Page History
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
# Specify key name used for file names key_name=signing # GenerateCreate Private Key and Certificate # openssl req -sha256 -newkey rsa:4096 -keyout "${key_name}".key -passout pass: # Create Certificate Signing Request (CSR) openssl req -x509new -sha256 -newkey rsa:4096 -sha256 -nodes \ -config <(printf "\n[ req ]\nprompt=no\ndistinguished_name=standard dn\n\n[ standard dn]\ncountryName=DE\nstateOrProvinceName=Berlin\nlocalityName=Berlin\norganizationName=SOS\norganizationalUnitName=IT\ncommonName=${key_name}\n\n[ standard exts ]\nkeyUsage=critical,nonRepudiation,digitalSignature,keyEncipherment\nextendedKeyUsage=critical,codeSigning\n") \ -keyout "${key_name}".key \ -out "${key_name}.crt".csr # Create and sign Certificate openssl x509 -req -days 5475 \ -signkey "${key_name}".key \ -in "${key_name}".csr \ -out "${key_name}".crt \ -extfile <(printf "keyUsage=critical,nonRepudiation,digitalSignature,keyEncipherment\n\n\nextendedKeyUsage=critical,codeSigning\n" "${key_name}") |
Explanation:
- In the example the Private Key is created using the specified key size of
4096
. - The Certificate is created with the
-days
argument optionally specified for the validity period of the Certificate. - The
<key_name>
.key
file will hold the Private Key. - The
<key_name>
.crt
file will hold the self-signed Certificate.
...
Overview
Content Tools