r\n\n1 out of 1 certificate requests certified, commit? [y\/n]y \u2190 \u4e0a\u8a18\u5185\u5bb9\u3092\u78ba\u8a8d\u3057\u5b9f\u884c(yes)\nWrite out database with 1 new entries\nData Base Updated\nSigned certificate is in newcert.pem\r\n\r\n<\/code><\/pre>\n\u554f\u984c\u304c\u7121\u3051\u308c\u3070 “newcert.pem” \u3068\u3044\u3046CA\u306b\u3088\u308a\u7f72\u540d\u3055\u308c\u305f\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u304c\u4f5c\u6210\u3055\u308c\u307e\u3059\uff0e\u5148\u307b\u3069\u306e”newreq.pem”, “newkey.pem” \u3068\u3068\u3082\u306b\u3001\u30b5\u30fc\u30d0\u306e\u8a3c\u660e\u66f8\u3067\u3042\u308b\u3053\u3068\u304c\u5224\u308b\u3088\u3046\u306b\u540d\u524d\u3092\u4ed8\u3051\u305f\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u4f5c\u6210\u3057\u3066\u3001\u305d\u306e\u4e2d\u306b\u3053\u308c\u3089\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u79fb\u3057\u3066\u304a\u3044\u3066\u4e0b\u3055\u3044\uff0e\u3053\u306e\u5f8c\u306e\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u306e\u4f5c\u6210\u3067\u3082\u540c\u3058\u30d5\u30a1\u30a4\u30eb\u540d\u304c\u4f7f\u308f\u308c\u308b\u306e\u3067\u3001\u4f5c\u6210\u3057\u305f\u30d5\u30a1\u30a4\u30eb\u3092\u5225\u306a\u5834\u6240\u306b\u5f85\u907f\u3055\u305b\u3066\u304a\u304f\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\uff0e\u5c1a\u3001\u30b5\u30fc\u30d0\u306e\u79d8\u5bc6\u9375\u306f\u4ed6\u4eba\u304c\u30a2\u30af\u30bb\u30b9\u3067\u304d\u306a\u3044\u3088\u3046\u306b\u53b3\u91cd\u306b\u4fdd\u7ba1\u3057\u3066\u304a\u3044\u3066\u4e0b\u3055\u3044\uff0e<\/p>\r\n
\r\n
\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u306e\u767a\u884c<\/h5>\n
\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u306e\u767a\u884c\u624b\u7d9a\u304d\u3082\u30b5\u30fc\u30d0\u306e\u5834\u5408\u3068\u540c\u3058\u3088\u3046\u306a\u624b\u7d9a\u304d\u3092\u8e0f\u307f\u307e\u3059\uff0e”openssl.cnf”\u30d5\u30a1\u30a4\u30eb\u306e “[ user_cert ]” \u30bb\u30af\u30b7\u30e7\u30f3\u306b\u3042\u308b “nsCertType = ” \u3092 “nsCertType = client, email” \u3068\u3057\u3066\u4e0b\u3055\u3044\uff0e\u5f8c\u306e\u624b\u7d9a\u304d\u306f\u5148\u307b\u3069\u306e\u30b5\u30fc\u30d0\u306e\u5834\u5408\u3068\u540c\u3058\u3067\u3059\uff0e<\/p>\n
\nsh-3.2# .\/CA.pl -newreq\nGenerating a 1024 bit RSA private key\n.....++++++\n.....++++++\nwriting new private key to 'newkey.pem'\nEnter PEM pass phrase: \u2190 \u30e6\u30fc\u30b6\u306e\u79d8\u5bc6\u9375\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba\nVerifying - Enter PEM pass phrase:\n-----\nYou are about to be asked to enter information that will be incorporated\ninto your certificate request.\nWhat you are about to enter is what is called a Distinguished Name or a DN.\nThere are quite a few fields but you can leave some blank\nFor some fields there will be a default value,\nIf you enter '.', the field will be left blank.