Azureはじめました

Windows Azureで業務システムを組んでみる日記

RDゲートウェイで利用できるオレオレサーバー証明書をopensslで作る

RDゲートウェイは便利なんだけど、備え付けのオレオレ証明書発行が半年の証明書しか作れなかったのでこれをOpenSSLで作って楽しようというログ

下ごしらえ

openSSLのオプションだけだとextendedKeyUsaseが設定できないので、configに拡張設定しておく

#/etc/pki/tls/openssl.cnf

[ server_auth_win ]
extendedKeyUsage = serverAuth

で、この設定を使ってサーバー認証用のキーを作る

# openssl req -x509 -extensions 'server_auth_win' -nodes -days 3650 -newkey rsa:4096 -keyout myserver.key -out myserver.crt
Generating a 4096 bit RSA private key
................................++
.....................................................................................................................................................................................................................................................................................................................................................................................++
writing new private key to 'myserver.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:JP
State or Province Name (full name) []:tokyo
Locality Name (eg, city) [Default City]:chuou-ku
Organization Name (eg, company) [Default Company Ltd]:hoge company
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:site.fqdn.name
Email Address []:

これでサーバー認証用の10年キーができるので、最後にこれらを使ってpfxを作る

# openssl pkcs12 -export -in myserver.crt -inkey myserver.key -out myserver.pfx -name "myserver"
Enter Export Password:
Verifying - Enter Export Password:

このpfxをRDゲートウェイにインポートすればOK