EXTRICK.JP

We are a technology company that develops and operates web applications and websites for small and medium-sized businesses.
Our core business is contract-based development, and we also build and run our own services to help improve business operations and launch online services. Using HTML, PHP, JavaScript, CSS, and Shell as our foundation, we combine public APIs and modern web technologies to create systems that best fit our clients’ needs and businesses.
From planning and design to development and hosting, we provide a complete one-stop service, delivering web systems that our clients can rely on long after launch. In our “Showcase”, you can see examples of websites, web applications, and desktop applications that we have built.
If you like what you see here, you can buy me a coffee. ☕

We are based in Hiroshima, Japan.
For inquiries, please click contact us.
If you like what you see here, you can buy me a coffee. ☕

さくらVPSにルート証明書を組み込んでみる

update: 2026-02-18 13:27:49

さくらサーバー（レンタルサーバー）にSSH接続して、

less /usr/share/certs/trusted/DigiCert_Global_Root_G2.pem

すると、以下の内容が表示された。

##
##  DigiCert Global Root G2
##
##  This is a single X.509 certificate for a public Certificate
##  Authority (CA). It was automatically extracted from Mozilla's
##  root CA list (the file `certdata.txt' in security/nss).
##
##  It contains a certificate trusted for server authentication.
##
##  Extracted from nss
##  with $FreeBSD$
##
##  @generated
##
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:3a:f1:e6:a7:11:a9:a0:bb:28:64:b1:1d:09:fa:e5
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
        Validity
            Not Before: Aug  1 12:00:00 2013 GMT
            Not After : Jan 15 12:00:00 2038 GMT
        Subject: C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:37:cd:34:dc:7b:6b:c9:b2:68:90:ad:4a:75:
                    ff:46:ba:21:0a:08:8d:f5:19:54:c9:fb:88:db:f3:
                    ae:f2:3a:89:91:3c:7a:e6:ab:06:1a:6b:cf:ac:2d:
                    e8:5e:09:24:44:ba:62:9a:7e:d6:a3:a8:7e:e0:54:
                    75:20:05:ac:50:b7:9c:63:1a:6c:30:dc:da:1f:19:
                    b1:d7:1e:de:fd:d7:e0:cb:94:83:37:ae:ec:1f:43:
                    4e:dd:7b:2c:d2:bd:2e:a5:2f:e4:a9:b8:ad:3a:d4:
                    99:a4:b6:25:e9:9b:6b:00:60:92:60:ff:4f:21:49:
                    18:f7:67:90:ab:61:06:9c:8f:f2:ba:e9:b4:e9:92:
                    32:6b:b5:f3:57:e8:5d:1b:cd:8c:1d:ab:95:04:95:
                    49:f3:35:2d:96:e3:49:6d:dd:77:e3:fb:49:4b:b4:
                    ac:55:07:a9:8f:95:b3:b4:23:bb:4c:6d:45:f0:f6:
                    a9:b2:95:30:b4:fd:4c:55:8c:27:4a:57:14:7c:82:
                    9d:cd:73:92:d3:16:4a:06:0c:8c:50:d1:8f:1e:09:
                    be:17:a1:e6:21:ca:fd:83:e5:10:bc:83:a5:0a:c4:
                    67:28:f6:73:14:14:3d:46:76:c3:87:14:89:21:34:
                    4d:af:0f:45:0c:a6:49:a1:ba:bb:9c:c5:b1:33:83:
                    29:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Digital Signature, Certificate Sign, CRL Sign
            X509v3 Subject Key Identifier:
                4E:22:54:20:18:95:E6:E3:6E:E6:0F:FA:FA:B9:12:ED:06:17:8F:39
    Signature Algorithm: sha256WithRSAEncryption
         60:67:28:94:6f:0e:48:63:eb:31:dd:ea:67:18:d5:89:7d:3c:
         c5:8b:4a:7f:e9:be:db:2b:17:df:b0:5f:73:77:2a:32:13:39:
         81:67:42:84:23:f2:45:67:35:ec:88:bf:f8:8f:b0:61:0c:34:
         a4:ae:20:4c:84:c6:db:f8:35:e1:76:d9:df:a6:42:bb:c7:44:
         08:86:7f:36:74:24:5a:da:6c:0d:14:59:35:bd:f2:49:dd:b6:
         1f:c9:b3:0d:47:2a:3d:99:2f:bb:5c:bb:b5:d4:20:e1:99:5f:
         53:46:15:db:68:9b:f0:f3:30:d5:3e:31:e2:8d:84:9e:e3:8a:
         da:da:96:3e:35:13:a5:5f:f0:f9:70:50:70:47:41:11:57:19:
         4e:c0:8f:ae:06:c4:95:13:17:2f:1b:25:9f:75:f2:b1:8e:99:
         a1:6f:13:b1:41:71:fe:88:2a:c8:4f:10:20:55:d7:f3:14:45:
         e5:e0:44:f4:ea:87:95:32:93:0e:fe:53:46:fa:2c:9d:ff:8b:
         22:b9:4b:d9:09:45:a4:de:a4:b8:9a:58:dd:1b:7d:52:9f:8e:
         59:43:88:81:a4:9e:26:d5:6f:ad:dd:0d:c6:37:7d:ed:03:92:
         1b:e5:77:5f:76:ee:3c:8d:c4:5d:56:5b:a2:d9:66:6e:b3:35:
         37:e5:32:b6
SHA1 Fingerprint=DF:3C:24:F9:BF:D6:66:76:1B:26:80:73:FE:06:D1:CC:8D:4F:82:A4
-----BEGIN CERTIFICATE-----
MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI
2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx
1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ
q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz
tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ
vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP
BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV
5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY
1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4
NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG
Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91
8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe
pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl
MrY=
-----END CERTIFICATE-----

