PKI Lab$2 Create Multiple domain (UCC) SSL Certificate

採用

來建立 PKI CA, 必需要有 Root CA, 可參考 [PKI Lab$1 Create Root CA](http://blog.pichuang.com.tw/pki-lab-1-create-root-ca/) 做建立的動作

### Step by Step
- Setting vars for Root CA
> export KEY_SIZE=2048  
export CA_EXPIRE=365  
export KEY_EXPIRE=365  
export KEY_COUNTRY="TW"  
export KEY_PROVINCE="Taiwan"  
export KEY_CITY="HsinChu"  
export KEY_ORG="Night9 Studios"  
export KEY_EMAIL="[email protected]"  
export KEY_OU="www.night9.cc"  
export KEY_NAME=""  
export KEY_CN="*.night9.cc"  

  - [Source](https://github.com/pichuang/easy-rsa/blob/ucc/vars)
  - 重點在於 ```KEY_CN```, 此設定可以 match ```www.night9.cc``` ```roan.night9.cc```, 但不能 match ```night9.cc

• Create UCC Key

  source ./vars
  ./build-key-server *.night9.cc
  <enter>…<enter>

• Check Root CA key and crt

  ls -la ./keys/*.night9.cc.{key,crt}

  • 建議將 *.night9.cc 做個改名的動作

• Check *.night9.cc crt Info

  openssl x509 -in *.night9.crt -text -noout

• Show

  

Reference

• OpenSSL PKI Tutorial
• How To Setup a CA
• OpenSSL command line Root and Intermediate CA including OCSP, CRL and revocation