\n-----\nCountry Name (2 letter code) [AU]:JP\nState or Province Name (full name) [Some-State]:Kanagawa\nLocality Name (eg, city) []:Sagamihara\nOrganization Name (eg, company) [Internet Widgits Pty Ltd]:y2itec\nOrganizational Unit Name (eg, section) []:Home\nCommon Name (eg, YOUR name) []:jukebox \u2190 \u3053\u3053\u3067\u306f\u30e6\u30fc\u30b6\u306e\u540d\u524d\uff08\u30a2\u30ab\u30a6\u30f3\u30c8\u540d\uff09\u3092\u7528\u3044\u305f\nEmail Address []:jukebox@y2tech.net \u2190 \u30e6\u30fc\u30b6\u306e\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\r\n\r\nPlease enter the following 'extra' attributes\nto be sent with your certificate request\nA challenge password []:\nAn optional company name []:\nRequest is in newreq.pem, private key is in newkey.pem\r\n\r\nsh-3.2# .\/CA.pl -sign \u2190 \u7f72\u540d\u624b\u7d9a\u304d\u3092\u5b9f\u884c\nUsing configuration from \/System\/Library\/OpenSSL\/openssl.cnf\nEnter pass phrase for .\/myCA\/private\/cakey.pem:\nDEBUG[load_index]: unique_subject = \"yes\"\nCheck that the request matches the signature\nSignature ok\nCertificate Details:\n Serial Number:\n 93:3f:af:8b:b1:51:e6:56\n Validity\n Not Before: Dec 8 14:50:47 2007 GMT\n Not After : Dec 7 14:50:47 2008 GMT\n Subject:\n countryName = JP\n stateOrProvinceName = Kanagawa\n localityName = Sagamihara\n organizationName = y2itec\n organizationalUnitName = Home\n commonName = jukebox\n emailAddress = jukebox@y2tech.net\n X509v3 extensions:\n X509v3 Basic Constraints:\n CA:FALSE\n Netscape Cert Type:\n SSL Client, S\/MIME\n Netscape Comment:\n OpenSSL Generated Certificate\n X509v3 Subject Key Identifier:\n 91:A4:D7:45:2B:41:FB:82:D6:54:93:EC:F8:2F:83:ED:AF:C1:E8:3E\n X509v3 Authority Key Identifier:\n keyid:C5:AF:D1:2F:89:13:20:3D:82:D6:7F:83:EA:74:F3:B0:CF:23:B3:46\n DirName:\/C=JP\/ST=Kanagawa\/L=Sagamihara\/O=y2itec\/OU=Lab.\/CN=y2itec\/emailAddress=admin@y2tech.net\n serial:93:3F:AF:8B:B1:51:E6:54\r\n\r\nCertificate is to be certified until Dec 7 14:50:47 2008 GMT (365 days)\nSign the certificate? [y\/n]:y\r\n\r\n\n1 out of 1 certificate requests certified, commit? [y\/n]y\nWrite out database with 1 new entries\nData Base Updated\nSigned certificate is in newcert.pem\r\n\r\n<\/code><\/pre>\n\u30b5\u30fc\u30d0\u306e\u5834\u5408\u3068\u540c\u3058\u3088\u3046\u306b\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306eCA\u7f72\u540d\u6e08\u307f\u8a3c\u660e\u66f8\u3001\u7f72\u540d\u8981\u6c42(CSR)\u3001\u79d8\u5bc6\u9375\u304c\u4f5c\u6210\u3055\u308c\u307e\u3059\uff0e\u5148\u7a0b\u3068\u540c\u3058\u3088\u3046\u306b\u5225\u306a\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u7528\u610f\u3057\u3066\u3001\u305d\u3053\u306b\u4f5c\u6210\u3055\u308c\u305f\u8a3c\u660e\u66f8\u985e\u3092\u79fb\u3057\u3066\u304a\u304d\u307e\u3059\uff0e<\/p>\r\n
