1. Root CA 인증서 생성
1) Root CA 개인키 생성
hwjung@jhaewon-z01:~$ openssl genrsa -aes256 -out contoso-rootca.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
..................................+++++
........+++++
e is 65537 (0x010001)
Enter pass phrase for contoso-rootca.key:
Verifying - Enter pass phrase for contoso-rootca.key:
2) Root CA 인증서 요청(CSR) 생성
hwjung@jhaewon-z01:~$ openssl req -new -key contoso-rootca.key -out contoso-rootca.csr
Enter pass phrase for contoso-rootca.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:KR
State or Province Name (full name) [Some-State]:Seoul
Locality Name (eg, city) []:Seoul
Organization Name (eg, company) [Internet Widgits Pty Ltd]:contoso
Organizational Unit Name (eg, section) []:contoso
Common Name (e.g. server FQDN or YOUR name) []:rootca
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
3) Root CA Self-Signed 인증서 생성
hwjung@jhaewon-z01:~$ openssl x509 -req -days 3650 -extensions v3_ca -set_serial 1 -in contoso-rootca.csr -signkey contoso-rootca.key -out contoso-rootca.crt
Signature ok
subject=C = KR, ST = Seoul, L = Seoul, O = contoso, OU = contoso, CN = rootca
Getting Private key
Enter pass phrase for contoso-rootca.key:
4) 생성된 인증서 내용 확인
hwjung@jhaewon-z01:~$ openssl x509 -text -in contoso-rootca.crt
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = KR, ST = Seoul, L = Seoul, O = contoso, OU = contoso, CN = rootca
Validity
Not Before: Jul 26 05:38:38 2022 GMT
Not After : Jul 23 05:38:38 2032 GMT
Subject: C = KR, ST = Seoul, L = Seoul, O = contoso, OU = contoso, CN = rootca
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f1:d9:57:83:12:f1:6a:e8:56:04:6f:16:36:16:
0c:c1:d8:c7:f1:4c:ff:62:98:da:25:c8:6b:20:ac:
e5:2c:fb:36:2f:d3:70:ef:d7:5d:fe:20:db:ff:ec:
f3:07:25:44:21:6f:4e:a2:f6:bd:9e:36:85:47:a0:
cb:cb:34:d2:2a:0e:58:ea:50:36:45:f9:d2:6f:56:
8c:29:d7:e7:e2:1c:64:99:a5:3c:eb:59:5d:94:b5:
af:be:33:e2:33:73:49:7a:e8:df:e1:5f:1e:86:22:
be:d6:5a:66:eb:80:47:46:f3:38:6a:e2:b0:3d:02:
1d:01:d9:da:15:16:4a:88:b4:86:da:d8:14:f4:3d:
e5:04:c0:c2:c4:8c:68:6d:ff:cd:4e:b8:15:16:f5:
3e:9a:58:44:7e:ff:70:13:e4:4c:87:2f:2b:6d:0f:
a4:c6:8e:90:aa:17:ec:f5:48:61:b6:5e:80:98:03:
3d:43:cc:51:8b:66:32:cb:f7:eb:bd:52:5e:6d:8d:
22:49:70:16:84:7b:2c:73:46:e3:7b:ac:f6:51:aa:
d5:72:19:1c:78:bb:84:36:c9:33:18:2a:27:da:1e:
af:59:5c:9b:3b:b0:b6:74:3b:d5:95:05:c9:36:04:
65:2d:2d:c1:82:8a:15:7f:be:44:b1:6b:71:ba:14:
9c:7b
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
a6:32:7d:e9:81:1c:06:11:b8:14:41:6c:72:ac:f9:42:df:7d:
60:b5:9d:7f:59:c6:f6:6f:53:24:7f:64:ec:42:c9:c5:9b:53:
4b:d0:a4:f8:6b:e3:57:d7:15:bb:09:d4:15:e8:8d:86:66:2c:
94:b7:d1:24:5b:5b:dc:7d:76:d3:cd:b8:9e:5f:14:82:23:5a:
aa:94:a4:db:0d:6a:1c:dc:72:1f:64:bd:bb:48:1d:4b:98:58:
ea:23:27:8a:b3:0a:85:a7:d1:2c:82:08:c8:75:4a:99:c6:59:
6f:e5:0a:56:3b:e6:c5:21:4f:fb:64:da:88:fd:1b:2a:f9:e1:
1f:25:2e:d2:d4:65:f7:01:16:9c:60:2f:5d:2c:76:6d:41:6f:
5b:bf:3a:68:17:6e:c6:f5:a2:2c:fb:3a:ee:0a:7e:6d:63:61:
7d:b0:e9:27:87:df:ed:31:2e:4b:59:a7:2f:13:ea:a6:6e:ab:
c4:3b:53:33:75:44:1e:08:14:f4:74:e2:85:ea:35:f4:78:9a:
8a:30:8a:e2:41:83:36:e0:27:0b:80:9a:14:ae:96:92:94:00:
8f:0d:32:4f:49:5f:06:e3:0f:38:5c:09:86:31:84:47:15:4f:
a1:d9:ac:38:e8:e4:90:86:6f:96:88:be:2c:6c:d1:97:2e:f4:
51:33:09:8b
-----BEGIN CERTIFICATE-----
MIIDODCCAiACAQEwDQYJKoZIhvcNAQELBQAwYjELMAkGA1UEBhMCS1IxDjAMBgNV
BAgMBVNlb3VsMQ4wDAYDVQQHDAVTZW91bDEQMA4GA1UECgwHY29udG9zbzEQMA4G
A1UECwwHY29udG9zbzEPMA0GA1UEAwwGcm9vdGNhMB4XDTIyMDcyNjA1MzgzOFoX
DTMyMDcyMzA1MzgzOFowYjELMAkGA1UEBhMCS1IxDjAMBgNVBAgMBVNlb3VsMQ4w
DAYDVQQHDAVTZW91bDEQMA4GA1UECgwHY29udG9zbzEQMA4GA1UECwwHY29udG9z
bzEPMA0GA1UEAwwGcm9vdGNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA8dlXgxLxauhWBG8WNhYMwdjH8Uz/YpjaJchrIKzlLPs2L9Nw79dd/iDb/+zz
ByVEIW9Oova9njaFR6DLyzTSKg5Y6lA2RfnSb1aMKdfn4hxkmaU861ldlLWvvjPi
M3NJeujf4V8ehiK+1lpm64BHRvM4auKwPQIdAdnaFRZKiLSG2tgU9D3lBMDCxIxo
bf/NTrgVFvU+mlhEfv9wE+RMhy8rbQ+kxo6Qqhfs9Uhhtl6AmAM9Q8xRi2Yyy/fr
vVJebY0iSXAWhHssc0bje6z2UarVchkceLuENskzGCon2h6vWVybO7C2dDvVlQXJ
NgRlLS3BgooVf75EsWtxuhScewIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCmMn3p
gRwGEbgUQWxyrPlC331gtZ1/Wcb2b1Mkf2TsQsnFm1NL0KT4a+NX1xW7CdQV6I2G
ZiyUt9EkW1vcfXbTzbieXxSCI1qqlKTbDWoc3HIfZL27SB1LmFjqIyeKswqFp9Es
ggjIdUqZxllv5QpWO+bFIU/7ZNqI/Rsq+eEfJS7S1GX3ARacYC9dLHZtQW9bvzpo
F27G9aIs+zruCn5tY2F9sOknh9/tMS5LWacvE+qmbqvEO1MzdUQeCBT0dOKF6jX0
eJqKMIriQYM24CcLgJoUrpaSlACPDTJPSV8G4w84XAmGMYRHFU+h2aw46OSQhm+W
