새 인증서 만들기(CLI)

새 인증서를 만들려면 다음 단계를 수행하십시오.

1. 새 CSR을 만들려면 configuration services identity certificates 컨텍스트를 입력하고 create 명령을 입력합니다.

   또는 기존 CSR이나 인증서를 기반으로 새 CSR을 만들려면 위 컨텍스트를 입력한 후 clone CSR or certificate number 명령을 입력합니다. 예를 들면 다음과 같습니다.

   hostname:configuration services identity certificates> clone cert-000

2. CSR 양식을 완성하려면 다음 CLI 명령을 사용합니다.

   hostname:configuration services identity cert (uncommitted)> get
                    subject_commonname = hostname.us.example.com
              subject_organizationname = (unset)
        subject_organizationalunitname = (unset)
                  subject_localityname = (unset)
           subject_stateorprovincename = (unset)
                   subject_countryname = (unset)
                  subject_emailaddress = (unset)
                                   dns = hostname.us.example.com
                                    ip = 192.0.2.1
                                   uri = (unset)
                               comment = (unset)
   hostname:configuration services identity cert (uncommitted)> set comment="test certificate"
                               comment = test certificate (uncommitted)
   hostname:configuration services identity cert (uncommitted)> commit

3. CSR을 보려면 다음 명령을 사용합니다.

   hostname:configuration services identity certificates> show
   Properties:
                   default = auto
   Certificates:
   CERT     TYPE FOR                       ISSUER                    EXPIRES   
   cert-000 req  hostname.us.example.com     
   cert-001 CA   Joe Test CA              Joe Test CA               2015-1-2
   cert-002 cert hostname.us.example.com  Joe Test CA               2015-12-3

   hostname:configuration services identity certificates> dump cert-000
   -----BEGIN CERTIFICATE REQUEST-----
   MIICwzCCAasCAQIwIjEgMB4GA1UEAxMXaG9zdG5hbWUudXMuZXhhbXBsZS5jb20w
   ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDU4ErPuRrVfy21K2qyfgY9
   P4bSXMlZxP48HKI/jVuS4MNeVHCL3TILvuixXx217qjacCkiIKDG5z1TFIApt2Ee
   4rU7PC1YgYw8HAHDq+GJbSV2CWlVC78muNFntSuzsFAljdTr/f/5qQdQwfxvJ+Oi
   a4JU03mTn2eUP75EA9ASEmGWH/V3bnWdzuOuc/LFuXRSmb3WOgwYrIeHk6mcJzEE
   zZtLIF9KQQzSisu4m2JjcScta0YSWIC0TPOwar5Gc8vIoIC7gJahw4/WvZAFNZ/8
   c/nVBs4/hXhyGMDSII0yULI03U8jJN3GgssW+4C0KmcgQJMzWJ2Cax4GsSuu8MDh
   AgMBAAGgXDBaBgkqhkiG9w0BCQ4xTTBLMB8GCWCGSAGG+EIBDQQSFhB0ZXN0IGNl
   cnRpZmljYXRlMCgGA1UdEQQhMB+CF2hvc3RuYW1lLnVzLmV4YW1wbGUuY29thwTA
   AAIBMA0GCSqGSIb3DQEBCwUAA4IBAQByGSGrS/DoStsAYyYCYu6y4TN5i903ASlW
   m9+CXXbNj6XYXgWssqDOvJOnW/TGoGHN3f3741Xgbf6snFQ3T1MN9Dm6rcZ95tOM
   PlxfVY9ar8WyGSE8ttunxPDjNbBRoK0aR7qMq5JMH0rKS9Iuz9WghiaGLw7WBalN
   akCjxFS8yh5sVqF9zAqoa0ObuXnQ3kfTDVzYvroy2yummBfxrJB5t35bbTqZNT/f
   bRoSMtroHL+iWBx1zK+A7OS5/+ZuoW8PqpHRkf0/j7Y9Jz1tfhTVyu1bbxE6ZyLD
   lhwblMXqR/3xptwym1vy5dYBJsQLKroA8nr/xFb3nhJB8nI+dxSN
   -----END CERTIFICATE REQUEST-----

