{"id":7857,"date":"2023-11-10T14:06:40","date_gmt":"2023-11-10T05:06:40","guid":{"rendered":"\/blog\/?p=7857"},"modified":"2023-11-10T14:06:42","modified_gmt":"2023-11-10T05:06:42","slug":"openssl-rootca-%eb%b0%8f-ssl-%ec%9d%b8%ec%a6%9d%ec%84%9c-%eb%a7%8c%eb%93%a4%ea%b8%b0-for-windows","status":"publish","type":"post","link":"https:\/\/hasu0707.duckdns.org\/blog\/?p=7857","title":{"rendered":"[openssl] RootCA \ubc0f SSL \uc778\uc99d\uc11c \ub9cc\ub4e4\uae30 for Windows"},"content":{"rendered":"\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"bat\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">REM ##################################################################\nREM #\nREM # openssl \uc778\uc99d\uc11c \uc0dd\uc131\nREM #\nREM ##################################################################\n@ECHO OFF\nCHCP 65001 1> NUL 2> NUL\n\nSET \"CERT_NAME=https_cert\"\nSET \"DOMAIN_NAME=apache.org\"\nSET \"COMMON_NAME=apache-httpd\"\nSET \"COMPANY_NAME= Apache Software Foundation\"\nSET \"DEFAULT_DAYS=36500\"\nDEL *.cnf\nDEL *.crt\nDEL *.csr\nDEL *.key\nDEL *.orig\nCLS\n\nECHO ###########################################################################\nECHO #\nECHO # openssl.cnf \ud30c\uc77c \uc4f0\uae30\nECHO #\nECHO ###########################################################################\nECHO [ req ]> rootca_openssl.cnf\nECHO default_bits = 2048>> rootca_openssl.cnf\nECHO default_md = sha256>> rootca_openssl.cnf\nECHO default_keyfile = %CERT_NAME%_private.key>> rootca_openssl.cnf\nECHO distinguished_name = req_distinguished_name>> rootca_openssl.cnf\nECHO extensions = v3_ca>> rootca_openssl.cnf\nECHO req_extensions = v3_ca>> rootca_openssl.cnf\nECHO.>> rootca_openssl.cnf\nECHO [ v3_ca ]>> rootca_openssl.cnf\nECHO basicConstraints = critical, CA:TRUE, pathlen:0>> rootca_openssl.cnf\nECHO subjectKeyIdentifier = hash>> rootca_openssl.cnf\nECHO ##authorityKeyIdentifier = keyid:always, issuer:always>> rootca_openssl.cnf\nECHO keyUsage = keyCertSign, cRLSign>> rootca_openssl.cnf\nECHO nsCertType = sslCA, emailCA, objCA>> rootca_openssl.cnf\nECHO.>> rootca_openssl.cnf\nECHO [req_distinguished_name ]>> rootca_openssl.cnf\nECHO countryName = KR>> rootca_openssl.cnf\nECHO countryName_default = KR>> rootca_openssl.cnf\nECHO countryName_min = 2 >> rootca_openssl.cnf\nECHO countryName_max = 2 >> rootca_openssl.cnf\nECHO.>> rootca_openssl.cnf\nECHO # \ud68c\uc0ac\uba85 \uc785\ub825>> rootca_openssl.cnf\nECHO organizationName = %COMPANY_NAME%>> rootca_openssl.cnf\nECHO organizationName_default = %COMPANY_NAME%>> rootca_openssl.cnf\nECHO.>> rootca_openssl.cnf\nECHO # \ubd80\uc11c \uc785\ub825>> rootca_openssl.cnf\nECHO organizationalUnitName = %COMPANY_NAME%>> rootca_openssl.cnf\nECHO organizationalUnitName_default = %COMPANY_NAME%>> rootca_openssl.cnf\nECHO.>> rootca_openssl.cnf\nECHO # SSL \uc11c\ube44\uc2a4\ud560 domain \uba85 \uc785\ub825>> rootca_openssl.cnf\nECHO commonName = %COMMON_NAME%>> rootca_openssl.cnf\nECHO commonName_default = %COMMON_NAME%>> rootca_openssl.cnf\nECHO commonName_max  = 64>> rootca_openssl.cnf\nECHO [ req ]> server_openssl.cnf\nECHO default_bits            = 2048>> server_openssl.cnf\nECHO default_md              = sha1>> server_openssl.cnf\nECHO default_keyfile         = %COMPANY_NAME%-rootca.key>> server_openssl.cnf\nECHO distinguished_name      = req_distinguished_name>> server_openssl.cnf\nECHO extensions              = v3_user>> server_openssl.cnf\nECHO.