iL4sbNGXLvRRMwmL
-----END CERTIFICATE-----
2. 서버 인증서 생성
1) 서버 개인키 생성
hwjung@jhaewon-z01:~$ openssl genrsa -aes256 -out contoso.com.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
..............................................................................................+++++
.................................+++++
e is 65537 (0x010001)
Enter pass phrase for contoso.com.key:
Verifying - Enter pass phrase for contoso.com.key:
2) 개인키 Passphrase 제거
hwjung@jhaewon-z01:~$ cp contoso.com.key contoso.com.key.enc
hwjung@jhaewon-z01:~$ openssl rsa -in contoso.com.key.enc -out contoso.com.key
Enter pass phrase for contoso.com.key.enc:
writing RSA key
3) 서버 인증서 요청 생성
hwjung@jhaewon-z01:~$ openssl req -new -key contoso.com.key -out contoso.com.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:KR
State or Province Name (full name) [Some-State]:Seoul
Locality Name (eg, city) []:Seoul
Organization Name (eg, company) [Internet Widgits Pty Ltd]:contoso
Organizational Unit Name (eg, section) []:contoso
Common Name (e.g. server FQDN or YOUR name) []:*.contoso.com
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
4) Self-Signed 인증서 생성
hwjung@jhaewon-z01:~$ openssl x509 -req -days 1825 -extensions v3_user -in contoso.com.csr -CA contoso-rootca.crt -CAcreateserial -CAkey contoso-rootca.key -out contoso.com.crt
Signature ok
subject=C = KR, ST = Seoul, L = Seoul, O = contoso, OU = contoso, CN = *.contoso.com
Getting CA Private Key
Enter pass phrase for contoso-rootca.key:
5) 생성된 인증서 내용 확인
hwjung@jhaewon-z01:~$ openssl x509 -text -in contoso.com.crt
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
22:1b:f3:2e:fd:c9:a1:9a:b4:73:00:03:d9:30:7d:17:97:0c:ee:53
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = KR, ST = Seoul, L = Seoul, O = contoso, OU = contoso, CN = rootca
Validity
Not Before: Jul 26 05:52:31 2022 GMT
Not After : Jul 25 05:52:31 2027 GMT
Subject: C = KR, ST = Seoul, L = Seoul, O = contoso, OU = contoso, CN = *.contoso.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:90:ff:56:36:80:46:7a:31:3e:93:9c:c7:4c:
6e:05:c9:1e:37:1a:10:6e:1e:ce:28:2d:ee:51:31:
92:ee:10:9b:95:ba:03:93:76:27:de:8a:2f:bd:ca:
