The post OpenSSL ile wildcard sertifika üretimi first appeared on Complexity is the enemy of Security.
]]>OpenSSL ile Wildcard sertifika üretimi
Wildcard sertifika üretiminin normal sertifika üretimlerinden farkı yoktur. Sadece host isminin yazıldığı alana www.lifeoverip.net yerine *.lifeoverip.net yazılması gerekir.
# openssl req -new -keyout ./wildcard.req -out ./wildcard.req -days 3652
Generating a 1024 bit RSA private key
…..++++++
…..++++++
writing new private key to ‘./wildcard.req’
Enter PEM pass phrase:
Verifying – Enter PEM pass phrase:
phrase is too short, needs to be at least 4 chars
Enter PEM pass phrase:
Verifying – Enter PEM pass phrase:
—–
—–
Country Name (2 letter code) [TR]:
State or Province Name (full name) [IStanbul]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Lifeoverip Consultant Services]:
Organizational Unit Name (eg, section) []:Security
Common Name (eg, YOUR name) []:*.lifeoverip.net
Email Address []:[email protected]
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Oluşturulan wildcard sertifika isteği yetkili bir CA’e gönderilip imzalaması istenebilir ya da kendi CA’nızı kullanarak imzalayabilirsiniz.
# openssl ca -policy policy_anything -out wildcard.crt -infiles wildcard.req
Using configuration from /etc/ssl/openssl.cnf
Enter pass phrase for /etc/ssl/sslCA/private/cakey.pem:
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 4097 (0x1001)
Validity
Not Before: Aug 14 08:36:12 2009 GMT
Not After : Aug 14 08:36:12 2010 GMT
Subject:
countryName = TR
stateOrProvinceName = IStanbul
organizationName = Lifeoverip Consultant Services
organizationalUnitName = Security
commonName = *.lifeoverip.net
emailAddress = [email protected]
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
33:B8:C2:5A:08:92:E7:64:5D:25:E5:6D:F5:08:A8:9B:37:0A:BF:BE
X509v3 Authority Key Identifier:
keyid:13:F6:E5:86:48:EB:E5:6A:8A:CC:BC:72:28:75:0D:38:89:20:28:45
Certificate is to be certified until Aug 14 08:36:12 2010 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
Üretilen sertifikanın browserlar tarafından görünümü:
The post OpenSSL ile wildcard sertifika üretimi first appeared on Complexity is the enemy of Security.
]]>