Page History
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
# Specify key name used for file names
ca_key_name=root-ca
# Create Private Key
openssl ecparam -genkey -name secp384r1 -out ${ca_key_name}.key
# Create Certificate Signing Request
openssl req -new -sha512 -nodes \
-key ${ca_key_name}.key \
-out ${ca_key_name}.csr \
-subj "/C=DE/ST=Berlin/L=Berlin/O=SOS/OU=IT/CN=${ca_key_name}" |
Expand | |||||||||
---|---|---|---|---|---|---|---|---|---|
| |||||||||
|
Expand | ||
---|---|---|
| ||
|
...
Expand | ||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||
|
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
# Specify key name used for file names ca_key_name=root-ca # Create Certificate openssl x509 -req -sha512 -days 7305 \ -signkey ${ca_key_name}.key \ -in ${ca_key_name}.csr \ -out ${ca_key_name}.crt \ -extfile <(printf "basicConstraints=CA:TRUE\nkeyUsage=critical,nonRepudiation,keyCertSign,cRLSign\n") |
Expand | |||||||||
---|---|---|---|---|---|---|---|---|---|
| |||||||||
|
Expand | ||
---|---|---|
| ||
|
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
# Specify key name used for file names server_name=myhost # Create Private Key openssl ecparam -genkey -name secp384r1 -out ${server_name}.key # Create Certificate Signing Request openssl req -new -sha512 -nodes \ -key ${server_name}.key \ -out ${server_name}.csr \ -subj "/C=DE/ST=Berlin/L=Berlin/O=SOS/OU=IT/CN=${server_name}" |
Expand | |||||||||
---|---|---|---|---|---|---|---|---|---|
| |||||||||
|
Expand | ||
---|---|---|
| ||
|
...
Expand | |||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||||
Explanations:
|
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
# Specify server for which the certificate should be created server_name=myhost # Create and sign Server Certificate openssl x509 -req -sha512 -days 3652 \ -in ${server_name}.csr \ -CA root-ca.crt \ -CAkey root-ca.key \ -CAcreateserial \ -out ${server_name}.crt \ -extfile <(printf 'subjectAltName=DNS:%s\nkeyUsage=critical,keyEncipherment,digitalSignature\nextendedKeyUsage=serverAuth,clientAuth\n' "${server_name}") |
Expand | |||||||||
---|---|---|---|---|---|---|---|---|---|
| |||||||||
|
Expand | ||
---|---|---|
| ||
|
...
Overview
Content Tools