90:b7:ed:00:56:51:18:13:79:3d:c9:d7:ec:b6:ed:
2e:1b:e1:80:78:62:d8:34:df:ef:89:59:1e:b4:9d:
79:8c:c6:ff:3a:8c:d5:93:da:be:52:55:f8:40:96:
b6:a1:fc:dd:93:e5:80:ac:4b:fb:10:4c:b7:0f:e5:
18:dc:24:5b:cd:81:6c:f0:06:4c:92:70:9f:b7:45:
a1:65:9b:cf:83:9d:c8:61:25:c6:1c:17:5f:36:4f:
1b:53:b6:f8:33:9e:0b:f1:ec:49:3b:c6:f4:12:e0:
77:c9:e4:f8:d6:7c:21:69:c1:44:cd:3f:89:30:8f:
57:25:7b:da:43:c2:35:a4:06:c3:dd:e4:ef:42:ec:
4e:e1:1f:8d:61:34:53:21:27:4c:82:71:06:d5:54:
b9:56:2d:a2:a2:95:de:06:dc:a0:3a:53:b4:01:a7:
0c:79:d9:41:92:41:f2:cf:e1:a1:b6:eb:a3:c9:81:
8f:dc:64:57:cc:52:8f:07:b7:80:2f:90:ce:61:aa:
b2:0a:ed:af:e2:70:1b:4d:36:82:ff:3d:c7:18:28:
c4:01
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
bf:5e:f7:e5:a4:09:f8:41:b2:67:c2:31:bd:de:c0:71:74:ee:
7e:02:0a:bd:61:ac:07:4e:f8:58:de:fe:57:e2:64:b9:f7:39:
e2:d7:b0:4b:16:ba:2a:50:14:ef:9e:53:db:82:dc:eb:2c:b6:
8b:36:57:fb:cf:17:2d:7b:a7:51:c1:b2:81:54:0b:cc:f7:a0:
f9:75:2f:d5:01:4f:d4:cb:ed:cd:98:14:e9:0a:d5:b8:82:82:
0f:a2:13:ee:b9:c4:c6:c3:ce:c6:65:da:0b:af:c0:0d:40:a1:
5e:84:b0:e1:24:37:cc:25:44:cc:1b:36:a8:dc:74:4a:ad:7b:
7b:3b:50:8e:6d:80:4d:71:2f:c8:ed:18:02:2e:37:8a:b4:21:
96:4c:fc:3d:63:7d:e1:10:38:4b:38:3d:3f:ca:2f:7c:72:1b:
11:d6:d8:c2:20:8c:f6:5c:8e:66:f7:9a:62:ac:1a:93:5c:1d:
4b:3f:bc:f4:72:52:7b:84:b8:1d:0d:f3:4d:bc:48:65:e5:9c:
c0:df:05:e1:1b:16:e6:34:2f:d3:c5:c0:2a:e7:ba:b3:dd:43:
e8:d7:36:8e:9e:2a:ab:cc:15:64:a5:da:1a:b5:f7:a8:92:ad:
54:ef:33:78:82:52:d6:56:36:6f:cb:52:cc:66:7d:f3:c0:c8:
14:4e:b0:1e
-----BEGIN CERTIFICATE-----
MIIDUjCCAjoCFCIb8y79yaGatHMAA9kwfReXDO5TMA0GCSqGSIb3DQEBCwUAMGIx
CzAJBgNVBAYTAktSMQ4wDAYDVQQIDAVTZW91bDEOMAwGA1UEBwwFU2VvdWwxEDAO
BgNVBAoMB2NvbnRvc28xEDAOBgNVBAsMB2NvbnRvc28xDzANBgNVBAMMBnJvb3Rj
YTAeFw0yMjA3MjYwNTUyMzFaFw0yNzA3MjUwNTUyMzFaMGkxCzAJBgNVBAYTAktS
MQ4wDAYDVQQIDAVTZW91bDEOMAwGA1UEBwwFU2VvdWwxEDAOBgNVBAoMB2NvbnRv
c28xEDAOBgNVBAsMB2NvbnRvc28xFjAUBgNVBAMMDSouY29udG9zby5jb20wggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRkP9WNoBGejE+k5zHTG4FyR43
GhBuHs4oLe5RMZLuEJuVugOTdifeii+9ypC37QBWURgTeT3J1+y27S4b4YB4Ytg0
3++JWR60nXmMxv86jNWT2r5SVfhAlrah/N2T5YCsS/sQTLcP5RjcJFvNgWzwBkyS
cJ+3RaFlm8+DnchhJcYcF182TxtTtvgzngvx7Ek7xvQS4HfJ5PjWfCFpwUTNP4kw
