Page History
...
The step to create a Private Key and Certificate Signing Request is the same for use of self-signed Certificates and CA-signed Certificates. Users have the option ot to use ECDSA or RSA for the encryption type applied to the Private Key.
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
# Specify key name used for file names key_name=signing # Create Private Key openssl ecparam -genkey -name secp384r1 -out "${key_name}".key # Create Certificate Signing Request (CSR) openssl req -new -sha512 -nodes \ -key "${key_name}".key \ -out "${key_name}".csr \ -subj "/C=DE/ST=Berlin/L=Berlin/O=SOS/OU=IT/CN=${key_name}" |
Explanation:
- Private Key
- Choice of algorithm such as
secp256k1
,secp384r1
is up to the user.
- Choice of algorithm such as
- Certificare Signing Request
- The SHA option such as
-sha256, -sha384
must match the algorithm. - The
-subj
option specifies the Distinguished Name used for the subject of the CSR and Certificate.- The Distinguished Name is a unique identifier frequently using the hierarchy of Country
C
, StateST
, LocationL
, OrganizationO
, Organizational UnitOU
and Common NameCN
. - For self-signed Certificates the subject and issuer properties of the CSR/Certificate are the same. The minimum requirement is to specify the Common Name
CN=<name>
where<name>
can freely be chosen. - For CA-signed Certificates the subject property holds the Certificate's Distinguished Name and the issuer property holds the CA Certificate's Distinguished Name. Both Distinguished Names should match except for the Common Name
CN
.
- The Distinguished Name is a unique identifier frequently using the hierarchy of Country
- The SHA option such as
- The following files will be created with this step:
- The
<key_name>
.key
file will hold the Private Key. - The
<key_name>
.csr
file will hold the Certificate Signing Request.
- The
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
# Specify key name used for file names key_name=signing # Create Certificate openssl x509 -req -sha256sha512 -days 3652 \ -signkey "${key_name}".key \ -in "${key_name}".csr \ -out "${key_name}".crt \ -extfile <(printf "keyUsage=critical,nonRepudiation,digitalSignature\nextendedKeyUsage=critical,codeSigning\n") |
...
Overview
Content Tools