\u6b21\u306e\u30b3\u30de\u30f3\u30c9\u3067\u8abf\u3079\u3066\u307f\u307e\u3059\u3002<\/p>\n
# openssl ecparam -list_curves\n secp384r1 : NIST\/SECG curve over a 384 bit prime field\n secp521r1 : NIST\/SECG curve over a 521 bit prime field\n prime256v1: X9.62\/SECG curve over a 256 bit prime field\n<\/pre>\n\u3068\u3044\u3046\u308f\u3051\u3067\u3001\u4e0a\u8a18\u306e\uff13\u3064\u306b\u5bfe\u5fdc\u3057\u3066\u3044\u308b\u3068\u3044\u3046\u3053\u3068\u304c\u5206\u304b\u308a\u307e\u3059\u3002<\/p>\n
NSA Suite B \u3092\u53c2\u7167\u3057\u3066\u307f\u308b\u3068 \uff08https:\/\/www.nsa.gov\/ia\/programs\/suiteb_cryptography\/<\/a>\uff09
P-384 \u306b\u3059\u308b\u306e\u304c\u3044\u3044\u3088\uff01 \u3068\u306e\u3053\u3068\u306a\u306e\u3067\u3001
\u4eca\u56de\u306f secp384r1 \u3092\u4f7f\u3063\u3066\u307f\u308b\u3053\u3068\u306b\u3057\u3066\u307f\u307e\u3059\u3002<\/p>\n<\/p>\n
\n\u6ce8\u91c8\uff1a
\u5b9f\u306f\u6700\u521d\u3001\u4f55\u3082\u898b\u305a\u306b secp521r1 \u3067\u884c\u3063\u305f\u306e\u3067\u3059\u304c\u3001
Chrome \u306b\u304a\u3044\u3066 ERR_SSL_VERSION_OR_CIPHER_MISMATCH \u3068\u3044\u3046\u3053\u3068\u3067\u958b\u3051\u306a\u304f\u306a\u308b\u3053\u3068\u304c\u5206\u304b\u308a
\u518d\u767a\u884c\u3092\u884c\u3044\u307e\u3057\u305f\u3002<\/p>\nhttp:\/\/security.stackexchange.com\/questions\/100991\/why-is-secp521r1-no-longer-supported-in-chrome-others<\/a>
\u3053\u3046\u3044\u3046\u8a18\u8ff0\u3082\u3042\u3063\u305f\u306e\u3067\u3059\u304c\u3001\u5177\u4f53\u7684\u306b\u66f8\u304b\u308c\u3066\u3044\u308b\u7b87\u6240\u3092\u898b\u3064\u3051\u3089\u308c\u305a\u30fb\u30fb
\u3082\u3057\u3001\u5f53\u8a72\u3059\u308b\u8a18\u8ff0\u306e\u5834\u6240\u3092\u3054\u5b58\u3058\u306e\u65b9\u306f\u3053\u3063\u305d\u308a\u3068\u6559\u3048\u3066\u4e0b\u3055\u3044\u30fb\u30fb\u3002<\/p>\n<\/blockquote>\n<\/p>\n
\u751f\u6210\u306b\u5fc5\u8981\u306a\u60c5\u5831\u304c\u5206\u304b\u3063\u305f\u3068\u3053\u308d\u3067\u3001
\u79d8\u5bc6\u9375\u306e\u751f\u6210<\/u><\/strong>\u3092\u6b21\u306e\u30b3\u30de\u30f3\u30c9\u3067\u884c\u3044\u307e\u3059\u3002<\/p>\n# openssl ecparam -out server.key -name secp384r1 \u2013genkey<\/pre>\n<\/p>\n
\n2. CSR (\u7f72\u540d\u8981\u6c42, Certificate Signing Request) \u3092\u4f5c\u308b\u3002<\/h3>\n
\u3053\u306e\u3042\u305f\u308a\u306f RSA \u306e\u9375\u3067 CSR \u3092\u4f5c\u308b\u3068\u304d\u3068\u540c\u3058\u3088\u3046\u306a\u6d41\u308c\u3067\u3059\u3002<\/p>\n
# openssl req -new -sha256 -key server.key -out server.csr\nYou are about to be asked to enter information that will be incorporated\ninto your certificate request.\nWhat you are about to enter is what is called a Distinguished Name or a DN.\nThere are quite a few fields but you can leave some blank\nFor some fields there will be a default value,\nIf you enter '.', the field will be left blank.\n\n\uff08 \u610f\u8a33\uff1a\u8a3c\u660e\u66f8\u8981\u6c42\u306b\u542b\u3081\u308b\u60c5\u5831\u306b\u3064\u3044\u3066\u7b54\u3048\u3066\u304f\u3060\u3055\u3044\u3002\u7121\u56de\u7b54\u306b\u3057\u305f\u3051\u308c\u3070\u300c.