j1cle9pDwjWkBsPd5O9C7E7hH41hNFMhJ0yCcQbVVLlWLaKild4G3KA6U7QBpwx5
2UGSQfLP4aG266PJgY/cZFfMUo8Ht4AvkM5hqrIK7a/icBtNNoL/PccYKMQBAgMB
AAEwDQYJKoZIhvcNAQELBQADggEBAL9e9+WkCfhBsmfCMb3ewHF07n4CCr1hrAdO
+Fje/lfiZLn3OeLXsEsWuipQFO+eU9uC3Osstos2V/vPFy17p1HBsoFUC8z3oPl1
L9UBT9TL7c2YFOkK1biCgg+iE+65xMbDzsZl2guvwA1AoV6EsOEkN8wlRMwbNqjc
dEqte3s7UI5tgE1xL8jtGAIuN4q0IZZM/D1jfeEQOEs4PT/KL3xyGxHW2MIgjPZc
jmb3mmKsGpNcHUs/vPRyUnuEuB0N8028SGXlnMDfBeEbFuY0L9PFwCrnurPdQ+jX
No6eKqvMFWSl2hq196iSrVTvM3iCUtZWNm/LUsxmffPAyBROsB4=
-----END CERTIFICATE-----
6) 서버 인증서 + 서버 개인 키 + Root CA 인증서 합치기
hwjung@jhaewon-z01:~$ cat contoso.com.crt contoso.com.key contoso-rootca.crt > multi_part.pem
hwjung@jhaewon-z01:~$ cat multi_part.pem
-----BEGIN CERTIFICATE-----
MIIDUjCCAjoCFCIb8y79yaGatHMAA9kwfReXDO5TMA0GCSqGSIb3DQEBCwUAMGIx ## Server Certificate
CzAJBgNVBAYTAktSMQ4wDAYDVQQIDAVTZW91bDEOMAwGA1UEBwwFU2VvdWwxEDAO
BgNVBAoMB2NvbnRvc28xEDAOBgNVBAsMB2NvbnRvc28xDzANBgNVBAMMBnJvb3Rj
YTAeFw0yMjA3MjYwNTUyMzFaFw0yNzA3MjUwNTUyMzFaMGkxCzAJBgNVBAYTAktS
MQ4wDAYDVQQIDAVTZW91bDEOMAwGA1UEBwwFU2VvdWwxEDAOBgNVBAoMB2NvbnRv
c28xEDAOBgNVBAsMB2NvbnRvc28xFjAUBgNVBAMMDSouY29udG9zby5jb20wggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRkP9WNoBGejE+k5zHTG4FyR43
GhBuHs4oLe5RMZLuEJuVugOTdifeii+9ypC37QBWURgTeT3J1+y27S4b4YB4Ytg0
3++JWR60nXmMxv86jNWT2r5SVfhAlrah/N2T5YCsS/sQTLcP5RjcJFvNgWzwBkyS
cJ+3RaFlm8+DnchhJcYcF182TxtTtvgzngvx7Ek7xvQS4HfJ5PjWfCFpwUTNP4kw
j1cle9pDwjWkBsPd5O9C7E7hH41hNFMhJ0yCcQbVVLlWLaKild4G3KA6U7QBpwx5
2UGSQfLP4aG266PJgY/cZFfMUo8Ht4AvkM5hqrIK7a/icBtNNoL/PccYKMQBAgMB
AAEwDQYJKoZIhvcNAQELBQADggEBAL9e9+WkCfhBsmfCMb3ewHF07n4CCr1hrAdO
+Fje/lfiZLn3OeLXsEsWuipQFO+eU9uC3Osstos2V/vPFy17p1HBsoFUC8z3oPl1
L9UBT9TL7c2YFOkK1biCgg+iE+65xMbDzsZl2guvwA1AoV6EsOEkN8wlRMwbNqjc
dEqte3s7UI5tgE1xL8jtGAIuN4q0IZZM/D1jfeEQOEs4PT/KL3xyGxHW2MIgjPZc
jmb3mmKsGpNcHUs/vPRyUnuEuB0N8028SGXlnMDfBeEbFuY0L9PFwCrnurPdQ+jX
No6eKqvMFWSl2hq196iSrVTvM3iCUtZWNm/LUsxmffPAyBROsB4=
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA0ZD/VjaARnoxPpOcx0xuBckeNxoQbh7OKC3uUTGS7hCblboD ## Server Private Key
k3Yn3oovvcqQt+0AVlEYE3k9ydfstu0uG+GAeGLYNN/viVketJ15jMb/OozVk9q+
UlX4QJa2ofzdk+WArEv7EEy3D+UY3CRbzYFs8AZMknCft0WhZZvPg53IYSXGHBdf
