Page History

# Specify key name used for file names
ca_key_name=root-ca

# Create Private Key
openssl ecparam -genkey -name secp384r1 -out ${ca_key_name}.key

# Create Certificate Signing Request
openssl req -new -sha512 -nodes \
    -key ${ca_key_name}.key \
    -out ${ca_key_name}.csr \
    -subj "/C=DE/ST=Berlin/L=Berlin/O=SOS/OU=IT/CN=${ca_key_name}"

# Specify key name used for file names
ca_key_name=root-ca

# Create Certificate
openssl x509 -req -sha512 -days 7305 \
    -signkey ${ca_key_name}.key \
    -in ${ca_key_name}.csr \
    -out ${ca_key_name}.crt \
    -extfile <(printf "basicConstraints=CA:TRUE\nkeyUsage=critical,nonRepudiation,keyCertSign,cRLSign\n")

# Specify key name used for file names
server_name=myhost

# Create Private Key
openssl ecparam -genkey -name secp384r1 -out ${server_name}.key

# Create Certificate Signing Request
openssl req -new -sha512 -nodes \
    -key ${server_name}.key \
    -out ${server_name}.csr \
    -subj "/C=DE/ST=Berlin/L=Berlin/O=SOS/OU=IT/CN=${server_name}" 

# Specify server for which the certificate should be created
server_name=myhost

# Create and sign Server Certificate
openssl x509 -req -sha512 -days 3652 \
    -in ${server_name}.csr \
    -CA root-ca.crt \
    -CAkey root-ca.key \
    -CAcreateserial \
    -out ${server_name}.crt \
    -extfile <(printf 'subjectAltName=DNS:%s\nkeyUsage=critical,keyEncipherment,digitalSignature\nextendedKeyUsage=serverAuth,clientAuth\n' "${server_name}")