\u4ee5\u4e0a\u3067\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u306e\u767a\u884c\u624b\u7d9a\u304d\u306f\u7d42\u308f\u308a\u307e\u3057\u305f\u304c\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306b\u7f72\u540d\u6e08\u307f\u8a3c\u660e\u66f8\u3068\u79d8\u5bc6\u9375\u3001CA\u8a3c\u660e\u66f8\u3092\u914d\u5e03\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\uff0e\u3053\u308c\u3089\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u5225\u3005\u306b\u7ba1\u7406\u3059\u308b\u306e\u306f\u5384\u4ecb\u3067\u3059\u306e\u3067\u3001PKCS#12\u5f62\u5f0f\u3068\u3044\u3046\u9375\u3068\u8a3c\u660e\u66f8\u3092\u4e00\u3064\u306b\u307e\u3068\u3081\u3066\u53d6\u308a\u6271\u3046\u3053\u3068\u306e\u3067\u304d\u308b\u30d5\u30a1\u30a4\u30eb\u5f62\u5f0f\u306b\u5909\u63db\u3057\u3066\u304a\u304d\u307e\u3059\uff0e<\/p>\r\n
\u30e6\u30fc\u30b6\u8a3c\u660e\u66f8\u304c\u7f6e\u304b\u308c\u3066\u3044\u308b\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3067\u3001\u6b21\u306eopenssl\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u307e\u3059\uff0e\u3053\u3053\u3067\u306fCA\u8a3c\u660e\u66f8\u3082\u4e00\u7dd2\u306b\u542b\u3081\u3066\u3042\u308a\u307e\u3059\uff0e\u30e6\u30fc\u30b6\u306f\u3053\u306ePKCS#12\u5f62\u5f0f\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30de\u30b7\u30f3\u306b\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u307e\u3059\uff0eMac OS X \u306e\u5834\u5408”keychain” \u304c\u3053\u308c\u3089\u306e\u8a3c\u660e\u66f8\u3092\u7d71\u5408\u7684\u306b\u7ba1\u7406\u3057\u3066\u3044\u307e\u3059\uff0e<\/p>\n
\nsh-3.2# openssl pkcs12 -export -inkey newkey.pem -in newcert.pem -certfile ..\/myCA\/cacert.crt\r\n
\r\n\u3000\u3000 -name \"jukebox\" -out newcert.pkcs12 \uff08\u4e0a\u306e\u884c\u306e\u7d9a\u304d\uff1a\u5b9f\u969b\u306f\uff11\u884c\uff09\nEnter pass phrase for newkey.pem: \u2190 \u30e6\u30fc\u30b6\u306e\u79d8\u5bc6\u9375\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba\nEnter Export Password: \u2190 \u3053\u306ePKCS#12\u5f62\u5f0f\u30d5\u30a1\u30a4\u30eb\u3092\u958b\u304f\u305f\u3081\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\nVerifying - Enter Export Password:\nsh-3.2# ls -la\ntotal 32\ndrwxr-xr-x 6 root wheel 204 Dec 9 00:02 .\ndrwxr-xr-x 11 root wheel 374 Dec 8 23:52 ..\n-rw-r--r-- 1 root wheel 3773 Dec 8 23:50 newcert.pem\n-rw-r--r-- 1 root wheel 3004 Dec 9 00:04 newcert.pkcs12 \u2190 pkcs12\u5f62\u5f0f\u306e\u914d\u5e03\u30d5\u30a1\u30a4\u30eb\n-rw-r--r-- 1 root wheel 963 Dec 8 23:49 newkey.pem\n-rw-r--r-- 1 root wheel 700 Dec 8 23:49 newreq.pem\r\n\r\n<\/code><\/pre>\n