Nk8bU7b4M54L8exJO8b0EuB3yeT41nwhacFEzT+JMI9XJXvaQ8I1pAbD3eTvQuxO
4R+NYTRTISdMgnEG1VS5Vi2iopXeBtygOlO0AacMedlBkkHyz+GhtuujyYGP3GRX
zFKPB7eAL5DOYaqyCu2v4nAbTTaC/z3HGCjEAQIDAQABAoIBAGaMs8Y2aVMTnGFo
zoFgTz6ZiiWgpYWdoXhb8ZDd126Txe7g1bslSKFHsdEH/QVj/pQ+nq941tmcxgNF
0RhnovxGMlK9enQVnkb4AHD5OBAotqLhmdykoRTKK5jdKnijB/JIRBVX1QT8MMwZ
JqtLuElEa9gFMML4WeBk/IkFfva6KGATMyLRKaOVVDup5UqorjfN5HWSTM89qJPv
pFqyQecqtsJeAGvjqfBxADbe1edAqiQhhtu4v5GsVgPiNmPI8fJuajNN9K3swHSh
KIn17Y7mvBwszfsxzCKjsllcddn4w5dG0F/X897KuT1RVDZ5bX7mljoMmVrXXl/F
QeRzrfkCgYEA8zn+NXpBp8dLbwzjby0ioihd6wlK3nYroTFd5s1/SrzOylATR5r1
7Qr6lJPTsi3wT+WMI1AD6sxG3nX1th4KJvSusoly+Yvi8D2LBKpwSyR5EgKncoLj
j5djela8tpvs4vAvH+xDePpNKz+ZPJS+rsECzaL6SH+SjdWPqFlSInsCgYEA3JJ3
x0MI7fqOLnIdcc1gjCu5ZsG4MTTcGYtI6tBxUw7jCkmLcdrb1gonfoQQzUa5pwFz
j1KXg4a8QPzu3gL00njK9vbwhtxJilQzukkw9LIKJQmF7XUhwfAf2y6Sx0Huay2d
EuksIP+d5hNXVPFz8JM2Z9KWeg7R8X9qYgpjeLMCgYBH0Szdb37pYnBElwKktigO
x2qL1s+ThkL1spTubGkUkVFh7Wjz8K6C0oYQzuFoMCZQARBy8NJnRu/6CcyGfLI0
tHTM5MbdJk/Y7eMZepXzqg5RohT9O+ajZGkMG4ZXSQ0WKSNRArsdgpK8nWfKuoTf
JsCEJYZPV9PXK2Liq5UT9wKBgQCbey+tqYZA4q6Y9N3mm4QkKqotUf65yO4hn3pN
85L+nm7SkJcYMdNnJI9Ecmm5mdJCdBZ2gBzHnRFUqjbjDqhvOLCxt85C8kNwm/w+
o1s8Echu5TCf+0JJiC+cfE8A4Gvk5yli7DSsKiOuzBFykiVM/yiJtPtXnNzG5C8k
XvhRWwKBgQDP7In8cXjWVF5GcwdXBs/OKeq1G9ZPvkS7wRd9PE9WbYwamxDhTtYh
ozUF1sRDbSlsZ/YA+qMsny0sq8rF3tf6Rg8A2Zc7E/aRnZxhgFAym7g/n587d622
aqNpbP1HzjPrVwIXr3m7ucLKoBI1+4PaUnLv1BIK5P/wrFZt0T5bNA==
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIDODCCAiACAQEwDQYJKoZIhvcNAQELBQAwYjELMAkGA1UEBhMCS1IxDjAMBgNV ## Root CA Certificate
BAgMBVNlb3VsMQ4wDAYDVQQHDAVTZW91bDEQMA4GA1UECgwHY29udG9zbzEQMA4G
A1UECwwHY29udG9zbzEPMA0GA1UEAwwGcm9vdGNhMB4XDTIyMDcyNjA1MzgzOFoX
DTMyMDcyMzA1MzgzOFowYjELMAkGA1UEBhMCS1IxDjAMBgNVBAgMBVNlb3VsMQ4w
DAYDVQQHDAVTZW91bDEQMA4GA1UECgwHY29udG9zbzEQMA4GA1UECwwHY29udG9z
bzEPMA0GA1UEAwwGcm9vdGNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA8dlXgxLxauhWBG8WNhYMwdjH8Uz/YpjaJchrIKzlLPs2L9Nw79dd/iDb/+zz
ByVEIW9Oova9njaFR6DLyzTSKg5Y6lA2RfnSb1aMKdfn4hxkmaU861ldlLWvvjPi
M3NJeujf4V8ehiK+1lpm64BHRvM4auKwPQIdAdnaFRZKiLSG2tgU9D3lBMDCxIxo
bf/NTrgVFvU+mlhEfv9wE+RMhy8rbQ+kxo6Qqhfs9Uhhtl6AmAM9Q8xRi2Yyy/fr
vVJebY0iSXAWhHssc0bje6z2UarVchkceLuENskzGCon2h6vWVybO7C2dDvVlQXJ
