Page History
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
# Generate Signing Certificate Authority (CA) Private Key openssl ecparam -name prime256v1secp256k1 -genkey -noout -out signing-ca.key # prime256v1 # Generate Signing CA Certificate openssl req -new -x509 -sha256 -days 5475 -key signing-ca.key -out signing-ca.crt # You are about to be asked to enter information that will be incorporated # into your certificate request. # What you are about to enter is what is called a Distinguished Name or a DN. # There are quite a few fields but you can leave some blank # For some fields there will be a default value, # If you enter '.', the field will be left blank. # ----- # Country Name (2 letter code) [XX]:DE # State or Province Name (full name) []:Berlin # Locality Name (eg, city) [Default City]:Berlin # Organization Name (eg, company) [Default Company Ltd]:SOS # Organizational Unit Name (eg, section) []:JS7 # Common Name (eg, your name or your server's hostname) []:JS7 Deployment CA # Email Address []: # Alternative: Generate Signing Certificate Authority (CA) Private Key using passphrase # openssl ecparam -genkey -name secp384r1 | openssl ec -aes256 -passout pass:jobscheduler -out signing-ca.key # Generate Signing CA Certificate openssl req -new -x509 -sha256 -days 5475 -key signing-ca.key -passin pass:jobscheduler -out signing-ca.crt |
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
# Generate Signing Certificate Authority (CA) Private Key using passphrase openssl ecparam -genkey -name secp384r1secp256k1 | openssl ec -aes256 -passout pass:jobscheduler -out signing-ca.key # Generate Signing CA Certificate openssl req -new -x509 -sha256 -days 5475 -key signing-ca.key -passin pass:jobscheduler -out signing-ca.crt |
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
# Specify server for which the certificate should be created certificate_name=signing # Step 1 - Generate Private Key and Certificate Signing Request openssl req -new -sha256 -config <(cat openssl-cert.config <(printf "\n[SAN]\nnsCertType = objsign\nkeyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\n\nextendedKeyUsage = critical, codeSigning\n\nsubjectKeyIdentifier = hash\n")) \ -key ${certificate_name}.key -out ${certificate_name}.csr # -days 5475 -newkey rsa:4096 -keyout ${certificate_name}.key -out ${certificate_name}.csr # -extensions 'standard exts' -nodes \ # self signed # openssl ecparam -name secp256k1 -days 5475 -newkey rsa:4096 -keyout-genkey -noout -out ${certificate_name}.key # openssl req -new -x509 -key ${certificate_name}.key -out ${certificate_name}.csrcrt -days 5475 # Step 2 - Generate and sign the Server Certificate openssl x509 -req \ -in ${certificate_name}.csr \ -CA signing-ca.crt \ -CAkey signing-ca.key \ -CAcreateserial \ -out ${certificate_name}.crt -days 7300 \ -extfile <(printf 'keyUsagensCertType = objsign\nkeyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\n\n\nextendedKeyUsage = critical, codeSigning\n\nsubjectKeyIdentifier = hash\n' "${certificate_name}") |
...
Overview
Content Tools