Domů Procházet Nápověda
Registrovat se Přihlásit se
AIP
/
AipGateway
2
0
Rozštěpit 0
Soubory Úkoly 0 Pull Requesty 0 Wiki
Větev: master
Větve Značky
AipGateway
/
MIP 인증서 만들기.txt

MIP 인증서 만들기.txt 2.0 KB
Trvalý odkaz Historie Surový

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071 
  1. 

  2. openssl genpkey -algorithm RSA -out mip_private_key.pem
    3. 

  3. openssl req -new -key mip_private_key.pem -out mip_csr.pem
    4. 

  4. openssl x509 -req -days 365 -in mip_csr.pem -signkey mip_private_key.pem -out mip_certificate.pem
    5. 

  5. mip_certificate.pem 파일을 등록하면 됨.
    6. 

  6. 

  7. https://blog.naver.com/PostView.nhn?blogId=simjin1984&logNo=60096310704
    8. 

  8. https://blog.naver.com/PostView.nhn?blogId=techshare&logNo=222310287349
    9. 

  9. 

  10. 

  11. 

  12. 인증서 관련(CER, PVK, SPC, PFX) 파일 만드는 방법
    13. 

  13. ; https://www.sysnet.pe.kr/2/0/863
    14. 

  14. 

  15. JKS(Java Key Store)에 저장된 인증서를 ActiveX 코드 서명에 사용하는 방법
    16. 

  16. ; https://www.sysnet.pe.kr/2/0/882
    17. 

  17. 

  18. .keystore 파일에 저장된 개인키 추출방법과 인증기관으로부터 온 공개키를 합친 pfx 파일 만드는 방법
    19. 

  19. ; https://www.sysnet.pe.kr/2/0/1262
    20. 

  20. 

  21. Docker Desktop for Windows - kubectl proxy 없이 k8s 대시보드 접근 방법
    22. 

  22. ; https://www.sysnet.pe.kr/2/0/12593#cert
    23. 

  23. 

  24. 

  25. 

  26. 

  27. https://learn.microsoft.com/ko-kr/dotnet/core/additional-tools/self-signed-certificates-guide
    28. 

  28. 

  29. 우분투 셸에서 명령어 실행
    30. 

  30. 

  31. 

  32. PARENT="mip_gateway"
    33. 

  33. openssl req \
    34. 

  34. -x509 \
    35. 

  35. -newkey rsa:4096 \
    36. 

  36. -sha256 \
    37. 

  37. -days 999999 \
    38. 

  38. -nodes \
    39. 

  39. -keyout $PARENT.key \
    40. 

  40. -out $PARENT.crt \
    41. 

  41. -subj "/CN=${PARENT}" \
    42. 

  42. -extensions v3_ca \
    43. 

  43. -extensions v3_req \
    44. 

  44. -config <( \
    45. 

  45.   echo '[req]'; \
    46. 

  46.   echo 'default_bits= 4096'; \
    47. 

  47.   echo 'distinguished_name=req'; \
    48. 

  48.   echo 'x509_extension = v3_ca'; \
    49. 

  49.   echo 'req_extensions = v3_req'; \
    50. 

  50.   echo '[v3_req]'; \
    51. 

  51.   echo 'basicConstraints = CA:FALSE'; \
    52. 

  52.   echo 'keyUsage = nonRepudiation, digitalSignature, keyEncipherment'; \
    53. 

  53.   echo 'subjectAltName = @alt_names'; \
    54. 

  54.   echo '[ alt_names ]'; \
    55. 

  55.   echo "DNS.1 = www.${PARENT}"; \
    56. 

  56.   echo "DNS.2 = ${PARENT}"; \
    57. 

  57.   echo '[ v3_ca ]'; \
    58. 

  58.   echo 'subjectKeyIdentifier=hash'; \
    59. 

  59.   echo 'authorityKeyIdentifier=keyid:always,issuer'; \
    60. 

  60.   echo 'basicConstraints = critical, CA:TRUE, pathlen:0'; \
    61. 

  61.   echo 'keyUsage = critical, cRLSign, keyCertSign'; \
    62. 

  62.   echo 'extendedKeyUsage = serverAuth, clientAuth')
    63. 

  63. 

  64. openssl x509 -noout -text -in $PARENT.crt
    65. 

  65. 

  66. 

  67. openssl pkcs12 -export -out $PARENT.pfx -inkey $PARENT.key -in $PARENT.crt
    68. 

  68. 

  69. 

  70. Import-Certificate -FilePath mip_gateway.crt -CertStoreLocation 'Cert:\LocalMachine\Root'
    71. 

  71.