...
Users can run the following commands from the shell and replace the value of the server_name environment variable with a name of their choice that is used when creating related files.
Creating the Private Key and Certificate Signing Request
| Anchor |
|---|
| using_server_private_key_ecdsa |
|---|
| using_server_private_key_ecdsa |
|---|
|
Using ECDSA Encryption
...
| Expand |
|---|
| title | Click to expand/collapse... |
|---|
|
| Code Block |
|---|
| language | bash |
|---|
| title | Example how to create Private Key and Certificate Signing Request using RSA encryption (Unix) |
|---|
| linenumbers | true |
|---|
| # Specify key name used for file names
server_name=myhost
# Create Private Key and Certificate Signing Request
openssl req -new -newkey rsa:4096 -sha256 -nodes \
-keyout ${server_name}.key \
-out ${server_name}.csr \
-subj "/C=DE/ST=Berlin/L=Berlin/O=SOS/OU=IT/CN=${server_name}" |
| Expand |
|---|
| | Code Block |
|---|
| language | text |
|---|
| title | Example how to create Private Key and Certificate Signing Request using RSA encryption (Windows) |
|---|
| linenumbers | true |
|---|
| @rem Specify key name used for file names
set server_name=myhost
@rem Create Private Key and Certificate Signing Request
openssl req -new -newkey rsa:4096 -sha256 -nodes ^
-keyout %server_name%.key ^
-out %server_name%.csr ^
-subj "/C=DE/ST=Berlin/L=Berlin/O=SOS/OU=IT/CN=%server_name%" |
|
|
Creating
...
the Server Certificate
| Code Block |
|---|
| language | bash |
|---|
| title | Example how to create and sign Server Certificate (Unix) |
|---|
| linenumbers | true |
|---|
|
# Specify server for which the certificate should be created
server_name=myhost
# Create and sign Server Certificate
openssl x509 -req -sha512 -days 3652 \
-in ${server_name}.csr \
-CA root-ca.crt \
-CAkey root-ca.key \
-CAcreateserial \
-out ${server_name}.crt \
-extfile <(printf 'subjectAltName=DNS:%s\nkeyUsage=critical,keyEncipherment,digitalSignature\nextendedKeyUsage=serverAuth,clientAuth\n' "${server_name}") |
...