>> server_openssl.cnf\nECHO [ v3_user ]>> server_openssl.cnf\nECHO # Extensions to add to a certificate request>> server_openssl.cnf\nECHO basicConstraints = CA:FALSE>> server_openssl.cnf\nECHO authorityKeyIdentifier = keyid,issuer>> server_openssl.cnf\nECHO subjectKeyIdentifier = hash>> server_openssl.cnf\nECHO keyUsage = nonRepudiation, digitalSignature, keyEncipherment>> server_openssl.cnf\nECHO ## SSL \uc6a9 \ud655\uc7a5\ud0a4 \ud544\ub4dc>> server_openssl.cnf\nECHO extendedKeyUsage = serverAuth,clientAuth>> server_openssl.cnf\nECHO subjectAltName          = @alt_names>> server_openssl.cnf\nECHO.>> server_openssl.cnf\nECHO [ alt_names]>> server_openssl.cnf\nECHO ## Subject AltName\uc758 DNSName field\uc5d0 SSL Host \uc758 \ub3c4\uba54\uc778 \uc774\ub984\uc744 \uc801\uc5b4\uc900\ub2e4.>> server_openssl.cnf\nECHO ## \uba40\ud2f0 \ub3c4\uba54\uc778\uc77c \uacbd\uc6b0 *.%COMPANY_NAME%.com \ucc98\ub7fc \uc4f8 \uc218 \uc788\ub2e4.>> server_openssl.cnf\nECHO DNS.1 = %COMMON_NAME%>> server_openssl.cnf\nECHO DNS.2 = *.%DOMAIN_NAME%>> server_openssl.cnf\nECHO.>> server_openssl.cnf\nECHO [req_distinguished_name ]>> server_openssl.cnf\nECHO countryName                     = KR>> server_openssl.cnf\nECHO countryName_default             = KR>> server_openssl.cnf\nECHO countryName_min                 = 2 >> server_openssl.cnf\nECHO countryName_max                 = 2 >> server_openssl.cnf\nECHO.>> server_openssl.cnf\nECHO # \ud68c\uc0ac\uba85 \uc785\ub825>> server_openssl.cnf\nECHO organizationName              = %COMPANY_NAME%>> server_openssl.cnf\nECHO organizationName_default      = %COMPANY_NAME%>> server_openssl.cnf\nECHO.>> server_openssl.cnf\nECHO # \ubd80\uc11c \uc785\ub825>> server_openssl.cnf\nECHO organizationalUnitName          = %COMPANY_NAME%>> server_openssl.cnf\nECHO organizationalUnitName_default  = %COMPANY_NAME%>> server_openssl.cnf\nECHO.>> server_openssl.cnf\nECHO # SSL \uc11c\ube44\uc2a4\ud560 domain \uba85 \uc785\ub825>> server_openssl.cnf\nECHO commonName                      = %COMMON_NAME%>> server_openssl.cnf\nECHO commonName_default              = %COMMON_NAME%>> server_openssl.cnf\nECHO commonName_max                  = 64>> server_openssl.cnf\n\nCLS\nECHO ###########################################################################\nECHO #\nECHO # rootCA \uc778\uc99d\uc11c \ub9cc\ub4e4\uae30\nECHO #\nECHO ###########################################################################\n\nECHO.\nECHO ###########################################################################\nECHO Step 1: [RootCA Cert] Private \ud0a4\ub97c \ub9cc\ub4e0\ub2e4.\nECHO ###########################################################################\nECHO openssl genrsa -aes256 -out %CERT_NAME%_rootca.key 2048\nopenssl genrsa -aes256 -out %CERT_NAME%_rootca.key 2048\nPAUSE\n\nCLS\nECHO.\nECHO ###########################################################################\nECHO Step 2: [RootCA Cert] \uc778\uc99d\uc694\uccad\uc11c(Certificate Signing Request) \uc0dd\uc131\nECHO ###########################################################################\nECHO openssl req -new -config rootca_openssl.cnf -key %CERT_NAME%_rootca.key -out %CERT_NAME%_rootca.csr\nopenssl req -new -config rootca_openssl.cnf -key %CERT_NAME%_rootca.key -out %CERT_NAME%_rootca.csr\nPAUSE\n\nCLS\nECHO.\nECHO ###########################################################################\nECHO Step 3: [RootCA Cert] \uac1c\uc778\ud0a4\uc758 \ube44\ubc00\ubc88\ud638 \uc81c\uac70\nECHO ###########################################################################\nCOPY \/V %CERT_NAME%_rootca.key %CERT_NAME%_rootca.key.orig\nECHO openssl rsa -in %CERT_NAME%_rootca.key.orig -out %CERT_NAME%_rootca.key\nopenssl rsa -in %CERT_NAME%_rootca.key.orig -out %CERT_NAME%_rootca.key\nPAUSE\n\nCLS\nECHO.