ProFTPD の SSL/TLS 暗号化通信を有効にするために必要なサーバー証明書を作成します。
必要なファイルは、CSR ファイル(サーバーの証明書発行の署名要求)と秘密鍵と証明書ですが、このうちの証明書は自己署名した電子証明書を使うこととします。
SSL 通信に必要なディレクトリとファイルの作成
CSR ファイル、秘密鍵、証明書を格納するためのディレクトリを作成します。
# mkdir /usr/local/proftpd/etc/ssl.csr
# mkdir /usr/local/proftpd/etc/ssl.key
# mkdir /usr/local/proftpd/etc/ssl.crt
# mkdir /usr/local/proftpd/etc/ssl.key
# mkdir /usr/local/proftpd/etc/ssl.crt
CSR ファイルと秘密鍵を作成します。
# openssl req -new -nodes -keyout /usr/local/proftpd/etc/ssl.key/server.key -out /usr/local/proftpd/etc/ssl.csr/server.csr
Generating a 1024 bit RSA private key
……..++++++
…………………++++++
writing new private key to ‘/usr/local/proftpd/etc/ssl.key/server.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [GB]:JP国を入力
State or Province Name (full name) [Berkshire]:Osaka都道府県を入力
Locality Name (eg, city) [Newbury]:Osaka-shi市区町村を入力
Organization Name (eg, company) [My Company Ltd]:honana会社名を入力
Organizational Unit Name (eg, section) []:SSL部署を入力
Common Name (eg, your name or your server’s hostname) []:server.honana.comサーバーのFQDN
Email Address []:.「.」で入力を省略
……..++++++
…………………++++++
writing new private key to ‘/usr/local/proftpd/etc/ssl.key/server.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [GB]:JP国を入力
State or Province Name (full name) [Berkshire]:Osaka都道府県を入力
Locality Name (eg, city) [Newbury]:Osaka-shi市区町村を入力
Organization Name (eg, company) [My Company Ltd]:honana会社名を入力
Organizational Unit Name (eg, section) []:SSL部署を入力
Common Name (eg, your name or your server’s hostname) []:server.honana.comサーバーのFQDN
Email Address []:.「.」で入力を省略
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:.「.」で入力を省略
An optional company name []:.「.」で入力を省略
自己署名証明書を作成します。
# openssl x509 -in /usr/local/proftpd/etc/ssl.csr/server.csr -out /usr/local/proftpd/etc/ssl.crt/server.crt -req -signkey /usr/local/proftpd/etc/ssl.key/server.key -days 3650
Signature ok
subject=/C=JP/ST=Osaka/L=Osaka-shi/O=honana/OU=SSL/CN=server.honana.com
Getting Private key
subject=/C=JP/ST=Osaka/L=Osaka-shi/O=honana/OU=SSL/CN=server.honana.com
Getting Private key