JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 14

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 15

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagebash
titleCreate self-signed Certificate using ECDSA
linenumberstrue
# Specify key name used for file names
key_name=signing

# Step 1 - GenerateCreate Private Key
# openssl ecparam -name secp256k1secp384r1 -genkey -noout -out "${key_name}".key

# Step 2 - Generate and sign Certificate
# openssl req -new -x509 -sha256 -key ${key_name}.key -out ${key_name}.crt -days 5475

# Step 1: Create Private Key and Certificate Signing Request (CSR)
openssl req -new -newkey ec -pkeyopt ec_paramgen_curve:secp256k1  -sha256 -nodes \
    -keyout "${key_name}".key \
    -out "${key_name}".csr \
    -subj "/C=DE/ST=Berlin/L=Berlin/O=SOS/OU=IT/CN=${key_name}"

# Step 2: Create Certificate
openssl x509 -req -days 5475 \
    -signkey "${key_name}".key \
    -in "${key_name}".csr \
    -out "${key_name}".crt \
    -extfile <(printf "keyUsage=critical,nonRepudiation,digitalSignature,keyEncipherment\n\n\nextendedKeyUsage=critical,codeSigning\n")

Explanation:

  • Step 1: The Create Private Key is created.and Certificate Signing Request (CSR)
    • Choice of algorithm such as secp256k1, secp384r1 etc. is up to the user.
    • The following files will be created with this step:
      • The <key_name>.key file will hold the Private Key.
      • The <key_name>.csr file will hold the Certificate Signing Request.
  • Step 2: The Create Certificate is created.
    • The -days argument optionally specifies the validity period of the Certificate.
    • The following files will be created with this step:
      • The <key_name>.crt file will hold the self-signed Certificate.

Using RSA Encryption

Code Block
languagebash
titleCreate self-signed Certificate using RSA
linenumberstrue
# Specify key name used for file names
key_name=signing

# Step 1: Create Private Key
# openssl req -sha256 -newkey rsa:4096 -keyout "${key_name}".key -passout pass:

# Create and Certificate Signing Request (CSR)
openssl req -new -newkey rsa:4096 -sha256 -nodes \
    -config <(printf "\n[ req ]\nprompt=no\ndistinguished_name=standard dn\n\n[ standard dn]\ncountryName=DE\nstateOrProvinceName=Berlin\nlocalityName=Berlin\norganizationName=SOS\norganizationalUnitName=IT\ncommonName=keyout "${key_name}\n\n[ standard exts ]\nkeyUsage=critical,nonRepudiation,digitalSignature,keyEncipherment\nextendedKeyUsage=critical,codeSigning\n") \
	-keyout".key \
    -out "${key_name}".keycsr \
    -outsubj "/C=DE/ST=Berlin/L=Berlin/O=SOS/OU=IT/CN=${key_name}".csr

# CreateStep and2: signCreate Certificate
openssl x509 -req -days 5475 \
    -signkey "${key_name}".key \
    -in "${key_name}".csr \
    -out "${key_name}".crt \
    -extfile <(printf "keyUsage=critical,nonRepudiation,digitalSignature,keyEncipherment\n\n\nextendedKeyUsage=critical,codeSigning\n" "${key_name}")

Explanation:

  • Step 1: Create Private Key and Certificate Signing Request (CSR)
    • In the example the Private Key is created using the specified key size
    of 4096.
    • 4096.
    • The following files will be created with this step:
      • The <key_name>.key file will hold the Private Key.
      • The <key_name>.csr file will hold the Certificate Signing Request.
  • Step 2: Create Certificate
    • The Certificate is created with the -days argument optionally specified for the validity period of the Certificate.
    • The
    <key_name>.key file will hold the Private Key.
    • following files will be created with this step:
      • The <key_name>.crt file will hold the self-signed Certificate.

Anchor
ca_signed_certificates
ca_signed_certificates
Creating CA-signed Certificates

...