OpenStack 의 Octavia 는 로드밸런싱 기능을 제공하는 컴포넌트로, HTTPS 트래픽을 처리할 때 ‘TERMINATED_HTTPS’ 프로토콜을 사용하는 리스너를 설정할 수 있습니다. 이 리스너는 HTTPS 트래픽을 로드밸런서에서 종료(Terminate)하고, 이후 백엔드 서버와는 HTTP 로 통신하도록 구성됩니다. 이를 위해서는 TLS 인증서와 개인키가 필요하며, 이 데이터를 PKCS#12 형식으로 묶어 Barbican 의 secret 으로 저장해야합니다.
Barbican 은 OpenStack 의 키 관리 서비스로, 비밀 데이터(secret)를 안전하게 저장하고 관리합니다.
이 실습은 HTTPS 트래픽 처리를 위해 Octavia 와 Barbican 을 사용하여 로드밸런서를 구성하는 과정에서 필요했던 PKCS#12 파일 생성 방법을 이해하기 위해 진행되었습니다.
- 디렉토리 위치 정하기
- RSA 키 생성
- 인증서 생성
- PKCS#12 파일 생성
- 결론
OpenSSL 명령어를 사용하여 공개키와 개인키, 인증서를 생성합니다. 이후, PKCS#12 를 생성하고, 비밀번호를 사용하여 암호화하고, 확인해보겠습니다.
1. 디렉토리 위치 정하기
결과물을 저장할 디렉토리를 만들고, 생성 및 확인 작업을 진행합니다.
$ mkdir goinfre/pkcs12_test
$ cd goinfre/pkcs12_test
2. RSA 키 및 인증서 생성
RSA 는 공개키와 비밀키를 생성하는 암호화 알고리즘입니다.
인증서는 공개키를 주고받을 때, 공개키의 소유자를 증명하기 위해서 사용합니다.
비밀키로 전자 서명을 진행하고, 공개키와 함께 인증서에 추가합니다.
공개키를 사용하는 사람은 비밀키로 암호화된 전자서명을 복호화하면서 인증 및 무결성을 보장받습니다.
참고 https://blog.naver.com/cyoonseok/222206173634
실습을 위해서 RSA 알고리즘을 적용하여 공개키와 비밀키를 생성하고, 자체 서명된 인증서(self signed certificate, X.509 를 따르는) 를 생성하겠습니다.
- RSA 개인키 생성
openssl genpkey -algorithm RSA -out private.key -pkeyopt rsa_keygen_bits:4096
더보기
확인 방법
$ openssl rsa -in private.key -text -noout
Private-Key: (4096 bit, 2 primes)
modulus:
00:92:b8:c8:67:1a:58:d2:3f:ad:69:3e:10:93:1e:
dd:c1:ae:6d:57:6c:39:c4:f3:0c:4a:44:62:49:da:
55:8a:1a:f4:df:a2:c3:06:e6:ff:bc:91:dd:05:c2:
cc:5f:30:e3:c4:44:63:06:93:fb:fd:6a:ac:2c:51:
13:1d:23:2b:20:db:e4:ce:27:0a:d9:f9:89:59:39:
19:a4:94:d7:e7:a4:ea:0b:79:b2:da:72:75:5e:85:
61:6d:b4:80:8b:47:42:f9:41:c8:7c:34:a2:56:49:
f5:f0:b3:3a:2b:46:98:f1:b8:50:cf:95:75:ee:4f:
a3:57:3d:71:e2:73:07:0c:d8:08:81:50:97:b6:ca:
f5:a8:5c:e9:80:5e:84:d2:b8:f4:ed:26:bc:69:f7:
40:ed:98:a6:4c:0f:dd:a8:1c:9c:42:ee:7e:eb:ff:
68:f2:ec:f2:c7:c5:45:e9:c5:d5:b5:e2:40:dd:22:
ca:bc:90:8c:5d:c6:11:ec:39:e3:db:01:dd:ca:90:
a2:5d:d6:58:03:1b:5d:2e:b2:04:f8:0c:ed:ac:fb:
bf:ad:43:b6:9e:92:96:1a:49:52:0f:27:38:8b:f0:
fe:f7:e4:3d:89:46:85:23:25:61:8e:b2:50:af:cc:
5f:03:6a:b1:3d:32:9b:0c:4d:eb:ec:9e:c6:33:0b:
6a:31:ef:9c:91:e8:66:42:db:b2:b6:d3:bb:a1:97:
d0:b3:5b:74:c6:b1:b4:33:96:8b:86:7e:2c:2c:e2:
c8:a3:6e:bf:23:82:12:a5:11:85:84:04:6a:65:27:
c8:b9:e7:4c:2c:4e:04:85:7e:ef:ee:b2:7b:4d:55:
19:5a:ee:c8:93:50:64:c7:8c:94:ab:cb:b2:e4:fa:
dc:36:43:dd:cd:f3:31:93:20:12:59:40:e8:58:19:
45:3c:33:e0:ea:90:24:d1:22:97:a9:1e:bc:fd:93:
89:ed:93:5b:0f:14:1a:09:08:07:ae:94:51:d7:57:
60:99:be:f6:a8:2a:e7:38:d6:14:e3:fc:fc:83:83:
11:b3:77:fc:b1:e5:61:32:38:53:e4:c1:33:3a:55:
ef:fa:3d:9a:b3:eb:bd:7e:de:cc:a8:db:cc:8b:3b:
1d:8f:f6:e2:18:d3:31:97:bd:3d:40:70:84:17:0c:
d6:1c:12:d1:8f:76:00:eb:58:d9:4f:26:bd:64:0c:
53:6d:d5:bd:b3:b2:5f:bb:3d:59:74:08:d3:ff:03:
d5:b8:b0:ed:19:e6:ad:16:3a:5e:d3:9e:e8:e4:44:
2a:9a:41:07:f9:7e:bd:54:99:3b:af:aa:8d:f0:77:
eb:fb:99:53:9a:6d:a9:e3:10:59:be:24:47:ea:4f:
5d:e6:95
publicExponent: 65537 (0x10001)
privateExponent:
0a:11:55:e7:05:3e:cd:06:83:8e:b2:2c:8e:fb:d2:
39:a5:0f:69:ad:4a:75:82:3b:f8:a8:a2:99:f0:ba:
67:e4:9b:a2:f0:d7:33:15:0c:bd:52:c0:f8:d1:3a:
16:da:12:f6:f7:be:57:c8:35:c5:58:d9:81:9c:fa:
93:c8:43:00:59:36:65:12:f6:c2:a8:45:cd:72:86:
98:ed:81:b7:2a:70:c8:e2:cb:ec:03:68:9c:58:c8:
ab:af:74:16:9a:88:34:f4:57:9e:76:3a:21:73:a7:
c5:a1:76:bf:5b:73:c9:3a:5d:89:30:f7:4b:a7:f9:
4c:56:32:07:58:df:45:f9:58:f4:0e:a4:aa:6d:58:
d7:f9:b0:28:17:d4:43:65:5f:a1:1a:44:59:7d:16:
de:76:d8:0a:66:18:4e:9d:cf:f7:23:c8:5f:c7:41:
db:51:79:03:4e:3d:12:e2:79:5c:a6:ae:ce:bd:c1:
6d:98:f9:98:c1:ab:9f:2b:05:c0:94:6b:34:a8:22:
0c:10:56:2f:b8:63:f7:7d:4d:ab:fb:af:1f:6c:92:
e5:7f:bc:fb:3a:91:c4:31:fd:c8:7e:67:79:ea:ca:
84:16:0c:46:ec:28:dc:95:87:11:34:99:26:c6:fe:
4a:0c:bb:26:b8:df:3c:c3:e8:09:6f:87:a8:1f:03:
65:59:32:4d:3d:3a:78:6d:ae:d1:78:71:b1:c6:d0:
3b:13:0b:aa:fe:3d:fd:f3:22:bc:f8:69:a1:25:aa:
f9:46:40:9e:4b:bf:5f:5a:65:5f:ec:a8:aa:30:78:
5d:48:03:6c:ed:d4:5e:a5:38:4e:e1:d2:e7:f4:f6:
c4:31:45:36:41:5b:05:82:01:50:78:a4:88:64:f4:
c3:67:57:0c:76:e4:ad:e3:e3:61:8f:aa:24:43:86:
ea:66:d3:8e:46:98:fd:72:f7:53:09:04:43:69:f0:
98:02:09:2b:7e:7e:a3:0b:5f:27:67:72:51:5f:f8:
08:d1:d1:24:42:c0:08:bb:be:4d:b3:1a:56:61:0b:
54:5c:91:14:28:c4:2b:cf:b3:67:2e:07:9f:ae:5e:
59:25:a2:ba:cd:b6:06:e3:dc:84:bc:52:92:67:79:
c4:5a:0b:7b:71:81:82:4d:20:eb:31:75:76:b9:56:
fe:a9:7a:08:04:8a:e1:ff:16:50:2e:d9:bb:0d:a5:
ec:59:34:af:13:e6:8b:3c:33:fa:3f:f8:53:44:22:
a5:f2:f9:6e:2d:c1:d2:3c:e6:cd:b9:ec:a2:bb:42:
bf:4a:59:ba:f2:c0:68:20:ae:f2:f2:3a:f9:59:11:
7b:67:e8:1f:9b:d5:32:b5:32:2b:70:ab:40:35:dc:
78:c1
prime1:
00:c5:ef:6b:70:08:d3:f8:66:cc:90:35:2e:91:bf:
b2:32:55:81:80:b4:99:71:8a:c0:0a:9e:52:8e:b4:
ab:21:81:55:09:f8:c2:54:ea:d4:88:97:35:91:46:
a0:c2:a5:7f:d7:8f:e5:93:78:ad:88:16:c4:a5:fc:
ab:9e:fa:df:bf:75:5b:5f:94:e0:01:34:e7:d3:b6:
c9:a5:08:41:80:cf:16:86:a2:a3:1f:28:17:63:21:
f2:8c:83:2e:64:c1:f3:21:85:af:bc:0f:a1:7f:d6:
5e:c6:99:32:bd:57:22:53:7f:b3:1f:61:42:ec:96:
eb:db:95:71:cb:69:f1:26:5c:fb:4b:9a:2c:78:98:
96:b2:cf:71:33:7f:7c:1c:09:c5:01:21:32:1f:2f:
11:d5:04:95:61:e5:34:f7:56:64:12:8b:c7:2f:d1:
3c:e2:f0:9e:62:2b:ad:b2:c4:37:06:61:25:83:2d:
b2:34:ad:8e:8f:e9:4b:82:36:c9:e5:27:10:2a:07:
b5:76:11:92:02:13:16:7b:48:b6:a9:2e:23:cb:73:
7a:69:d9:bf:11:62:31:36:ec:6c:21:60:48:74:9f:
3c:90:62:97:e6:ea:a0:ea:fa:23:3a:0c:5c:12:40:
46:0d:5d:eb:a1:54:2a:75:18:d1:82:d8:00:ff:0b:
94:25
prime2:
00:bd:c3:53:b2:63:d4:18:56:9b:cd:bb:f2:ae:83:
34:c7:0d:47:79:3d:4c:c6:11:1b:6f:40:1d:a7:ec:
a3:03:2f:8b:29:29:97:7e:1d:33:53:08:22:f1:46:
65:67:54:3f:34:a1:91:e1:d9:0c:8e:c4:4c:1f:0b:
c4:c5:64:2f:a2:65:61:fb:fe:cd:1a:4d:a7:e7:d5:
a6:39:7a:88:a2:d2:3f:16:08:a5:f6:46:9a:ac:bc:
15:5a:4a:25:79:b3:d0:83:d8:14:59:70:23:89:7b:
8b:76:55:0b:18:4e:1d:11:e1:41:9d:08:36:ed:4c:
39:7b:34:b0:f1:51:b4:16:78:20:2c:66:a3:95:f5:
df:77:46:99:cb:4f:26:17:c7:b6:20:58:4b:d7:e9:
69:10:69:eb:47:7a:53:3f:1b:26:da:07:66:2b:48:
02:06:58:e2:f5:b8:e7:37:17:46:6b:2e:42:f4:4c:
3f:b7:0c:a2:a6:f7:50:f0:84:d8:a5:0b:17:10:85:
8e:dd:e0:9a:1c:d2:cf:fa:dd:c3:b2:0b:92:36:bc:
dd:b1:bc:22:59:e0:0b:0e:6e:70:c8:f0:eb:0f:0c:
28:f8:5f:66:b0:65:2e:77:7c:f1:c2:50:88:62:18:
12:25:01:7e:86:d6:92:9d:23:a0:b3:0b:8e:65:2c:
c5:b1
exponent1:
7c:7b:16:16:5f:76:ef:c1:b6:e4:fa:8d:4f:1c:3f:
f5:67:d1:0a:20:8a:5f:dd:e2:e8:ca:a9:21:16:7e:
89:93:cc:e7:78:8a:be:dc:f0:cc:f6:4b:ba:11:b1:
08:b9:0c:ad:84:d1:dc:ed:08:35:8e:1c:1e:47:c9:
a7:32:1f:85:49:49:2d:d3:73:0d:4f:38:7c:ed:77:
e3:52:4d:df:b4:5d:76:4e:d2:47:c5:ee:ef:69:6a:
20:f4:5f:38:fe:c0:e9:54:2a:31:1b:a3:75:c2:5b:
d8:8a:80:5e:93:6e:03:15:4c:91:6f:99:a7:31:43:
23:d5:d8:bb:14:e5:94:3a:e5:cf:a6:26:51:b1:a5:
14:cf:61:62:01:cb:0b:d7:19:0e:9c:d1:e8:ca:b1:
6c:46:75:ac:1b:7a:34:13:20:dc:89:0b:bc:06:db:
43:de:0f:bd:ad:ba:8f:b2:d6:e8:2c:30:6b:4f:51:
c3:cf:62:d9:1e:df:5e:05:16:f4:06:9d:23:d1:b5:
4d:8b:bf:47:8e:b9:94:cf:26:11:3f:f3:43:00:5c:
fc:34:f4:f4:f9:cb:f9:be:b6:42:47:4b:4a:0c:db:
09:f2:f7:95:41:f9:f1:cd:5e:5a:23:6b:c4:0e:a7:
ff:c0:11:70:64:7e:4f:26:4c:9c:fd:3b:a3:2a:a5
exponent2:
11:99:51:e3:d3:7a:52:1f:86:27:98:6c:b3:5e:9b:
c0:72:2c:d4:c3:a8:a1:1d:e9:0b:72:48:cd:d0:16:
76:2f:2c:9a:ce:ae:ac:15:8d:33:00:28:2d:74:37:
e7:53:5a:e1:48:b2:bc:dd:62:5a:c3:3d:c4:0b:55:
5e:71:22:31:cf:71:3c:eb:ae:9d:e7:e1:d0:90:71:
f0:16:bb:21:4e:9a:67:32:ba:21:92:fe:b9:52:60:
30:95:7b:d0:43:aa:ec:ef:57:43:cc:30:9f:89:83:
af:9f:c7:7d:a3:90:f2:9d:8f:76:3e:d2:c9:43:2e:
79:8c:b3:74:4d:fd:83:af:f4:5b:e9:d0:f6:11:6d:
7e:24:60:13:08:ee:21:7a:76:1b:9d:d4:ba:db:7c:
d0:f6:e1:c9:29:41:1b:33:2b:71:41:0a:6a:ad:2c:
f2:e5:bf:76:c6:85:3b:08:bf:91:25:23:34:80:f5:
cf:c6:2e:37:89:ec:49:c2:28:4d:76:2f:d7:6a:6b:
8b:8c:4e:fe:a9:56:7c:8f:a0:9c:9c:92:1c:dd:7b:
3a:06:96:b0:fb:24:4b:5c:56:bd:6c:0a:80:c4:c1:
ef:f6:f9:11:16:f1:2e:47:ba:2c:29:47:dc:c1:1a:
bd:af:db:ca:29:90:43:5e:90:82:ca:69:94:5c:88:
a1
coefficient:
00:ab:51:ee:7a:09:a7:75:f6:20:1d:c1:26:f2:1b:
67:3c:c1:05:25:f2:ab:ac:91:40:3a:d8:3a:55:76:
f9:d7:28:41:ba:59:95:49:16:2f:9f:fb:28:e2:ca:
5e:ea:f0:fd:51:3b:4f:1a:67:8d:6d:29:c7:ac:40:
bc:8c:92:61:ab:07:09:3a:db:bd:80:2c:e6:f7:16:
83:cb:4d:d5:11:f6:39:1c:4f:e4:36:b9:26:98:0e:
ab:0f:9a:fa:4f:6a:93:1a:fa:2b:20:33:f0:16:c9:
89:57:b2:72:b8:e1:61:4d:ee:f1:17:ea:0e:31:66:
f2:43:2e:bd:29:fc:02:36:57:b2:9d:e6:77:77:26:
81:03:0b:10:5f:a4:96:b0:45:37:57:be:67:ba:0a:
1d:56:01:e7:88:13:ce:be:78:a1:75:6d:77:d3:7a:
60:37:b5:09:7f:86:b8:57:11:4c:c8:b6:88:33:7a:
1a:a5:f1:2c:28:03:59:5f:78:54:b2:7b:70:4f:20:
d5:10:28:71:9d:43:38:c4:e3:3b:9e:8b:9c:17:4a:
b0:db:d6:8a:8a:18:40:f4:31:79:dd:03:a5:39:07:
c9:95:09:92:17:1a:1f:b0:b5:0a:38:39:c0:bb:32:
73:a9:79:59:41:5a:cd:26:80:3f:88:8f:6f:5d:ca:
71:f1
3. 인증서 생성
- CSR (인증서 서명 요청) 생성
$ openssl req -new -key private.key -out certificate.csr -subj "/C=US/ST=California/L=San Francisco/O=MyCompany/OU=IT/CN=mydomain.com"
더보기
확인 방법
$ openssl req -in certificate.csr -text -noout
Certificate Request:
Data:
Version: 1 (0x0)
Subject: C=US, ST=California, L=San Francisco, O=MyCompany, OU=IT, CN=mydomain.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:92:b8:c8:67:1a:58:d2:3f:ad:69:3e:10:93:1e:
dd:c1:ae:6d:57:6c:39:c4:f3:0c:4a:44:62:49:da:
55:8a:1a:f4:df:a2:c3:06:e6:ff:bc:91:dd:05:c2:
cc:5f:30:e3:c4:44:63:06:93:fb:fd:6a:ac:2c:51:
13:1d:23:2b:20:db:e4:ce:27:0a:d9:f9:89:59:39:
19:a4:94:d7:e7:a4:ea:0b:79:b2:da:72:75:5e:85:
61:6d:b4:80:8b:47:42:f9:41:c8:7c:34:a2:56:49:
f5:f0:b3:3a:2b:46:98:f1:b8:50:cf:95:75:ee:4f:
a3:57:3d:71:e2:73:07:0c:d8:08:81:50:97:b6:ca:
f5:a8:5c:e9:80:5e:84:d2:b8:f4:ed:26:bc:69:f7:
40:ed:98:a6:4c:0f:dd:a8:1c:9c:42:ee:7e:eb:ff:
68:f2:ec:f2:c7:c5:45:e9:c5:d5:b5:e2:40:dd:22:
ca:bc:90:8c:5d:c6:11:ec:39:e3:db:01:dd:ca:90:
a2:5d:d6:58:03:1b:5d:2e:b2:04:f8:0c:ed:ac:fb:
bf:ad:43:b6:9e:92:96:1a:49:52:0f:27:38:8b:f0:
fe:f7:e4:3d:89:46:85:23:25:61:8e:b2:50:af:cc:
5f:03:6a:b1:3d:32:9b:0c:4d:eb:ec:9e:c6:33:0b:
6a:31:ef:9c:91:e8:66:42:db:b2:b6:d3:bb:a1:97:
d0:b3:5b:74:c6:b1:b4:33:96:8b:86:7e:2c:2c:e2:
c8:a3:6e:bf:23:82:12:a5:11:85:84:04:6a:65:27:
c8:b9:e7:4c:2c:4e:04:85:7e:ef:ee:b2:7b:4d:55:
19:5a:ee:c8:93:50:64:c7:8c:94:ab:cb:b2:e4:fa:
dc:36:43:dd:cd:f3:31:93:20:12:59:40:e8:58:19:
45:3c:33:e0:ea:90:24:d1:22:97:a9:1e:bc:fd:93:
89:ed:93:5b:0f:14:1a:09:08:07:ae:94:51:d7:57:
60:99:be:f6:a8:2a:e7:38:d6:14:e3:fc:fc:83:83:
11:b3:77:fc:b1:e5:61:32:38:53:e4:c1:33:3a:55:
ef:fa:3d:9a:b3:eb:bd:7e:de:cc:a8:db:cc:8b:3b:
1d:8f:f6:e2:18:d3:31:97:bd:3d:40:70:84:17:0c:
d6:1c:12:d1:8f:76:00:eb:58:d9:4f:26:bd:64:0c:
53:6d:d5:bd:b3:b2:5f:bb:3d:59:74:08:d3:ff:03:
d5:b8:b0:ed:19:e6:ad:16:3a:5e:d3:9e:e8:e4:44:
2a:9a:41:07:f9:7e:bd:54:99:3b:af:aa:8d:f0:77:
eb:fb:99:53:9a:6d:a9:e3:10:59:be:24:47:ea:4f:
5d:e6:95
Exponent: 65537 (0x10001)
Attributes:
(none)
Requested Extensions:
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
5f:db:c2:89:b3:f2:45:b9:3d:29:54:a6:98:41:ae:ef:14:0c:
b4:99:ea:c4:4f:c6:f4:e1:8c:0c:e2:46:13:15:4b:14:91:c1:
14:58:76:e5:25:14:e7:4a:d3:24:a5:8e:f4:db:e6:29:df:e9:
02:cd:15:bd:3e:76:9b:41:36:14:35:21:27:ac:e1:ed:57:b5:
b4:c3:7c:25:e1:bf:5d:45:69:08:e1:15:7b:0e:59:96:d9:98:
b3:0b:76:60:a8:d7:99:df:28:a7:d7:03:6f:15:ee:e4:f2:80:
88:1a:4a:19:5d:be:61:e7:b2:54:60:ef:c3:28:34:37:13:cc:
ea:6a:54:09:4c:52:ce:8f:b2:c7:65:1d:81:a0:bd:44:6f:a8:
1c:05:42:43:f2:4f:ba:95:4a:b0:a8:83:a4:8d:de:0e:98:42:
bc:e5:ee:7a:4e:45:fc:e6:38:09:c8:3e:56:12:f7:2c:fe:f2:
8d:30:b7:77:7e:21:fc:6d:13:5c:3b:d6:da:87:4d:16:ac:4e:
7b:20:21:ff:e7:c6:76:01:0e:5e:68:66:34:fb:76:7d:89:94:
94:0b:7a:fd:92:93:45:e2:43:9e:5b:e4:e2:29:71:12:3d:da:
70:0e:3a:4b:f5:b5:69:82:a5:30:1c:8b:81:f3:d3:78:cf:b4:
9b:0d:3a:05:8e:6e:85:a0:80:4d:f7:05:f3:65:9e:1b:31:b0:
99:e2:b9:b3:55:7b:35:53:2c:08:73:8d:40:9d:e8:c1:6d:a6:
21:8b:0a:03:d2:66:89:2b:0c:db:7b:b4:05:d3:a6:50:07:fe:
ec:42:ef:e6:42:d3:0a:be:fa:a0:25:c6:44:46:1e:6c:25:d0:
b3:4f:d9:b1:72:11:63:f5:3a:27:8f:2c:a1:ba:b2:9d:88:4e:
76:86:75:b9:96:b8:ad:f5:88:99:6d:e9:1f:82:2a:f3:57:11:
78:eb:bd:95:00:59:4c:50:24:f0:1d:45:4e:4c:14:a6:85:f6:
f8:a1:35:bc:79:10:e6:a4:df:98:25:9e:c5:24:67:9f:b7:80:
43:46:c1:33:22:40:32:6d:bb:29:7d:15:8e:45:0d:40:cb:5c:
0a:4e:25:d2:a6:18:e4:9a:c0:e0:1a:41:d7:ce:aa:c1:4c:e3:
98:81:dd:ba:96:c1:c9:c0:42:a2:16:54:b2:3b:12:ce:80:b4:
81:0b:b8:b6:a4:b5:1d:22:8d:69:f6:a5:c8:6a:17:82:5d:aa:
dc:f5:73:24:ed:10:c3:f3:cb:79:e9:de:a2:e3:32:81:ad:79:
a0:a6:c4:a5:81:95:d1:ae:c4:ce:66:39:23:f8:67:78:33:8f:
c6:08:78:03:e2:7f:4d:8c
- 자체 서명된 X.509 인증서 생성
$ openssl x509 -req -days 365 -in certificate.csr -signkey private.key -out certificate.crt
Certificate request self-signature ok
subject=C=US, ST=California, L=San Francisco, O=MyCompany, OU=IT, CN=mydomain.com
더보기
확인방법
$ openssl x509 -in certificate.crt -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
02:9b:b5:1f:52:40:ac:75:a0:d8:ad:f6:47:c4:41:0c:1a:30:b6:a7
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=San Francisco, O=MyCompany, OU=IT, CN=mydomain.com
Validity
Not Before: Feb 26 04:47:44 2025 GMT
Not After : Feb 26 04:47:44 2026 GMT
Subject: C=US, ST=California, L=San Francisco, O=MyCompany, OU=IT, CN=mydomain.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:92:b8:c8:67:1a:58:d2:3f:ad:69:3e:10:93:1e:
dd:c1:ae:6d:57:6c:39:c4:f3:0c:4a:44:62:49:da:
55:8a:1a:f4:df:a2:c3:06:e6:ff:bc:91:dd:05:c2:
cc:5f:30:e3:c4:44:63:06:93:fb:fd:6a:ac:2c:51:
13:1d:23:2b:20:db:e4:ce:27:0a:d9:f9:89:59:39:
19:a4:94:d7:e7:a4:ea:0b:79:b2:da:72:75:5e:85:
61:6d:b4:80:8b:47:42:f9:41:c8:7c:34:a2:56:49:
f5:f0:b3:3a:2b:46:98:f1:b8:50:cf:95:75:ee:4f:
a3:57:3d:71:e2:73:07:0c:d8:08:81:50:97:b6:ca:
f5:a8:5c:e9:80:5e:84:d2:b8:f4:ed:26:bc:69:f7:
40:ed:98:a6:4c:0f:dd:a8:1c:9c:42:ee:7e:eb:ff:
68:f2:ec:f2:c7:c5:45:e9:c5:d5:b5:e2:40:dd:22:
ca:bc:90:8c:5d:c6:11:ec:39:e3:db:01:dd:ca:90:
a2:5d:d6:58:03:1b:5d:2e:b2:04:f8:0c:ed:ac:fb:
bf:ad:43:b6:9e:92:96:1a:49:52:0f:27:38:8b:f0:
fe:f7:e4:3d:89:46:85:23:25:61:8e:b2:50:af:cc:
5f:03:6a:b1:3d:32:9b:0c:4d:eb:ec:9e:c6:33:0b:
6a:31:ef:9c:91:e8:66:42:db:b2:b6:d3:bb:a1:97:
d0:b3:5b:74:c6:b1:b4:33:96:8b:86:7e:2c:2c:e2:
c8:a3:6e:bf:23:82:12:a5:11:85:84:04:6a:65:27:
c8:b9:e7:4c:2c:4e:04:85:7e:ef:ee:b2:7b:4d:55:
19:5a:ee:c8:93:50:64:c7:8c:94:ab:cb:b2:e4:fa:
dc:36:43:dd:cd:f3:31:93:20:12:59:40:e8:58:19:
45:3c:33:e0:ea:90:24:d1:22:97:a9:1e:bc:fd:93:
89:ed:93:5b:0f:14:1a:09:08:07:ae:94:51:d7:57:
60:99:be:f6:a8:2a:e7:38:d6:14:e3:fc:fc:83:83:
11:b3:77:fc:b1:e5:61:32:38:53:e4:c1:33:3a:55:
ef:fa:3d:9a:b3:eb:bd:7e:de:cc:a8:db:cc:8b:3b:
1d:8f:f6:e2:18:d3:31:97:bd:3d:40:70:84:17:0c:
d6:1c:12:d1:8f:76:00:eb:58:d9:4f:26:bd:64:0c:
53:6d:d5:bd:b3:b2:5f:bb:3d:59:74:08:d3:ff:03:
d5:b8:b0:ed:19:e6:ad:16:3a:5e:d3:9e:e8:e4:44:
2a:9a:41:07:f9:7e:bd:54:99:3b:af:aa:8d:f0:77:
eb:fb:99:53:9a:6d:a9:e3:10:59:be:24:47:ea:4f:
5d:e6:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
47:A6:51:4A:26:CA:03:19:38:23:83:2B:FA:58:66:61:AB:90:74:D8
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
6e:8e:f2:25:25:72:0c:c4:ea:49:33:b1:ff:2e:f9:fe:34:86:
6a:6d:5c:4a:d7:89:fe:47:8b:a7:33:9f:e2:47:38:75:f4:c1:
b8:ae:b3:23:c2:10:c1:9d:62:5a:40:72:51:c4:4f:72:e0:4f:
78:cd:ed:ec:64:ed:ac:76:d4:ea:c4:75:c7:53:0e:96:fe:74:
70:e2:37:71:68:ee:d0:a2:db:2c:1e:55:db:8f:e9:22:40:fd:
ed:6b:4a:e0:5d:73:fc:a5:cf:4d:f3:31:8e:69:8a:2a:c7:55:
9b:54:33:76:54:54:df:72:c9:bf:d2:3e:f1:23:4c:c0:f7:a0:
3c:ba:8c:2e:75:76:78:3d:0c:3a:a1:07:ce:ac:62:f3:8e:aa:
2e:97:1f:bd:c1:e1:6d:72:93:45:27:55:11:31:10:32:48:f3:
1e:86:94:96:41:6d:2f:95:e2:0c:8f:55:3c:3a:b7:8c:9f:3c:
f1:d0:b0:e2:2f:01:63:1d:f7:29:f8:d0:d6:31:b8:a1:3a:4b:
01:0d:bd:44:3a:18:2f:8d:ad:9e:1c:4b:05:85:80:b7:78:33:
1c:3f:7f:9d:68:0f:f9:53:14:9b:3a:05:84:1e:8b:55:7a:e2:
79:69:44:7b:07:d6:d5:92:56:4e:a0:47:6c:5a:82:a8:06:3a:
57:04:60:cb:b9:b3:4f:74:69:6a:d5:78:4e:ef:15:15:08:03:
86:f5:fb:8d:75:d4:86:dd:f0:66:90:69:6c:3e:5b:8c:b3:9c:
ca:f0:4b:48:cb:a9:3b:6d:ba:3e:4a:a5:37:b3:35:57:5b:6f:
41:37:a1:92:b7:d2:19:c3:6f:c3:b3:45:61:c7:8c:ed:bd:3b:
d5:2f:bf:b1:0d:6b:64:a7:32:41:02:2f:2d:cb:db:7a:cb:31:
75:33:c0:1c:42:31:a6:ad:e3:76:ac:55:14:1c:de:e6:69:4e:
58:23:cc:cc:59:5f:0b:55:3a:04:c5:ed:70:b2:87:35:09:cb:
40:cd:18:2f:82:9e:9a:e8:62:5d:bd:6d:ca:25:7c:fe:b8:bd:
65:22:11:fc:0a:07:58:f8:cc:26:1a:74:f6:5f:4f:c8:39:99:
2e:e4:ab:9d:40:fa:62:a6:ac:e1:8e:b4:36:4a:34:10:b1:b1:
b2:3a:5c:31:1f:2f:56:31:6d:dd:7d:e1:83:b9:e1:85:9f:f3:
fe:d1:b3:7f:3c:8e:51:a8:59:16:64:53:bd:1f:08:57:7d:c2:
99:b1:68:ca:5f:e4:25:0f:6e:51:6c:49:d6:1a:13:80:90:93:
b0:6c:59:9d:09:9d:4d:4f:80:ee:d7:f9:6b:09:c5:58:48:36:
a1:9e:d6:8d:7d:ae:82:62
4. PKCS#12 파일 생성 및 확인
비밀번호 없이 PKCS#12 를 생성하고, 확인한 다음, 비밀번호를 사용하여 보호된 PKCS#12 를 만들어보고, 확인하는 방법을 살펴보겠습니다.
- 비밀번호 없이 PKCS#12 생성
$ openssl pkcs12 -export -out certificate_no_pass.p12 -inkey private.key -in certificate.crt
더보기
PKCS#12 파일 확인 방법
$ openssl pkcs12 -info -in certificate_no_pass.p12
Enter Import Password: <<<<<< 'Enter' key 입력
MAC: sha256, Iteration 2048
MAC length: 32, salt length: 8
PKCS7 Encrypted data: PBES2, PBKDF2, AES-256-CBC, Iteration 2048, PRF hmacWithSHA256
Certificate bag
Bag Attributes
localKeyID: 35 15 08 86 C5 48 39 40 8E 45 B1 FF A7 EC 8E BD 3D 29 2F 1B
subject=C=US, ST=California, L=San Francisco, O=MyCompany, OU=IT, CN=mydomain.com
issuer=C=US, ST=California, L=San Francisco, O=MyCompany, OU=IT, CN=mydomain.com
-----BEGIN CERTIFICATE-----
MIIFkzCCA3ugAwIBAgIUApu1H1JArHWg2K32R8RBDBowtqcwDQYJKoZIhvcNAQEL
BQAwcjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcM
DVNhbiBGcmFuY2lzY28xEjAQBgNVBAoMCU15Q29tcGFueTELMAkGA1UECwwCSVQx
FTATBgNVBAMMDG15ZG9tYWluLmNvbTAeFw0yNTAyMjYwNDQ3NDRaFw0yNjAyMjYw
NDQ3NDRaMHIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYD
VQQHDA1TYW4gRnJhbmNpc2NvMRIwEAYDVQQKDAlNeUNvbXBhbnkxCzAJBgNVBAsM
AklUMRUwEwYDVQQDDAxteWRvbWFpbi5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4IC
DwAwggIKAoICAQCSuMhnGljSP61pPhCTHt3Brm1XbDnE8wxKRGJJ2lWKGvTfosMG
5v+8kd0FwsxfMOPERGMGk/v9aqwsURMdIysg2+TOJwrZ+YlZORmklNfnpOoLebLa
cnVehWFttICLR0L5Qch8NKJWSfXwszorRpjxuFDPlXXuT6NXPXHicwcM2AiBUJe2
yvWoXOmAXoTSuPTtJrxp90DtmKZMD92oHJxC7n7r/2jy7PLHxUXpxdW14kDdIsq8
kIxdxhHsOePbAd3KkKJd1lgDG10usgT4DO2s+7+tQ7aekpYaSVIPJziL8P735D2J
RoUjJWGOslCvzF8DarE9MpsMTevsnsYzC2ox75yR6GZC27K207uhl9CzW3TGsbQz
louGfiws4sijbr8jghKlEYWEBGplJ8i550wsTgSFfu/usntNVRla7siTUGTHjJSr
y7Lk+tw2Q93N8zGTIBJZQOhYGUU8M+DqkCTRIpepHrz9k4ntk1sPFBoJCAeulFHX
V2CZvvaoKuc41hTj/PyDgxGzd/yx5WEyOFPkwTM6Ve/6PZqz671+3syo28yLOx2P
9uIY0zGXvT1AcIQXDNYcEtGPdgDrWNlPJr1kDFNt1b2zsl+7PVl0CNP/A9W4sO0Z
5q0WOl7TnujkRCqaQQf5fr1UmTuvqo3wd+v7mVOabanjEFm+JEfqT13mlQIDAQAB
oyEwHzAdBgNVHQ4EFgQUR6ZRSibKAxk4I4Mr+lhmYauQdNgwDQYJKoZIhvcNAQEL
BQADggIBAG6O8iUlcgzE6kkzsf8u+f40hmptXErXif5Hi6czn+JHOHX0wbiusyPC
EMGdYlpAclHET3LgT3jN7exk7ax21OrEdcdTDpb+dHDiN3Fo7tCi2yweVduP6SJA
/e1rSuBdc/ylz03zMY5piirHVZtUM3ZUVN9yyb/SPvEjTMD3oDy6jC51dng9DDqh
B86sYvOOqi6XH73B4W1yk0UnVRExEDJI8x6GlJZBbS+V4gyPVTw6t4yfPPHQsOIv
AWMd9yn40NYxuKE6SwENvUQ6GC+NrZ4cSwWFgLd4Mxw/f51oD/lTFJs6BYQei1V6
4nlpRHsH1tWSVk6gR2xagqgGOlcEYMu5s090aWrVeE7vFRUIA4b1+4111Ibd8GaQ
aWw+W4yznMrwS0jLqTttuj5KpTezNVdbb0E3oZK30hnDb8OzRWHHjO29O9Uvv7EN
a2SnMkECLy3L23rLMXUzwBxCMaat43asVRQc3uZpTlgjzMxZXwtVOgTF7XCyhzUJ
y0DNGC+CnproYl29bcolfP64vWUiEfwKB1j4zCYadPZfT8g5mS7kq51A+mKmrOGO
tDZKNBCxsbI6XDEfL1Yxbd194YO54YWf8/7Rs388jlGoWRZkU70fCFd9wpmxaMpf
5CUPblFsSdYaE4CQk7BsWZ0JnU1PgO7X+WsJxVhINqGe1o19roJi
-----END CERTIFICATE-----
PKCS7 Data
Shrouded Keybag: PBES2, PBKDF2, AES-256-CBC, Iteration 2048, PRF hmacWithSHA256
