Page History
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
# Specify key name used for file names key_name=signing # Step 1 - GenerateCreate Private Key # openssl ecparam -name secp256k1secp384r1 -genkey -noout -out "${key_name}".key # Step 2 - Generate and sign Certificate # openssl req -new -x509 -sha256 -key ${key_name}.key -out ${key_name}.crt -days 5475 # Step 1: Create Private Key and Certificate Signing Request (CSR) openssl req -new -newkey ec -pkeyopt ec_paramgen_curve:secp256k1 -sha256 -nodes \ -keyout "${key_name}".key \ -out "${key_name}".csr \ -subj "/C=DE/ST=Berlin/L=Berlin/O=SOS/OU=IT/CN=${key_name}" # Step 2: Create Certificate openssl x509 -req -days 5475 \ -signkey "${key_name}".key \ -in "${key_name}".csr \ -out "${key_name}".crt \ -extfile <(printf "keyUsage=critical,nonRepudiation,digitalSignature,keyEncipherment\n\n\nextendedKeyUsage=critical,codeSigning\n") |
Explanation:
- Step 1: The Create Private Key is created.and Certificate Signing Request (CSR)
- Choice of algorithm such as
secp256k1
,secp384r1
etc. is up to the user. - The following files will be created with this step:
- The
<key_name>
.key
file will hold the Private Key. - The
<key_name>
.csr
file will hold the Certificate Signing Request.
- The
- Choice of algorithm such as
- Step 2: The Create Certificate is created.
- The
-days
argument optionally specifies the validity period of the Certificate. - The following files will be created with this step:
- The
<key_name>
.crt
file will hold the self-signed Certificate.
- The
- The
Using RSA Encryption
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
# Specify key name used for file names key_name=signing # Step 1: Create Private Key # openssl req -sha256 -newkey rsa:4096 -keyout "${key_name}".key -passout pass: # Create and Certificate Signing Request (CSR) openssl req -new -newkey rsa:4096 -sha256 -nodes \ -config <(printf "\n[ req ]\nprompt=no\ndistinguished_name=standard dn\n\n[ standard dn]\ncountryName=DE\nstateOrProvinceName=Berlin\nlocalityName=Berlin\norganizationName=SOS\norganizationalUnitName=IT\ncommonName=keyout "${key_name}\n\n[ standard exts ]\nkeyUsage=critical,nonRepudiation,digitalSignature,keyEncipherment\nextendedKeyUsage=critical,codeSigning\n") \ -keyout".key \ -out "${key_name}".keycsr \ -outsubj "/C=DE/ST=Berlin/L=Berlin/O=SOS/OU=IT/CN=${key_name}".csr # CreateStep and2: signCreate Certificate openssl x509 -req -days 5475 \ -signkey "${key_name}".key \ -in "${key_name}".csr \ -out "${key_name}".crt \ -extfile <(printf "keyUsage=critical,nonRepudiation,digitalSignature,keyEncipherment\n\n\nextendedKeyUsage=critical,codeSigning\n" "${key_name}") |
Explanation:
- Step 1: Create Private Key and Certificate Signing Request (CSR)
- In the example the Private Key is created using the specified key size
4096
.-
4096
. - The following files will be created with this step:
- The
<key_name>
.key
file will hold the Private Key. - The
<key_name>
.csr
file will hold the Certificate Signing Request.
- The
- Step 2: Create Certificate
- The Certificate is created with the
-days
argument optionally specified for the validity period of the Certificate. - The
<key_name>
.key
file will hold the Private Key.- following files will be created with this step:
- The
<key_name>
.crt
file will hold the self-signed Certificate.
- The
- The Certificate is created with the
Anchor | ||||
---|---|---|---|---|
|
...
Overview
Content Tools