...
Users can run the following commands from the shell and replace the value of the server_name
environment variable with a name of their choice that is used when creating related files.
Creating the Private Key and Certificate Signing Request
Anchor |
---|
| using_server_private_key_ecdsa |
---|
| using_server_private_key_ecdsa |
---|
|
Using ECDSA Encryption
...
Expand |
---|
title | Click to expand/collapse... |
---|
|
Code Block |
---|
language | bash |
---|
title | Example how to create Private Key and Certificate Signing Request using RSA encryption (Unix) |
---|
linenumbers | true |
---|
| # Specify key name used for file names
server_name=myhost
# Create Private Key and Certificate Signing Request
openssl req -new -newkey rsa:4096 -sha256 -nodes \
-keyout ${server_name}.key \
-out ${server_name}.csr \
-subj "/C=DE/ST=Berlin/L=Berlin/O=SOS/OU=IT/CN=${server_name}" |
Expand |
---|
| Code Block |
---|
language | text |
---|
title | Example how to create Private Key and Certificate Signing Request using RSA encryption (Windows) |
---|
linenumbers | true |
---|
| @rem Specify key name used for file names
set server_name=myhost
@rem Create Private Key and Certificate Signing Request
openssl req -new -newkey rsa:4096 -sha256 -nodes ^
-keyout %server_name%.key ^
-out %server_name%.csr ^
-subj "/C=DE/ST=Berlin/L=Berlin/O=SOS/OU=IT/CN=%server_name%" |
|
|
Creating
...
the Server Certificate
Code Block |
---|
language | bash |
---|
title | Example how to create and sign Server Certificate (Unix) |
---|
linenumbers | true |
---|
|
# Specify server for which the certificate should be created
server_name=myhost
# Create and sign Server Certificate
openssl x509 -req -sha512 -days 3652 \
-in ${server_name}.csr \
-CA root-ca.crt \
-CAkey root-ca.key \
-CAcreateserial \
-out ${server_name}.crt \
-extfile <(printf 'subjectAltName=DNS:%s\nkeyUsage=critical,keyEncipherment,digitalSignature\nextendedKeyUsage=serverAuth,clientAuth\n' "${server_name}") |
...