Bag Attributes
localKeyID: 35 15 08 86 C5 48 39 40 8E 45 B1 FF A7 EC 8E BD 3D 29 2F 1B
Key Attributes: <No Attributes>
Enter PEM pass phrase: <<<<< 아무거나 입력
Verifying - Enter PEM pass phrase: <<<< 이전에 입력한 것과 동일하게 입력
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJtTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQ56cGsTWB0G7X8wLz
2DWZ7AICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEIhPhoVUECsVqp29
wH5qaLUEgglQO6NbDHC23Xp5MmRfBL9LBMjnU+D8mCGJvcfAovNF4NFMENzcOVtM
gfF5Wh0Ddz+XhqUhefFw6CRdWtqelGHVh/klaMN59cZ6BhkmgkHgcY//lfnf1Ezd
R3+6hsWJ0Em9UIIJ0QLwR48M4S0rBmntgyBzE3neVe/f9lbE8CHU/sDt6fufwTbs
C/8cgqdqph+RhpkRE241omuAKLZ8M79A63YJcLmN4faXVa7/2+97WMEXoTDIDjkX
5fgPdhZvJXkK8pIl2oAA5FuENakBu+920wq6gzaY7dlOKBgJTulrpxlRD5fU5J4e
oEwXShm7fkvkd1C3uTeP/sznQnn5RkP3r6IOijczu2nnK1o4TkshyGua7ie83qYE
5ig0f789KqlLL3eJ7pQVIdPhvoZQYxUm+n/hV1UprxPRZwobbm/7FsaSu9KIES+z
2QZ1kMMxj+jsNLsPiR/glSU7GufftziI3hO4BnnwCtwDQvF7dpn+0OASTB8v/MqU
Q5PwXaHdrknEsYBEtbk5igz5IFXMgolUbaTvhypoDbUm5aJZ6zPTpms4yvUoFz3a
GMMj2ENT58M9MrrufDUnDggXHIuTMrwlCMlGmxJhRWBtPGgHBykAi5RK0rssWpkE
LA+C3a9/zpK1ydlabO3YZISho2bFMWQdjHIPSMdIB3KIQ+4kUPFOxrHFnobSiMRc
vM11uSPdu61r+yfRru0kgEBMeSkVB2AdZwOmtqQKeTya/3cyKnftqtxeg8yVVREH
s3BKBS693DSEo1uNYOq0xOIH5Otl1ixWbb5GDW+FdI3J1TW1G82vqmz9S1OopNVH
tye/Il7FJ/YJ458RH5iQ3wMLu5u0fO6eSB8iKCfXt8es9e8COKxFaH/py1y24G8v
pmNIhVYMgWagVRWzF9JqYGmmAByBVrOQz2zvKu+mZbVsMHxyfGaforA23o518Ysw
srGY8G1OPKRlhN3ijOfTCZBGAETDjoq6y6k8jRYyuuL7khJIktsoqKn9yaF/x6sy
sGxFo95gGAfCaVDceLQ7IFfAyz6QS7dGj8QKgNNE/2WiK3JGnC9LC0dxflwynlI3
FodK3uDdy4kudjsKzKad/yTdLiPou3zAS2wXKO3LtGIYVCYgb2X1Zsd27QVYUShe
ymn5Rdya/3m6Ba2nQTk4exXiPKPb+XNyDwBtnJskLP1AeTkDKgKteCFTjYitlw6l
kKayVeo6dAVwatjDCSypgF6C0b2oQt1D6K6yEPAzzayTcxxKZK/ZcgO4g5JIoJc5
t1gfuyosTzHXWweZNvSh23SgOPo9jlMl8ketOQsvjfTyWYLWnCttlmmdxBp2MPF6
mzLYqa1acCtXCvZIW/ByRgqZlvH+kQKe3OquGP+vjDx6j0tQ2VvG2yViY9zFsuqv
qskW+T4SUDubA+hizJ6F8qvn4/T7wVFjxdgqcEGWl4jNtzLBfSpS9T1QNBeDZkms
vYRtMt/DiDaFWN8gAXc5d0UQZMJdiVQ1UUoVIznP2kWb6cVT+oG/9ROEDI3YOAJN
96/jFKRd8bwj4GpawQxptItECcl5MG7rZZIkKugmq0fiZOeEdNw3XdwggJWrngD+
1g6btIW/gzzedVt7z98n8MMsBmmE3xOKu16K8hsWRYZzTCBe94gQQH6moD3Nk0rJ
Qy6KRkzCHlZDEJ5Ge6r9LkYKp6QlPdkLv3u2BkSYvnlfVui+91NwIehZPtWVrBtV
deoRumjFyl9CJHkQzdYjbdFFT/ej37voS6woCdSdk1/wHjHB2W0f2co1cpEZ3Klz
cq4sqEsWihudvh3aSG1Q0qD2ywoFKxGvDTCapAh62Im/0Dbs2YmOkH1j0ueix1Fe
KDArcTSd/mT17KjZeUSyUCwR93uDZgfY2Xh+ORZ75wFcPqNan3HtUpy2ZMXScuNF
dtT0fw9ssmvHgcO9bAtinvapN0DSFARJ4YAY1C/965PXwIo/G6LMpMZO8tG/6K6n
qYRd6DA9k/hthdjxmNrqRwMeaznkWaLJAOYwyyxT4WPO+lDu6E3LpDl17H4z2ECf
QPSvmPaLN6tIK7ZByrCzvc56T9jxxbbnwwNp8EGJuBI0mK60uUxiLB1790JJkc6x
ICmTafOnDWKrN3zEZmLB1VxEpB4/DS/Kc639SUeGuY0XPTOUnvBov7fyhh9kkEPD
L1p06rFZBfdiPhpXHnJc7yJYqSVTXal96KzMkmXyRxxzMJNvH6k1cxKHL9VTyWd3
sawDVI26DAYEG2b3mZC9ZoIFDYOENAJ/HReMqUOZF64WR9S6Lw8cf7uELq3iIRwd
XNH/c92Zl1haMV1BMAHoS8HKd+0IsUqsVSyHIv6/h/Cok+6oGaL41kpqb8oAXG4q
uY5veEMospeCvQkFogfEDjEs1rAi5hEhjE/nEdvFG6u8zejVKf3Da3qBuI4vJv1b
U0p6SDGmdJqGE8WhpKrDMMH7bU4zm8zG8R42kUykmElIB3fjh5g8MMTOzfi6NRso
ffyXYC1PB4YZAjaFUlF+F3I0N+K+okj8olwo3DMwZ0YSz6JXZECdKOIKqUi5hniL
LgZsF+Wt9ejXKZpeEwbpm+yHgNc4iIOfA38kU59SvYwhIOYyGZCoPOScOcjXV44V
Fc8g6ruykO3XU5eOteaPK0UCRv6pqk4t2GZ0YC7rRcf/9qyV/IhfJKk/J1HrKGLZ
Lc2U/NzBIMxiT9ncYEFsKpRipFT6+mco3HprOCYDqLpUzKA6MRNEtcPwNGcQByj2
cUT8j3Prr5+QKOIafwOSl8LYE0VGCXhXwurtmmw+1gASMFEwrhGT/uobsQZwDDMD
wIgLDvi4KmITeSW9mENGjR1tDLvY8sdnDLhWsZjJA7TURZuexymZbCnk99FGPtLx
Fc5f2fuzqX3vFXUnDQpNpYo0VbKZAZHIs2aF4VbWXKw06lYFxNFaqZ1sgbf4uwY/
ShDIdpbARZmRsgT+Nklmk6VBUDgyeE5EyDLJG7xx94Bw/QLWafwuKNAHflG2UheC
hrhB+757GbvclpxXV4FHVEKzow5CyZTN7zoHduJnOpLyYEuHx2CPGvh9tPU3MYsP
8D7RAFikd9V0DhkqKPh3YQxrHYB86CToOy2/hXiw0HHFqC7jKPR0ryEJ4qDFWyjr
cAjj1ziWxVXkKq14NndJ6RTZcQkEIf+rKCsBruzr0ROCWzc8ZtpVbIM=
-----END ENCRYPTED PRIVATE KEY-----
PEM 에서는 아무거나 입력하면 입력한 문구를 Private key 로 암호화해서 보여주네요. Private Key 를 노출하지 않겠다는 거군요!
