RDゲートウェイで利用できるオレオレサーバー証明書をopensslで作る
RDゲートウェイは便利なんだけど、備え付けのオレオレ証明書発行が半年の証明書しか作れなかったのでこれをOpenSSLで作って楽しようというログ
下ごしらえ
openSSLのオプションだけだとextendedKeyUsaseが設定できないので、configに拡張設定しておく
#/etc/pki/tls/openssl.cnf [ server_auth_win ] extendedKeyUsage = serverAuth
で、この設定を使ってサーバー認証用のキーを作る
# openssl req -x509 -extensions 'server_auth_win' -nodes -days 3650 -newkey rsa:4096 -keyout myserver.key -out myserver.crt Generating a 4096 bit RSA private key ................................++ .....................................................................................................................................................................................................................................................................................................................................................................................++ writing new private key to 'myserver.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:JP State or Province Name (full name) []:tokyo Locality Name (eg, city) [Default City]:chuou-ku Organization Name (eg, company) [Default Company Ltd]:hoge company Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []:site.fqdn.name Email Address []:
これでサーバー認証用の10年キーができるので、最後にこれらを使ってpfxを作る
# openssl pkcs12 -export -in myserver.crt -inkey myserver.key -out myserver.pfx -name "myserver" Enter Export Password: Verifying - Enter Export Password:
このpfxをRDゲートウェイにインポートすればOK