4. 정해진 방식으로 CSR을 복사하여 CA에 전송합니다.
5. CA로부터 서명된 인증서를 받으면 configuration services identity certificates 컨텍스트를 입력하고 import 명령을 입력합니다.

   hostname:configuration services identity certificates> import
   ("." to end)> -----BEGIN CERTIFICATE-----
   ("." to end)> MIID0DCCArigAwIBAgIBQDANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMCVVMx
   ("." to end)> EzARBgNVBAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC0xvcyBBbmdlbGVzMQ8wDQYD
   ("." to end)> VQQKDAZPcmFjbGUxEDAOBgNVBAsMB1N5c3RlbXMxFDASBgNVBAMMC0pvZSBUZXN0
   ("." to end)> IENBMSUwIwYJKoZIhvcNAQkBFhZGaXJzdC5MYXN0QGV4YW1wbGUuY29tMB4XDTE0
   ("." to end)> MTIwNDAwMzEzM1oXDTE1MTIwNDAwMzEzM1owIjEgMB4GA1UEAxMXaG9zdG5hbWUu
   ("." to end)> dXMuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDU
   ("." to end)> 4ErPuRrVfy21K2qyfgY9P4bSXMlZxP48HKI/jVuS4MNeVHCL3TILvuixXx217qja
   ("." to end)> cCkiIKDG5z1TFIApt2Ee4rU7PC1YgYw8HAHDq+GJbSV2CWlVC78muNFntSuzsFAl
   ("." to end)> jdTr/f/5qQdQwfxvJ+Oia4JU03mTn2eUP75EA9ASEmGWH/V3bnWdzuOuc/LFuXRS
   ("." to end)> mb3WOgwYrIeHk6mcJzEEzZtLIF9KQQzSisu4m2JjcScta0YSWIC0TPOwar5Gc8vI
   ("." to end)> oIC7gJahw4/WvZAFNZ/8c/nVBs4/hXhyGMDSII0yULI03U8jJN3GgssW+4C0Kmcg
   ("." to end)> QJMzWJ2Cax4GsSuu8MDhAgMBAAGjgZkwgZYwCQYDVR0TBAIwADAdBgNVHQ4EFgQU
   ("." to end)> aB36PqLQLE0+q9Au7PoefvdSnvkwHwYDVR0jBBgwFoAUzD6A5miqxSmbDEtBAI4u
   ("." to end)> LUPMZU8wHwYJYIZIAYb4QgENBBIWEHRlc3QgY2VydGlmaWNhdGUwKAYDVR0RBCEw
   ("." to end)> H4IXaG9zdG5hbWUudXMuZXhhbXBsZS5jb22HBMAAAgEwDQYJKoZIhvcNAQEFBQAD
   ("." to end)> ggEBAFAmjiCrhnTaulpDCU0H9mFLee7Tft0lvCOh1G1Y33sjwWwVgy0F5A3ymrdG
   ("." to end)> enQgEGdl+CzoxL2qM0bpp7Qk/DdEcYdCydpOhfyg18S6mRwaFDvBidZZ+PRR7zo5
   ("." to end)> hGFu+eLPddeAq0jqOtlhnlkTESSyseUk5PCv5Px5xTtIHRg2bcb5VtUCu0iW2hDT
   ("." to end)> vyPtjqb0aP6eTuWzDZaM9YWQ5BfIcU6hO+zSWHywhCsDs4S62vh8hYozVf66mgsp
   ("." to end)> vaGPnv01xBigK+FcPi9PzomHwv+5UKDBOm6QOKkHOdO908jFxxCC1SYw6G/Cjl+g
   ("." to end)> 2ai9ZwREdTkcjcgQDxeHNZCpcHk=
   ("." to end)> -----END CERTIFICATE-----
   ("." to end)> .

6. 가져온 인증서를 확인하려면 show 명령을 사용하여 모든 인증서 항목을 확인합니다.

   hostname:configuration services identity certificates> show
   Properties:
                   default = auto
   Certificates:
   CERT     TYPE FOR                       ISSUER                    EXPIRES   
   cert-000 req  hostname.us.example.com  Joe Test CA               2015-12-4
   cert-001 CA   Joe Test CA              Joe Test CA               2015-1-2
   cert-002 cert hostname.us.example.com  Joe Test CA               2015-12-3