- 비밀번호로 보호된 PKCS#12 생성
$ openssl pkcs12 -export -out encrypted_certificate.p12 \\
-inkey private.key \\
-in certificate.crt \\
-passout pass:my_secure_password \\
-certpbe AES-256-CBC \\
-keypbe AES-256-CBC \\
-macalg SHA256
더보기
암호화된 PKCS#12 정보 확인 방법
openssl pkcs12 -info -in encrypted_certificate.p12 -passin pass:my_secure_password
MAC: sha256, Iteration 2048
MAC length: 32, salt length: 8
PKCS7 Encrypted data: PBES2, PBKDF2, AES-256-CBC, Iteration 2048, PRF hmacWithSHA256
Certificate bag
Bag Attributes
localKeyID: 35 15 08 86 C5 48 39 40 8E 45 B1 FF A7 EC 8E BD 3D 29 2F 1B
subject=C=US, ST=California, L=San Francisco, O=MyCompany, OU=IT, CN=mydomain.com
issuer=C=US, ST=California, L=San Francisco, O=MyCompany, OU=IT, CN=mydomain.com
-----BEGIN CERTIFICATE-----
MIIFkzCCA3ugAwIBAgIUApu1H1JArHWg2K32R8RBDBowtqcwDQYJKoZIhvcNAQEL
BQAwcjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcM
DVNhbiBGcmFuY2lzY28xEjAQBgNVBAoMCU15Q29tcGFueTELMAkGA1UECwwCSVQx
FTATBgNVBAMMDG15ZG9tYWluLmNvbTAeFw0yNTAyMjYwNDQ3NDRaFw0yNjAyMjYw
NDQ3NDRaMHIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYD
VQQHDA1TYW4gRnJhbmNpc2NvMRIwEAYDVQQKDAlNeUNvbXBhbnkxCzAJBgNVBAsM
AklUMRUwEwYDVQQDDAxteWRvbWFpbi5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4IC
DwAwggIKAoICAQCSuMhnGljSP61pPhCTHt3Brm1XbDnE8wxKRGJJ2lWKGvTfosMG
5v+8kd0FwsxfMOPERGMGk/v9aqwsURMdIysg2+TOJwrZ+YlZORmklNfnpOoLebLa
cnVehWFttICLR0L5Qch8NKJWSfXwszorRpjxuFDPlXXuT6NXPXHicwcM2AiBUJe2
yvWoXOmAXoTSuPTtJrxp90DtmKZMD92oHJxC7n7r/2jy7PLHxUXpxdW14kDdIsq8
kIxdxhHsOePbAd3KkKJd1lgDG10usgT4DO2s+7+tQ7aekpYaSVIPJziL8P735D2J
RoUjJWGOslCvzF8DarE9MpsMTevsnsYzC2ox75yR6GZC27K207uhl9CzW3TGsbQz
louGfiws4sijbr8jghKlEYWEBGplJ8i550wsTgSFfu/usntNVRla7siTUGTHjJSr
y7Lk+tw2Q93N8zGTIBJZQOhYGUU8M+DqkCTRIpepHrz9k4ntk1sPFBoJCAeulFHX
V2CZvvaoKuc41hTj/PyDgxGzd/yx5WEyOFPkwTM6Ve/6PZqz671+3syo28yLOx2P
9uIY0zGXvT1AcIQXDNYcEtGPdgDrWNlPJr1kDFNt1b2zsl+7PVl0CNP/A9W4sO0Z
5q0WOl7TnujkRCqaQQf5fr1UmTuvqo3wd+v7mVOabanjEFm+JEfqT13mlQIDAQAB
oyEwHzAdBgNVHQ4EFgQUR6ZRSibKAxk4I4Mr+lhmYauQdNgwDQYJKoZIhvcNAQEL
BQADggIBAG6O8iUlcgzE6kkzsf8u+f40hmptXErXif5Hi6czn+JHOHX0wbiusyPC
EMGdYlpAclHET3LgT3jN7exk7ax21OrEdcdTDpb+dHDiN3Fo7tCi2yweVduP6SJA
/e1rSuBdc/ylz03zMY5piirHVZtUM3ZUVN9yyb/SPvEjTMD3oDy6jC51dng9DDqh
B86sYvOOqi6XH73B4W1yk0UnVRExEDJI8x6GlJZBbS+V4gyPVTw6t4yfPPHQsOIv
AWMd9yn40NYxuKE6SwENvUQ6GC+NrZ4cSwWFgLd4Mxw/f51oD/lTFJs6BYQei1V6
4nlpRHsH1tWSVk6gR2xagqgGOlcEYMu5s090aWrVeE7vFRUIA4b1+4111Ibd8GaQ
aWw+W4yznMrwS0jLqTttuj5KpTezNVdbb0E3oZK30hnDb8OzRWHHjO29O9Uvv7EN
a2SnMkECLy3L23rLMXUzwBxCMaat43asVRQc3uZpTlgjzMxZXwtVOgTF7XCyhzUJ
y0DNGC+CnproYl29bcolfP64vWUiEfwKB1j4zCYadPZfT8g5mS7kq51A+mKmrOGO
tDZKNBCxsbI6XDEfL1Yxbd194YO54YWf8/7Rs388jlGoWRZkU70fCFd9wpmxaMpf
5CUPblFsSdYaE4CQk7BsWZ0JnU1PgO7X+WsJxVhINqGe1o19roJi
-----END CERTIFICATE-----
PKCS7 Data
Shrouded Keybag: PBES2, PBKDF2, AES-256-CBC, Iteration 2048, PRF hmacWithSHA256
Bag Attributes
localKeyID: 35 15 08 86 C5 48 39 40 8E 45 B1 FF A7 EC 8E BD 3D 29 2F 1B
Key Attributes: <No Attributes>
Enter PEM pass phrase: <<<<< 아무거나 입력
Verifying - Enter PEM pass phrase: <<<<<<< 이전에 입력과 동일한 입력
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJtTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQa76khkx1tK1IdphR
oQ/j0QICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEAMa7GyUvSRj6OV8
YpV3uDsEgglQzbmn8wHuAFW+7nL7YnfO0IfnBZMoDngHHIC25ChgMxbwOM0CSk55