\n\u4eca\u56de\u306f\u3001OpenSSL\u306e\u30b3\u30de\u30f3\u30c9\u30e9\u30a4\u30f3\u304b\u3089\u5404\u7a2e\u306ePKI\u8a3c\u660e\u66f8\u3092\u4f5c\u6210\u3057\u307e\u3057\u305f\u304c\u3001\u6b21\u56de\u306f\u3053\u308c\u3089\u306e\u8a3c\u660e\u66f8\u3092\u30b5\u30fc\u30d0\u3084\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30de\u30b7\u30f3\u306b\u8a2d\u5b9a\u3059\u308b\u4f8b\u3092\u7d39\u4ecb\u3057\u305f\u3044\u3068\u601d\u3044\u307e\u3059\uff0e<\/p>","protected":false},"excerpt":{"rendered":"PKI\u8a3c\u660e\u66f8\u306e\u904b\u7528 IEEE802.1X\u8a8d\u8a3c\u30b7\u30b9\u30c6\u30e0\u3092\u8d77\u3061\u4e0a\u3052\u308b\u306b\u306f\u3001PKI\u306b\u3088\u308b\u8a3c\u660e\u66f8\u3092\u6e96\u5099\u3057\u306a\u3051\u308c\u3070\u306a\u308a\u307e\u305b\u3093\uff0eMac OS X \u30b5\u30fc\u30d0\u306e\u5834\u5408\u306fGUI\u30d9\u30fc\u30b9\u306e”Server Admin”\u30c4\u30fc\u30eb\u304b\u3089\u6bd4\u8f03\u7684\u7c21\u5358\u306b\u81ea\u5df1\u7f72\u540d\u5f62\u5f0f\u306e\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u3092\u7d44\u307f\u8fbc\u3080\u3053\u3068\u304c\u53ef\u80fd\u3067\u3059\uff0e\u307e\u305f\u3001Mac OS X \u3067\u306f\u6a19\u6e96\u3067\u7d44\u307f\u8fbc\u307e\u308c\u3066\u3044\u308b\u201dKeychain Access” \u30e6\u30fc\u30c6\u30a3\u30ea\u30c6\u30a3\u30fc\u306b\u3088\u3063\u3066\u3001\u5404\u7a2ePKI\u8a3c\u660e\u66f8\u3092\u30cf\u30f3\u30c9\u30ea\u30f3\u30b0\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u3063\u3066\u3044\u307e\u3059\uff0e \u4eca\u56de\u306f\u3001PKI\u8a8d\u8a3c\u306e\u4ed5\u7d44\u307f\u3092\u7406\u89e3\u3057\u3084\u3059\u304f\u3059\u308b\u305f\u3081\u3001\u6562\u3048\u3066\u3053\u308c\u3089\u306eGUI\u30d9\u30fc\u30b9\u306e\u30c4\u30fc\u30eb\u3092\u4f7f\u308f\u305a\u306b\u3001OpenSSL \u306e\u30b3\u30de\u30f3\u30c9\u30e9\u30a4\u30f3\u304b\u3089\u5404\u7a2e\u306e\u8a3c\u660e\u66f8\u3092\u4f5c\u6210\u3057\u3001802.1X\u8a8d\u8a3c\u30b7\u30b9\u30c6\u30e0\u3092\u904b\u7528\u3057\u3066\u307f\u308b\u3053\u3068\u306b\u3057\u307e\u3059\uff0e\u3000 OpenSSL OpenSSL\u306f\u30aa\u30fc\u30d7\u30f3\u30bd\u30fc\u30b9\u30d9\u30fc\u30b9\u306ePKI\u8a8d\u8a3c\u30b7\u30b9\u30c6\u30e0\u3068\u3057\u3066\u6700\u3082\u5e83\u304f\u4f7f\u308f\u308c\u3066\u304a\u308a\u3001Mac OS X \u3067\u3082\u3053\u306eOpenSSL\u304c\u4f7f\u308f\u308c\u3066\u3044\u307e\u3059\uff0ePKI\u306e\u4ed5\u7d44\u307f\u3092\u7406\u89e3\u3059\u308b\u306e\u306f\u7d50\u69cb\u5927\u5909\u306a\u306e\u3067\u3059\u304c\u3001PKI\u306e\u4ed5\u7d44\u307f\u306b\u3064\u3044\u3066\u306f\u66f8\u7c4d\u306a\u3069\u3092\u53c2\u8003\u306b\u3057\u3066\u8cb0\u3046\u3068\u3057\u3066\u3001\u3053\u3053\u3067\u306f\u7c21\u5358\u306bPKI\u306e\u4ed5\u7d44\u307f\u3092\u8aac\u660e\u3057\u3066\u304a\u304d\u307e\u3059\uff0e PKI\u3068\u8a3c\u660e\u66f8 PKI(Public Key Infrastructure\uff09\u3067\u306f\u3001\u516c\u958b\u9375\u3068\u79d8\u5bc6\u9375\u3068\u3044\u3046\u4e00\u5bfe\u306e\u6697\u53f7\u9375\u3092\u5229\u7528\u3057\u3066\u3044\u307e\u3059\uff0e\u3053\u308c\u3089\u306e\uff12\u3064\u306e\u9375\u306e\u3046\u3061\u306e\u3069\u3061\u3089\u304b\u4e00\u65b9\u3067\u6697\u53f7\u5316\u3055\u308c\u305f\u6587\u66f8\u306f\u3001\u3082\u3046\u4e00\u65b9\u306e\u9375\u3067\u3057\u304b\u5fa9\u53f7\u5316\u3067\u304d\u306a\u3044\u3068\u3044\u3046\u6027\u8cea\u304c\u3042\u308a\u307e\u3059\uff0e\u30c7\u30fc\u30bf\u306e\u6240\u6709\u8005\u304c\u7247\u65b9\u306e\u9375\uff08\u79d8\u5bc6\u9375\uff09\u3067\u6697\u53f7\u5316\u3057\u3001\u3082\u3046\u4e00\u65b9\u306e\u9375\uff08\u516c\u958b\u9375\uff09\u3092\u516c\u958b\u3057\u307e\u3059\uff0e \u79d8\u5bc6\u9375\u3067\u6697\u53f7\u5316\u3055\u308c\u305f\u30c7\u30fc\u30bf\u306f\u3001\u5bfe\u306b\u306a\u3063\u3066\u3044\u308b\u516c\u958b\u9375\u3067\u3057\u304b\u5fa9\u53f7\u5316\u3067\u304d\u306a\u3044\u306e\u3067\u3001\u305d\u306e\u30c7\u30fc\u30bf\u306e\u51fa\u6240\u3092\u8a3c\u660e\u3059\u308b\u3053\u3068\u306b\u306a\u308a\u307e\u3059\uff0e\u901a\u5e38\u3001\u8a3c\u660e\u66f8\u306b\u306f\u30e6\u30fc\u30b6\u306e\u60c5\u5831\uff08\u516c\u958b\u9375\u306e\u60c5\u5831\u3084\u6709\u52b9\u671f\u9650\u306a\u3069\uff09\u3092\u8a8d\u8a3c\u5c40(CA : Certificate Authority\uff09\u306e\u79d8\u5bc6\u9375\u3067\u6697\u53f7\u5316\u3057\u305f\u60c5\u5831\u304c\u66f8\u304d\u8fbc\u307e\u308c\u3066\u3044\u307e\u3059\uff0e\u901a\u5e38\u3001\u8a8d\u8a3c\u5c40\u306e\u516c\u958b\u9375\u306f\u30eb\u30fc\u30c8CA\u3068\u3057\u3066Mac OS X \u3084Windows\u306e\u4e2d\u306b\u7d44\u307f\u8fbc\u307e\u308c\u3066\u3044\u307e\u3059\u306e\u3067\u3001\u3053\u306e\u30eb\u30fc\u30c8CA\u306e\u516c\u958b\u9375\u3067\u5fa9\u53f7\u5316\u3059\u308b\u3053\u3068\u306b\u3088\u3063\u3066\u3001\u3053\u306e\u8a3c\u660e\u66f8\u304c\u8a8d\u8a3c\u5c40\u306b\u3088\u3063\u3066\u7f72\u540d\u30fb\u767a\u884c\u3055\u308c\u305f\u3082\u306e\u3067\u3042\u308b\u3053\u3068\u304c\u8a3c\u660e\u3055\u308c\u307e\u3059\uff0e \u30b0\u30ed\u30fc\u30d0\u30eb\u8a3c\u660e\u66f8\u3068\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u8a3c\u660e\u66f8 \u5916\u90e8\u516c\u958bWEB\u30b5\u30fc\u30d0\u306a\u3069\u3092\u904b\u7528\u3059\u308b\u5834\u5408\u306f\u3001\u30b0\u30ed\u30fc\u30d0\u30eb\u8a3c\u660e\u66f8\u3068\u547c\u3070\u308c\u308bVerisign\u3084RSA\u306a\u3069\u306e\u304d\u3061\u3093\u3068\u30aa\u30fc\u30bd\u30e9\u30a4\u30ba\u3055\u308c\u305f\u8a8d\u8a3c\u6a5f\u95a2\u306b\u3088\u308a\u7f72\u540d\u3055\u308c\u305f\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u3092\u624b\u914d\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u304c\u3001\u3053\u308c\u3089\u306e\u30b5\u30fc\u30d3\u30b9\u306f\u6709\u6599\u3067\u9ad8\u4fa1\u306a\u3046\u3048\u3001\u8a3c\u660e\u66f8\u53d6\u5f97\u306e\u305f\u3081\u306e\u624b\u7d9a\u304d\u3082\u9762\u5012\u3067\u5384\u4ecb\u3067\u3059\uff0e\u7121\u7ddaLAN\u7b49\u306e\u8a8d\u8a3c\u7528\u9014\u306b\u4f7f\u3046\u306e\u3067\u3042\u308c\u3070\u3001\u3053\u308c\u3089\u306e\u30aa\u30fc\u30bd\u30e9\u30a4\u30ba\u3055\u308c\u305f\u8a3c\u660e\u66f8\u3067\u306a\u304f\u3066\u3082\u3001\u81ea\u5206\u3067\u52dd\u624b\u306b\u8a8d\u8a3c\u5c40\u3092\u8d77\u3061