[OpenSSL]証明書生成

作成した RSA 秘密鍵を使って証明書を生成する。証明書には RSA 公開鍵が埋め込まれる。

$ openssl req -new -x509 -out test.crt -key privateKeyRsa.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:JP
State or Province Name (full name) []:Tokyo
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
$ openssl x509 -text -noout -in test.crt
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
ac:4e:6d:50:42:99:af:85
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=JP, ST=Tokyo, L=Default City, O=Default Company Ltd
Validity
Not Before: Dec 29 22:06:28 2010 GMT
Not After : Jan 28 22:06:28 2011 GMT
Subject: C=JP, ST=Tokyo, L=Default City, O=Default Company Ltd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (512 bit)
Modulus:
00:ef:8a:45:1b:c9:08:b6:c2:c6:f2:3c:e1:d0:2c:
80:17:08:ce:03:df:e1:62:3e:fa:c5:c7:c7:40:fd:
63:7a:bd:dc:02:b9:dd:dd:e6:ae:b4:b4:e9:70:b7:
23:c7:d8:5c:68:2c:14:f5:46:31:a0:8c:dd:1a:94:
f0:58:e6:f8:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:D1:27:F9:75:5F:5E:F4:66:2A:9E:73:B4:D1:2F:BB:AF:A7:02:1E
X509v3 Authority Key Identifier:
keyid:32:D1:27:F9:75:5F:5E:F4:66:2A:9E:73:B4:D1:2F:BB:AF:A7:02:1E
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
db:47:d6:7f:4e:b0:56:11:52:0d:c7:e9:be:d7:b9:7a:a5:51:
8e:ef:b8:cc:2d:53:d1:62:4a:82:5a:83:87:e6:14:9a:e9:65:
82:62:9e:52:02:a8:f2:d9:b0:5e:88:dc:c4:c9:d3:61:4e:07:
22:bc:af:4e:e6:d9:6b:eb:38:10