2003-09-07(日) 曇 [長年日記]
_ 洗(自転)車
乗鞍でだいぶ汚れてしまったので洗車しました。朝 6 時から開始して朝食をはさんで 10 時ころまで格闘しました。チェーンの汚れがひどすぎました。
教訓
洗車用品を揃えよ。まずチェーンを洗え。
_ stone
トンネル掘削機 - stoneで穴掘りを参考にしてトンネル作りに挑戦しました。まず、鍵を生成するために ssl key を参考にしました。
daemon# cp /usr/src/crypto/openssl/apps/CA.sh /etc/ssl/ daemon# cd /etc/ssl/ daemon# ls CA.sh openssl.cnf daemon# sh CA.sh -newca CA certificate filename (or enter to create)
Making CA certificate ... Generating a 1024 bit RSA private key .....................................................................................................++++++ .......++++++ writing new private key to './demoCA/private/./cakey.pem' Enter PEM pass phrase:Verifying - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:JP State or Province Name (full name) [Some-State]:Tokyo Locality Name (eg, city) []:Setagaya Organization Name (eg, company) [Internet Widgits Pty Ltd]:RTFM Organizational Unit Name (eg, section) []:hoge Common Name (eg, YOUR name) []:tota Email Address []:tota@rtfm.jp
daemon# sh CA.sh -newreq Generating a 1024 bit RSA private key .........++++++ .........................................++++++ writing new private key to 'newreq.pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:JP State or Province Name (full name) [Some-State]:Tokyo Locality Name (eg, city) []:Setagaya Organization Name (eg, company) [Internet Widgits Pty Ltd]:RTFM Organizational Unit Name (eg, section) []:master Common Name (eg, YOUR name) []:tota Email Address []:tota@rtfm.jp
Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: Request (and private key) is in newreq.pem
daemon# sh CA.sh -sign
Using configuration from /etc/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem:
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Sep 7 11:15:16 2003 GMT
Not After : Sep 6 11:15:16 2004 GMT
Subject:
countryName = JP
stateOrProvinceName = Tokyo
localityName = Setagaya
organizationName = RTFM
organizationalUnitName = master
commonName = tota
emailAddress = tota@rtfm.jp
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
C8:68:CB:B6:99:9E:89:F1:3D:B4:48:F6:8E:26:D9:7D:BC:7E:61:E4
X509v3 Authority Key Identifier:
keyid:ED:F9:BB:78:26:6F:FC:F8:EA:55:C7:93:2A:40:80:C3:35:73:B5:4D
DirName:/C=JP/ST=Tokyo/L=Setagaya/O=RTFM/OU=master/CN=tota/emailAddress=tota@rtfm.jp
serial:00
Certificate is to be certified until Sep 6 11:15:16 2004 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
:
daemon# openssl rsa -in newreq.pem -out newpriv.pem Enter pass phrase for newreq.pem: writing RSA key
daemon# cat newcert.pem newpriv.pem > stone.pem daemon# mkdir certs daemon# mv stone.pem certs
daemon# stone localhost:23 443/ssl Sep 7 21:22:19 start (2.2) [57533] Sep 7 21:22:19 SSL_CTX_use_certificate_file(/etc/ssl/certs/stone.pem) error
むむ、失敗しました。
daemon# stone localhost:23 443 Sep 7 21:23:31 start (2.2) [57534] Sep 7 21:23:31 stone 5: localhost.xxx.jp:telnet <- https
暗号化しなければ大丈夫のようです。人の log の丸コピーではダメですね。RTFM!
BUFFALO WHR-G54 54Mbps無線LAN AirStation セキュリティB[ツッコミを入れる]