\u4e0a\u3052\u3066\u3001\u8a3c\u660e\u66f8\u306b\u7f72\u540d\u3059\u308b\u3060\u3051\u3067\u7c21\u5358\u306bPKI\u8a8d\u8a3c\u30b7\u30b9\u30c6\u30e0\u306e\u904b\u7528\u304c\u53ef\u80fd\u3067\u3059\uff0e\u3053\u306e\u3088\u3046\u306b\u7d44\u7e54\u306e\u5185\u90e8\u3060\u3051\u3067\u904b\u7528\u3059\u308b\u3088\u3046\u306a\u8a3c\u660e\u66f8\u3092\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u8a3c\u660e\u66f8\u3068\u547c\u3093\u3067\u3044\u307e\u3059\uff0e OpenSSL\u306b\u3088\u308bPKI\u30b7\u30b9\u30c6\u30e0\u306e\u69cb\u7bc9 Mac OS X \u306e\u5834\u5408\u3001OpenSSL\u95a2\u4fc2\u306e\u30d5\u30a1\u30a4\u30eb\u306f “\/System\/Library\/OpenSSL” \u914d\u4e0b\u306b\u7f6e\u304b\u308c\u3066\u3044\u307e\u3059\uff0eMac OS X Server\u3067\u306f \u30b5\u30fc\u30d0\u95a2\u4fc2\u306e\u8a3c\u660e\u66f8\u306f “\/etc\/certificates” \u914d\u4e0b\u306b\u7f6e\u304b\u308c\u3066\u3044\u307e\u3059\uff0e \u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u8a8d\u8a3c\u5c40\uff08CA\uff09\u306e\u4f5c\u6210 \u8a8d\u8a3c\u5c40\u3092\u4f5c\u6210\u3059\u308b\u3068\u3044\u3046\u3068\u4f55\u304b\u7279\u5225\u306a\u30b5\u30fc\u30d3\u30b9\u3092\u63d0\u4f9b\u3059\u308b\u3068\u3044\u3046\u30a4\u30e1\u30fc\u30b8\u304c\u3042\u308a\u307e\u3059\u304c\u3001\u5358\u306bCA\u8a3c\u660e\u66f8\u3092\u4f5c\u6210\u3059\u308b\u3060\u3051\u3067\u3059\uff0e”\/System\/Library\/OpenSSL\/misc”\u3068\u3044\u3046\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306b “CA.pl”\u3068”CA.sh”\u3068\u3044\u3046\uff12\u3064\u306e\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u304c\u3042\u308a\u307e\u3059\uff0e\u3053\u308c\u3089\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u306f\u8a8d\u8a3c\u5c40\u3092\u4f5c\u6210\u3057\u305f\u308a\u8a3c\u660e\u66f8\u3092\u4f5c\u6210\u3059\u308b\u305f\u3081\u306b\u7528\u610f\u3055\u308c\u3066\u3044\u307e\u3059\uff0ePerl\u30b9\u30af\u30ea\u30d7\u30c8\u3068shell\u30b9\u30af\u30ea\u30d7\u30c8\u306e\u3069\u3061\u3089\u3092\u7528\u3044\u3066\u3082\u51e6\u7406\u5185\u5bb9\u306f\u540c\u3058\u3067\u3059\uff0e sh-3.2# cd \/System\/Library\/OpenSSL\/misc sh-3.2# ls -la total 56 […]","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[13],"tags":[],"class_list":["post-281","post","type-post","status-publish","format-standard","hentry","category-sysadmin"],"_links":{"self":[{"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/posts\/281","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/comments?post=281"}],"version-history":[{"count":0,"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/posts\/281\/revisions"}],"wp:attachment":[{"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/media?parent=281"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/categories?post=281"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/tags?post=281"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}