\nECHO ###########################################################################\nECHO Step 4: [RootCA Cert] \uc778\uc99d\uc11c(Certificate) \uc0dd\uc131\nECHO ###########################################################################\nECHO openssl x509 -req -days %DEFAULT_DAYS% -extensions v3_ca -set_serial 1 -extfile rootca_openssl.cnf -in %CERT_NAME%_rootca.csr -signkey %CERT_NAME%_rootca.key -out %CERT_NAME%_rootca.crt\nopenssl x509 -req -days %DEFAULT_DAYS% -extensions v3_ca -set_serial 1 -extfile rootca_openssl.cnf -in %CERT_NAME%_rootca.csr -signkey %CERT_NAME%_rootca.key -out %CERT_NAME%_rootca.crt\nPAUSE\n\nCLS\nECHO.\nECHO ###########################################################################\nECHO Step 5: [RootCA Cert] \ud655\uc778\nECHO ###########################################################################\nopenssl x509 -text -in %CERT_NAME%_rootca.crt\n\nCLS\nECHO ###########################################################################\nECHO #\nECHO # rootCA\ub97c \uae30\uc900\uc73c\ub85c \ud55c Server SSL \uc778\uc99d\uc11c \ub9cc\ub4e4\uae30\nECHO #\nECHO ###########################################################################\n\nECHO.\nECHO ###########################################################################\nECHO Step 1: [SSL Cert] Private \ud0a4\ub97c \ub9cc\ub4e0\ub2e4.\nECHO ###########################################################################\nopenssl genrsa -aes256 -out %CERT_NAME%_server_private.key 2048\n\nCLS\nECHO.\nECHO ###########################################################################\nECHO Step 2: [SSL Cert] \uc778\uc99d\uc694\uccad\uc11c(Certificate Signing Request) \uc0dd\uc131\nECHO ###########################################################################\nopenssl req -new -config server_openssl.cnf -key %CERT_NAME%_server_private.key -out %CERT_NAME%_server.csr\n\nCLS\nECHO.\nECHO ###########################################################################\nECHO Step 3: [SSL Cert] \uac1c\uc778\ud0a4\uc758 \ube44\ubc00\ubc88\ud638 \uc81c\uac70\nECHO ###########################################################################\nCOPY \/V  %CERT_NAME%_server_private.key %CERT_NAME%_server_private.key.orig\nopenssl rsa -in %CERT_NAME%_server_private.key.orig -out %CERT_NAME%_server_private.key\n\nCLS\nECHO.\nECHO ###########################################################################\nECHO Step 4: [SSL Cert] \uc778\uc99d\uc11c(Certificate) \uc0dd\uc131\nECHO ###########################################################################\nopenssl x509 -req -set_serial 01 -days %DEFAULT_DAYS% -extensions v3_user -extfile server_openssl.cnf -in %CERT_NAME%_server.csr -CA %CERT_NAME%_rootca.crt -CAcreateserial -CAkey %CERT_NAME%_rootca.key -out %CERT_NAME%_server.crt\n\nCLS\nECHO.\nECHO ###########################################################################\nECHO Step 5: [SSL Cert] \ud655\uc778\nECHO ###########################################################################\nopenssl x509 -text -in %CERT_NAME%_server.crt\n\nPAUSE<\/pre>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_import_markdown_pro_load_document_selector":0,"_import_markdown_pro_submit_text_textarea":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[39],"tags":[],"class_list":["post-7857","post","type-post","status-publish","format-standard","hentry","category-os_linux_unix_macos"],"_links":{"self":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/7857","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7857"}],"version-history":[{"count":0,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/7857\/revisions"}],"wp:attachment":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7857"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7857"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7857"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}