SujRli1Ki2I1jn1DiXZlDO4FQnDHoERrKuf4jpd8XjCeE8E/CWhsTwP8zzbWTkEm
9zVihnjb6TTTr2FgYkkUsmDQ1FsN7/7MZKCpt7qn6lYxQxZr4wPProvqXJgE2sDq
3xW4jyGgrTZktS48r6yvkQPjwiFYjXeMhQHb0j4KgChj8X3HZKxkxYy8lqNKdNqi
y40lkU78ZsfUTqNe3SmUQN1ABx0TlTGv7b9jqYZ24mTtF21uZSr43oaIsg35xp3M
6K6yXa6MOZ5gxLjI9dDLi8Crz0fVxpfM+A8cIu0s9FD6IlPnzAkYWzVYSjAbfYNG
33hJGROqjEwMO0IGB189b6Ry0RFnV7Bzypy6T1R6+bkyTYj0+0qjApHU7Gr6Z1xy
WXXsVlT2qxJ9tdJMoNj8wd80ayBbk3+Tf7EbizrVj6dkYvkfEqzDGiKDrBV19N/B
VYII5GDP1A+nTLQdbcnu+B/xD+NJjhqqLaZtfpuVjXmQ9Q1L6KmLAOnYHYJ8PnUo
bFg/I08Fz+xRohlmnCGr5yVAhaWchA+waZAc0MtQ2drIdZKrlho9qOiqXGV4NW5i
VCA2fyCTdN7eaSh1twKSYDmTsiQkvuygRvZ2vXveR7nWlwj5sVvfQfH7cqx+rmUb
2pwyl7ezSlCyYAzAWu1dB5VzqLV5SJCuXnwSfAadlLiOPP/Njxky/PACBC/rIkJy
clhSR3e/UywRgVZ2RVSDC9Ey8hFm0MdxnAmUPLdJAq4RZ8oIOQYz2ZHT4bJqooS1
4iteIyO3LOMUiN/55xdZ/s3tCmYol2ZMMRJXsc5ya5YaLQMWq65zEhfMzrZsIYap
v4/27KeGY28I3gaSxTs3TUjuLx3pFlXeyqYjupDPD+nm8v8RL2JjqinDY6yWz0Iy
P5vdnsj1Ez3X8HmMV/mx2x8DL0lXc5kyArByhBxsTarF9wrsA6HUjmAEfN1ud0Zr
acbKqIpZ8H8nJATufTgSsdXp39rsVwgfXkI1JWt5YESKrPn8FAqlhpXevNTqP47S
N3VeN+bJp23By0ef+gE68Aznt49fxsLsF5vtrSVbuqA0iCRJKzuvnP4A5K7eUcvp
AaAAe8fCFPZS+/jqwpq3w4e5TvaHY+X5XsZa26hhOkdrbUX1xy+jPm0GyLuMex2n
/lRaZ1l/Ihp/+SttH/HN1bXd/8K20G6VQZeHi8NKbdhvXpD4rchMwZ6FulYoFzuN
cwm1Gb2fFE7UN/TlQqAKMfteZaws3Q/caKJAXL6+7/EPvkSmFqOCztJJCrW6JE9P
rtrXGR2Qkhef2qTYOiw9ZXe5v1R57lgUtddz6lgU4HkMq4VLMT/Uvdb2XKj6i2ld
Bz0LVAHZF+xel1pR6J3q5Q2PhFiodJ7Wv6M7FNRhaerF2/mp0NQJB9PFpCiIKdsy
U0YPWeweH5lP+oS4LbPaAkcbkGcTZ06gbdmg0gxOyY4HbzYmtbp/JbqJEnVTtQoE
Elz/bwpaSJuPDogEcacEWIFAdUtiHPhwpsngpGL2He2pVpEcf5OJxfN5NL7IpRVO
bDVt/aYBIjXNAWKucSilPNrPDj2mTlFAh+7aYJvIXr5csDNLYTcvmca0qRmUztPh
6fY10pB97rgWKNYudF3tfaDcQuA9uzVESFQPD76H1egibMO/NEG7kFB+IN+mFzaS
TAUuFeWcQdoBXiusKZ1CTuVEZs0f0asGDgWkdvw6GZbh9yDCbQONGPZtl7hUe8UC
zVYj+vcmJEP9o6PV1iGLlGcT//Yb8ff8bKqN/zLJSYonPTkVfiBy89IiCwex+YKu
glPiMc8XpAcOsDgYUZ4rzSZb+8risL/KZo+ceMZU8+nIWd+rdXfCHQeUZHu6kDO6
43JICqqBNgDsaXSDstl2rIIhsTohJ3ydTGGfM6KIT+Qoy4ZPUp+NyQEMCZeAKoBo
iQm61VekO32FZsJsL6hjDLvEYX+m5JFzsdS7oNAyreowVkHB9TpWIlPWpvfPQWbg
PUVfB2Zfz0bJgWHxpMobg7cGCQp5PjAdEYbdHJcnSiIAL7iQQ4XH+N8nQbfC3L3h
5j/Q9otY/DzXnzFw+ZZkixlEEutyclrnxdr22UuWvENaE/cazOH+NStA9Hp34BOP
6B0RVYUlYz5vOAwDu4bYUyCdXeZMWT96brDArIJO9h1NgdXR2Z1Z4Muzw7JdWzEn
uPwvu52r/Dw3qjD6D5Vlt8UHvXdayTOr4/Bd+Bd3RLTnlL78pCKGak7BpFp7eaFj
tq4zKH/1uKcBVhFTaD5hIyGtWgGk+uTFItNe6KMO6AyL8TcXdFhpz4bishcsJaNn
CuGi7oUa12cYgdYOSaLO8nEnAfdjHsOFZAcp4/nWWWVOLvh69IxRPWhmNyq7Efd8
X5QMi2YBsGbTLPXg7Ve/snYmrHGFge1eWIsNETJ2NQ6ss2zpeuUlzTAG+vchBUWi
Bj/YhzwxIftlYqNK7HqkV1ZazJwCE1yjfFW0YR7iZitomV3VUAYVAzuOO4pCBLL+
3JSUMwBusj7c9H5LMmcOqItJz0ljz9R/JtzqxaA0a8W400oIhbOEVGOc3/MDRJU6
oyS18FuolDru0a8N45YYmyv0vPyBKDsUjfkuyBdp+mRggLQTlVktAibcpwIkv22x
SmZ5vkYaILTyu0yaGG2EGGy9Yxtj6hUdtnrk86iqepTYNkdvXaUsRPejgKZPObFm
ukHluqWzMnv3bLzNxOMzQ+xMs9c+2JMwLHchoCZxJkuWlrY4f/r9+D+KhwUi09nC
wsHD6NVslckO2in1rkbJ+LYn8/Xg17D3mnXxCO/aG8IYGDjiu86nTJPFxh54jLWW
a254fiPvSRmG+psZmuYCF0rOqeKPR3IfhhTskNgMVXn/7GNnrDLam7ZklRB27PXt
Si0hOJEtMDlX4lz//BHTLqToaQP18eCPX0MgM4bj0ADEFrCNiDygdxVL9iIrrHle
+zlcIB/Hatr8Hc9kcjuMen35U7bhYKIz2Z00t9i3kLRfnDTmuLi75HxaEt9dV8HT
E8jCb+fbNjoRuNVleuBU3byLLye6KS11V2c5teep+v1GO702YYCJzG0YaP1pgqip
NACNUcfwFzHNgc91j7h9WhhrOQQl1G0PPkIUvHwWPAdf7/QjPRxuftY=
-----END ENCRYPTED PRIVATE KEY-----
5. 결론
따라하면 어렵지 않습니다. PKCS#12 를 생성하면서 비밀키와 인증서가 하나의 파일에서 관리될 수 있다는 것을 배웠고, PKCS#12 를 비밀번호로 암호화할 수 있다는 사실도 배울 수 있었습니다.