JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 5

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 6

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagebash
titleCreate Signing CA Certificate
linenumberstrue
# Generate Signing Certificate Authority (CA) Private Key
openssl ecparam -name prime256v1secp256k1 -genkey -noout -out signing-ca.key
# prime256v1  
# Generate Signing CA Certificate
openssl req -new -x509 -sha256 -days 5475 -key signing-ca.key -out signing-ca.crt

# You are about to be asked to enter information that will be incorporated
# into your certificate request.
# What you are about to enter is what is called a Distinguished Name or a DN.
# There are quite a few fields but you can leave some blank
# For some fields there will be a default value,
# If you enter '.', the field will be left blank.
# -----
# Country Name (2 letter code) [XX]:DE
# State or Province Name (full name) []:Berlin
# Locality Name (eg, city) [Default City]:Berlin
# Organization Name (eg, company) [Default Company Ltd]:SOS
# Organizational Unit Name (eg, section) []:JS7
# Common Name (eg, your name or your server's hostname) []:JS7 Deployment CA
# Email Address []:

# Alternative: Generate Signing Certificate Authority (CA) Private Key using passphrase
# openssl ecparam -genkey -name secp384r1 | openssl ec -aes256 -passout pass:jobscheduler -out signing-ca.key

 # Generate Signing CA Certificate
openssl req -new -x509 -sha256 -days 5475 -key signing-ca.key -passin pass:jobscheduler -out signing-ca.crt
Code Block
languagebash
titleAlternative: Create Signing CA Certificate using passphrase
linenumberstrue
# Generate Signing Certificate Authority (CA) Private Key using passphrase
openssl ecparam -genkey -name secp384r1secp256k1 | openssl ec -aes256 -passout pass:jobscheduler -out signing-ca.key

 # Generate Signing CA Certificate
openssl req -new -x509 -sha256 -days 5475 -key signing-ca.key -passin pass:jobscheduler -out signing-ca.crt

...

Code Block
languagebash
titleCreate Signing Certificate
linenumberstrue
# Specify server for which the certificate should be created
certificate_name=signing

# Step 1 - Generate Private Key and Certificate Signing Request
openssl req -new -sha256 -config <(cat openssl-cert.config <(printf "\n[SAN]\nnsCertType = objsign\nkeyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\n\nextendedKeyUsage = critical, codeSigning\n\nsubjectKeyIdentifier = hash\n")) \
	-key ${certificate_name}.key -out ${certificate_name}.csr

#   -days 5475 -newkey rsa:4096 -keyout ${certificate_name}.key -out ${certificate_name}.csr
#   -extensions 'standard exts' -nodes \
 
# self signed
# openssl ecparam -name secp256k1  -days 5475 -newkey rsa:4096 -keyout-genkey -noout -out ${certificate_name}.key
# openssl req -new -x509 -key ${certificate_name}.key -out ${certificate_name}.csrcrt -days 5475

# Step 2 - Generate and sign the Server Certificate
openssl x509 -req \
    -in ${certificate_name}.csr \
    -CA signing-ca.crt \
    -CAkey signing-ca.key \
    -CAcreateserial \
    -out ${certificate_name}.crt -days 7300 \
    -extfile <(printf 'keyUsagensCertType = objsign\nkeyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\n\n\nextendedKeyUsage = critical, codeSigning\n\nsubjectKeyIdentifier = hash\n' "${certificate_name}")

...