Page History
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
# Specify key name used for file names key_name=signing # Create Certificate openssl x509 -req -days 3652 \ -signkey "${key_name}".key \ -in "${key_name}".csr \ -out "${key_name}".crt \ -extfile <(printf "basicConstraints=CA:FALSE\nkeyUsagekeyUsage=critical,nonRepudiation,digitalSignature\nextendedKeyUsage=critical,codeSigning\n") |
...
Steps include to create the signing-ca.crt
self CA-signed Certificate file in PEM format.
Users can run the following commands from the shell and replace the value of the ca_key_name
environment variable with a name of their choice that is used when creating related files.
...
- Explanations are similar to Creating self-signed Certificates with a few exceptions.
- The
-days
option specifying the validity period of the CA Certificate should be longer than the validity period of individual certificates. - The
-extfile
option specifies the Basic ConstraintCA:TRUE
which is required for a CA Certificate. Key Usage is limited to signing certificates. - The following files will be created with this step:
- The
signing-ca.crt
file will hold the CA Certificate.
- The
...
- Explanations are similar to Creating self-signed Certificates with a few exceptions:
- The
-days
option specifying the validity period of the Signing Certificate should be shorter than the validity period of the CA Certificate. - The
-in
option specifies the location of the Certificate Signing Request. - The
-CA
option specifies the location of the CA Certificate file. - The
-CAkey
option specifies the location of the CA Private Key file. - The
-extfile
option specifies the Key Usage being limited to code signing.
- The
- The following files will be created with this step:
- The
signing.crt
file will hold the Signing Certificate..
- The
...
Overview
Content Tools