Différences entre les versions de « Certificat SSL »

Création et vérification d'un certificat SSL

• Générer la clé privée 2048 bits

# openssl genrsa -out ben.key 2048
Generating RSA private key, 2048 bit long modulus

• Générer le CSR (Certificate Signing Request)

# openssl req -new -key ben.key -out ben.csr
-----
Country Name (2 letter code) [XX]:FR
State or Province Name (full name) []:Mayenne
Locality Name (eg, city) [Default City]:Mayenne
Organization Name (eg, company) [Default Company Ltd]:Jouve
Organizational Unit Name (eg, section) []:L143
Common Name (eg, your name or your server's hostname) []:ben.com
Email Address []: ben@aol.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

• Générer la clé auto-signée et verrouiller les droits de lecture de la clé privée

# openssl x509 -req -days 9999 -in ben.csr -signkey ben.key -out ben.crt
Signature ok
subject=/C=FR/ST=Mayenne/L=Mayenne/O=Jouve/OU=L143/CN=Jouve-L143/emailAddress=contact@jouve.fr
Getting Private key

# chmod o-rw ben.key

• Vérifier le certificat

# openssl x509 -in vm-ants-lamp1.crt -text -noout
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number: 15917725099774018168 (0xdce71ea47c598278)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=FR, ST=Mayenne, L=Mayenne, O=Jouve, OU=L143, CN=www.ppd.ants.gouv.fr/emailAddress=contact@jouve.fr
        Validity
            Not Before: Oct 21 09:56:30 2013 GMT
            Not After : Mar  7 09:56:30 2041 GMT
        Subject: C=FR, ST=Mayenne, L=Mayenne, O=Jouve, OU=L143, CN=www.ppd.ants.gouv.fr/emailAddress=contact@jouve.fr
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:c1:aa:86:86:3c:ab:35:59:4a:f6:8c:5a:12:10:
                    f6:92:2b:56:80:85:5b:6e:8e:20:e6:c6:4a:d8:8a:
                    ec:70:95:92:c9:95:bf:a0:58:0a:06:14:29:16:f4:
                    84:16:4d:22:98:0e:53:6e:07:2b:0d:e1:ba:be:61:
                    4c:08:6b:af:83:1d:22:8d:d7:bf:5a:3e:de:a6:f5:
                    b9:a2:a9:00:61:cb:4b:09:6a:15:0d:63:fd:e3:cd:
                    26:2c:b0:85:54:85:45:d3:2a:34:d7:0d:eb:87:6a:
                    ee:cd:dd:0c:55:9d:be:de:80:68:aa:61:85:41:c4:
                    ce:4b:66:fb:c4:10:18:80:26:45:76:f6:92:59:3f:
                    c4:2c:dc:28:62:d7:20:ca:f5:06:5e:58:23:0a:d8:
                    40:0a:b5:e6:3b:a9:f6:54:72:7c:53:78:f2:41:0a:
                    64:63:ca:0f:62:62:ab:d4:75:43:ae:6f:16:04:71:
                    9d:e9:c0:7b:09:d4:9c:cc:9f:9f:11:6c:05:51:aa:
                    1d:21:30:ea:7b:ec:2e:bf:17:7a:17:83:d4:23:21:
                    2c:11:79:9b:75:34:28:a8:00:fb:21:a2:45:6f:2f:
                    c7:65:d8:f0:18:b6:b2:e5:ff:d7:ce:a2:e2:c0:99:
                    82:d7:0e:3c:6e:36:37:0d:24:01:d0:1a:1b:fd:35:
                    7c:75
                Exponent: 65537 (0x10001)
    Signature Algorithm: sha1WithRSAEncryption
         2c:2c:bd:86:1b:72:c8:0a:57:fe:48:02:29:cb:48:0d:59:72:
         6f:21:90:64:90:8c:b1:b1:d7:32:5a:95:88:02:8a:ec:41:92:
         06:eb:c1:a4:64:37:3f:92:7d:6b:4b:ef:65:f5:10:67:68:58:
         cc:67:9b:ae:a8:e2:93:6f:fc:6c:08:46:3a:7c:a2:7c:c6:e5:
         90:83:9d:79:0f:ca:81:46:2f:6e:e0:9e:25:c6:3a:d0:f8:6b:
         b7:a7:8d:44:3f:34:5c:10:f5:74:7b:e8:0c:1c:f2:02:91:30:
         fd:d9:5b:83:0c:55:20:94:56:bd:53:c6:36:c3:32:b8:63:4a:
         e2:d4:d6:8d:f0:d1:f2:3a:b7:48:80:28:0c:13:35:5b:17:a7:
         30:54:dd:bd:0f:24:d1:82:44:15:3a:88:31:c5:9d:ce:cc:fc:
         63:d5:ae:60:b1:3a:3d:2b:d9:61:ad:cb:c3:9d:5b:07:0c:ea:
         64:61:61:21:34:69:b4:fb:c7:d9:f9:39:e0:ea:86:a0:17:f6:
         3c:26:23:a9:bc:75:11:34:c6:a6:97:95:53:c5:c9:64:47:b6:
         a5:5b:be:87:72:2c:12:e6:2d:5c:90:56:ec:59:6c:c3:bd:b0:
         7e:8e:d4:94:8b:3c:dc:d7:cf:7a:b4:57:52:94:50:03:2c:39:
         de:57:ac:da