NgRlLS3BgooVf75EsWtxuhScewIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCmMn3p
gRwGEbgUQWxyrPlC331gtZ1/Wcb2b1Mkf2TsQsnFm1NL0KT4a+NX1xW7CdQV6I2G
ZiyUt9EkW1vcfXbTzbieXxSCI1qqlKTbDWoc3HIfZL27SB1LmFjqIyeKswqFp9Es
ggjIdUqZxllv5QpWO+bFIU/7ZNqI/Rsq+eEfJS7S1GX3ARacYC9dLHZtQW9bvzpo
F27G9aIs+zruCn5tY2F9sOknh9/tMS5LWacvE+qmbqvEO1MzdUQeCBT0dOKF6jX0
eJqKMIriQYM24CcLgJoUrpaSlACPDTJPSV8G4w84XAmGMYRHFU+h2aw46OSQhm+W
iL4sbNGXLvRRMwmL
-----END CERTIFICATE-----
3. 인증서 검증
root@vRealizeClusterNode [ /tmp ]# $VMWARE_PYTHON_BIN /usr/lib/vmware-casa/bin/vropsCertificateTool.py -i multi_part.pem -v
Found section: CERTIFICATE
description:
subject = /C=KR/ST=Seoul/L=Seoul/O=contoso/OU=contoso/CN=*.contoso.com
issuer = /C=KR/ST=Seoul/L=Seoul/O=contoso/OU=contoso/CN=rootca
not before 2022-07-26 05:52:31
not after 2027-07-25 05:52:31
signature algorithm = b'sha256WithRSAEncryption'
Found section: RSA_PRIVATE_KEY
description:
Key Size = 2048 bits
Found section: CERTIFICATE
description:
subject = /C=KR/ST=Seoul/L=Seoul/O=contoso/OU=contoso/CN=rootca
issuer = /C=KR/ST=Seoul/L=Seoul/O=contoso/OU=contoso/CN=rootca
not before 2022-07-26 05:38:38
not after 2032-07-23 05:38:38
signature algorithm = b'sha256WithRSAEncryption'
Input file is valid.
4. 인증서 교체
1) Admin 페이지 로그인
https://<vrops ip address>/admin
2) 우측 상단에 있는 인증서 아이콘 클릭
3) Install New Certificate 선택
4) 이전 단계에서 생성 한 확장자 pem 파일 탐색 후 Install을 클릭하면 완료
※ 신뢰하는 저장소에 Root CA 인증서 추가
추가로, vROPS에 Browser로 접속하는 Client PC에 Root CA의 인증서가 설치되어 있어야 합니다.
시작 → 실행 → mmc → File → Add/Remove Snap-in 에서 Certificates 추가
추가 시 Compute account 라디오 버튼 선택
Trusted Root Certification Authorities > Certificates 우클릭 > Import
위에서 생성한 Root CA 인증서 선택
인증서 저장 위치는 Trusted Root Certification Authorities 그대로 유지
Client PC에 Root CA 인증서가 정상적으로 추가된 후에 vROPS에 접속하면, 다음과 같이 Root CA 인증서가 정상적인 것을 확인할 수 있습니다.
'Management' 카테고리의 다른 글
| [vRA] Missing Transport Zones in Aria Automation (0) | 2023.09.12 |
|---|---|
| [LogInsight] Cassandara Database 접속 방법 및 기본 정보 조회 (0) | 2023.08.06 |
| [Operations] SNMP on vROPS (0) | 2023.08.06 |
| [Operations] SDMP와 Telegraf Agent 차이 (0) | 2023.08.06 |
| [Operations] NTP for vROPS nodes (0) | 2023.08.06 |
