Page History
...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
# Specify key name used for file names key_name=signing # Step 1 - Create Private Key # openssl ecparam -name secp384r1secp256k1 -genkey -noout -out "${key_name}".key # Step 2 - Generate and sign Certificate # openssl req -new -x509 -sha256 -key "${key_name}".key -out "${key_name}".crt -days 5475 # Step 1: Create Private Key and Certificate Signing Request (CSR) openssl req -new -newkey ec -pkeyopt ec_paramgen_curve:secp256k1 -sha256 -nodes \ -keyout "${key_name}".key \ -out "${key_name}".csr \ -subj "/C=DE/ST=Berlin/L=Berlin/O=SOS/OU=IT/CN=${key_name}" # Step 2: Create Certificate openssl x509 -req -days 5475 \ -signkey "${key_name}".key \ -in "${key_name}".csr \ -out "${key_name}".crt \ -extfile <(printf "keyUsagebasicConstraints=CA:FALSE\nkeyUsage=critical,nonRepudiation,digitalSignature,keyEncipherment\n\n\nextendedKeyUsage=critical,codeSigning\n") |
...
- Step 1: Create Private Key and Certificate Signing Request (CSR)
- Choice of algorithm such as
secp256k1,secp384r1etc. is up to the user. - The
-subjoption specifies the distinguished name used for the subject and issuer of the CSR and certificate. - The following files will be created with this step:
- The
<key_name>.keyfile will hold the Private Key. - The
<key_name>.csrfile will hold the Certificate Signing Request.
- The
- Choice of algorithm such as
- Step 2: Create Certificate
- The
-daysargument optionally specifies the validity period of the Certificate. - The following files will be created with this step:
- The
<key_name>.crtfile will hold the self-signed Certificate.
- The
- The
...
Overview
Content Tools