\u300d\u3092\u5165\u529b\u3059\u308c\u3070\u7a7a\u306b\u3082\u3067\u304d\u307e\u3059\u3088\u3002\uff09\n\n-----\n\nCountry Name (2 letter code) [XX]: JP\nState or Province Name (full name) []: Tokyo\nLocality Name (eg, city) [Default City]: Taito\nOrganization Name (eg, company) [Default Company Ltd]: mimumimu.net\nOrganizational Unit Name (eg, section) []: .\nCommon Name (eg, your name or your server's hostname): mimumimu.net\nEmail Address []: customer@mimumimu.net\n\nPlease enter the following 'extra' attributes\nto be sent with your certificate request\n\nA challenge password []: (\u4f55\u3082\u5165\u308c\u305a\u306b Enter )\nAn optional company name []: (\u4f55\u3082\u5165\u308c\u305a\u306b Enter )\n\n<\/pre>\n<\/p>\n
\u3068\u3044\u3046\u308f\u3051\u3067 CSR \u304c\u51fa\u6765\u307e\u3057\u305f\u306e\u3067\u3001\u7f72\u540d\u3057\u3066\u3082\u3089\u3044\u306b\u884c\u304d\u307e\u3059\u3002<\/p>\n
\u4f59\u8ac7\u3067\u3059\u304c\u3001CSR \u30d5\u30a1\u30a4\u30eb\u306e\u4e2d\u8eab\u306f\u30c6\u30ad\u30b9\u30c8\u30d5\u30a1\u30a4\u30eb\u306b\u306a\u3063\u3066\u3044\u307e\u3057\u3066\u3001<\/p>\n
-----BEGIN CERTIFICATE REQUEST-----\nMIIB44KE44GCIO+8iMK044O7z4njg7vvvYApDQrjgojjgYbjgZPjgZ3jgIHjg5Dj\ng7zjg5zjg7Pjg4\/jgqbjgrnjgbjjgILjgZPjga7jg4bjgq3jg7zjg6njga\/jgrXj\ng7zjg5PjgrnjgaDjgYvjgonjgIHjgb7jgZrpo7LjgpPjgafokL3jgaHnnYDjgYTj\ngabmrLLjgZfjgYTjgIINCuOBhuOCk+OAgeOAjOOBvuOBn+OAjeOBquOCk+OBoOOA\ngua4iOOBvuOBquOBhOOAguS7j+OBrumhlOOCguOBo+OBpuiogOOBhuOBl+OBreOA\ngeisneOBo+OBpuioseOBl+OBpuOCguOCieOBiuOBhuOBqOOCguaAneOBo+OBpuOB\nhOOBquOBhOOAgg0KDQrjgafjgoLjgIHjgZPjga5DU1LjgpLopovjgZ\/jgajjgY3j\ngIHlkJvjga\/jgIHjgY3jgaPjgajoqIDokYnjgafjga\/oqIDjgYTooajjgZvjgarj\ngYQg44CM44Go44GN44KB44GN44CN44G\/44Gf44GE44Gq44KC44Gu44KS5oSf44GY\n-----END CERTIFICATE REQUEST-----\n<\/pre>\n\u3053\u3093\u306a\u611f\u3058\u306e\u30d5\u30a1\u30a4\u30eb\u306b\u306a\u3063\u3066\u3044\u307e\u3059\u3002 \uff08\u3082\u3061\u308d\u3093\u3001\u4e0a\u8a18\u306e\u30c6\u30ad\u30b9\u30c8\u306f\u30b5\u30f3\u30d7\u30eb\u3067\u3059\u3088\uff01\uff09<\/p>\n
<\/p>\n
\n3.CA (\u8a8d\u8a3c\u5c40, Certification Authority) \u306b\u7f72\u540d\u3057\u3066\u3082\u3089\u3046\u3002<\/h3>\n
\u3053\u3053\u304b\u3089\u5148\u3001\u5c0e\u5165\u307e\u3067\u306f\u3059\u3079\u3066\u901a\u5e38\u306e RSA \u3067\u306e SSL \u8a3c\u660e\u66f8\u306e\u624b\u7d9a\u304d\u3068\u540c\u4e00\u3067\u3059\u306e\u3067\u3001<\/p>\n
\u6b8b\u308a\u306e\u8aac\u660e\u306f\u3059\u3079\u3066 comodo \u306e\u516c\u5f0f\u30de\u30cb\u30e5\u30a2\u30eb\u306b\u3086\u3060\u306d\u307e\u3059\u30fb\u30fb\uff01
http:\/\/comodo.jp\/beginner\/setup.html<\/a><\/p>\n
\n..\u3068\u3044\u3046\u308f\u3051\u3067\u8a2d\u5b9a\u304c\u5b8c\u4e86\u3057\u307e\u3059\u3068\u3001<\/p>\n
![\"image\"](\"https:\/\/mimumimu.net\/blog\/wp-content\/uploads\/2016\/03\/image_thumb.png\" "\\"image\\"")
<\/a><\/p>\n