これは、予めダウンロードした DigiCertGlobalRootG2.crt.pem の内容がすでに登録されているよ。ということらしい。テストするために、さくらVPSに DigiCertGlobalRootG2.crt.pem を登録してみることにした。
SSH接続して、ホームディレクトリ（/home/foo）に DigiCertGlobalRootG2.crt.pem を置いておく。

sudo -s
ll
-rw-r--r--  1 foo  foo  1294  2月 18 12:38 DigiCertGlobalRootG2.crt.pem

trust anchor DigiCertGlobalRootG2.crt.pem
cd /etc/pki/ca-trust/source
ll
-r--r--r--  1 root root 2522  2月 18 12:39 DigiCert_Global_Root_G2.p11-kit  ← 追加された
-rw-r--r--  1 root root  932 11月 19 18:34 README
drwxr-xr-x. 2 root root 4096 11月 19 19:11 anchors
drwxr-xr-x. 2 root root 4096 11月 19 19:11 blocklist
lrwxrwxrwx  1 root root   59 11月 21 00:47 ca-bundle.legacy.crt -> /usr/share/pki/ca-trust-legacy/ca-bundle.legacy.default.crt

trust list | grep "DigiCert Global Root G2"
    label: DigiCert Global Root G2

追加された DigiCert_Global_Root_G2.p11-kit の中身を見てみる。

cat DigiCert_Global_Root_G2.p11-kit 
# This file has been auto-generated and written by p11-kit. Changes will be
# unceremoniously overwritten.
#
# The format is designed to be somewhat human readable and debuggable, and a
# bit transparent but it is not encouraged to read/write this format from other
# applications or tools without first discussing this at the the mailing list:
#
#       p11-glue@lists.freedesktop.org
#
[p11-kit-object-v1]
trusted: true
x-distrusted: false
private: false
modifiable: false
label: "DigiCert Global Root G2"
url: ""
hash-of-issuer-public-key: ""
hash-of-subject-public-key: "%5E%8CS%18%22%60%1DVq%D6j%A0%CCd%A0%60%07C%D5%A8"
java-midp-security-domain: 0
check-value: "%DF%3C%24"
start-date: "20130801"
end-date: "20380115"
id: "N%22T %18%95%E6%E3n%E6%0F%FA%FA%B9%12%ED%06%17%8F9"
subject: "0a1%0B0%09%06%03U%04%06%13%02US1%150%13%06%03U%04%0A%13%0CDigiCert Inc1%190%17%06%03U%04%0B%13%10www.digicert.com1 0%1E%06%03U%04%03%13%17DigiCert Global Root G2"
issuer: "0a1%0B0%09%06%03U%04%06%13%02US1%150%13%06%03U%04%0A%13%0CDigiCert Inc1%190%17%06%03U%04%0B%13%10www.digicert.com1 0%1E%06%03U%04%03%13%17DigiCert Global Root G2"
serial-number: "%02%10%03%3A%F1%E6%A7%11%A9%A0%BB%28d%B1%1D%09%FA%E5"
certificate-category: authority
-----BEGIN CERTIFICATE-----
MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI
2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx
1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ
q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz
tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ
vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP
BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV
5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY
1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4
NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG
Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91
8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe
pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl
MrY=
-----END CERTIFICATE-----

さくらサーバーに登録されているのと同じ内容になりました。
これだけ？😅

では、接続テストをしてみます。

more blogs »

弊社サービスをご利用のお客様へ

update: 2026-02-09 03:26:29

平素は大変お世話になっております。
弊社ホームページ改修の影響で販売管理システムに障害が発生し、1月分の請求書の送付が遅れました。
本日（1月9日） 1月分の請求書を送付いたしました。
今後ともよろしくお願いいたします。