OpenSSLで証明書に署名する

# openssl genrsa 2048 > master.example.com.key
Generating RSA private key, 2048 bit long modulus
…………………………………………………………..+++
……………………………………………………………………………………………………………………+++
e is 65537 (0x10001)
# openssl req -new -key master.example.com.key > master.example.com.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:Tokyo
Locality Name (eg, city) []:Chiyoda
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Example Corp.
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:master.example.com
Email Address []:

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
# openssl x509 -req -days 730 -CA example_root.crt -CAkey example_root.key -set_serial 1 < master.example.com.csr > master.example.com.crt
Signature ok
subject=/C=JP/ST=Tokyo/L=Chiyoda/O=Example Corp./CN=master.example.com
Getting CA Private Key
# openssl verify -CAfile example_root.crt master.example.com.crt
master.example.com.crt: OK