Page History
...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
# Specify key name used for file names
key_name=signing
# Create Certificate
openssl x509 -req -days 3652 \
-signkey "${key_name}".key \
-in "${key_name}".csr \
-out "${key_name}".crt \
-extfile <(printf "basicConstraints=CA:FALSE\nkeyUsagekeyUsage=critical,nonRepudiation,digitalSignature\nextendedKeyUsage=critical,codeSigning\n") |
...
Steps include to create the signing-ca.crt self CA-signed Certificate file in PEM format.
Users can run the following commands from the shell and replace the value of the ca_key_name environment variable with a name of their choice that is used when creating related files.
...
- Explanations are similar to Creating self-signed Certificates with a few exceptions.
- The
-daysoption specifying the validity period of the CA Certificate should be longer than the validity period of individual certificates. - The
-extfileoption specifies the Basic ConstraintCA:TRUEwhich is required for a CA Certificate. Key Usage is limited to signing certificates. - The following files will be created with this step:
- The
signing-ca.crtfile will hold the CA Certificate.
- The
...
- Explanations are similar to Creating self-signed Certificates with a few exceptions:
- The
-daysoption specifying the validity period of the Signing Certificate should be shorter than the validity period of the CA Certificate. - The
-inoption specifies the location of the Certificate Signing Request. - The
-CAoption specifies the location of the CA Certificate file. - The
-CAkeyoption specifies the location of the CA Private Key file. - The
-extfileoption specifies the Key Usage being limited to code signing.
- The
- The following files will be created with this step:
- The
signing.crtfile will hold the Signing Certificate..
- The
...
Overview
Content Tools