Page History

...

Code Block

language	bash
title	Example how to create CA Private Key and Certificate Signing Request using ECDSA encryption (Unix)
linenumbers	true

# Specify key name used for file names
ca_key_name=signing-ca

# Create Private Key
openssl ecparam -genkey -name secp384r1 -out ${ca_key_name}.key

# Create Certificate Signing Request
openssl req -new -sha512 -nodes \
    -key ${ca_key_name}.key \
    -out ${ca_key_name}.csr \
    -subj "/C=DE/ST=Berlin/L=Berlin/O=SOS/OU=IT/CN=${ca_key_name}"

...

Expand

title	Click to expand/collapse...

Code Block

language	bash
title	Example how to create Private Key and Certificate Signing Request using RSA encryption (Unix)
linenumbers	true

# Specify key name used for file names
ca_key_name=signing-ca

# Create Private Key and Certificate Signing Request
openssl req -new -newkey rsa:4096 -sha256 -nodes \
    -keyout ${ca_key_name}.key \
    -out ${ca_key_name}.csr \
    -subj "/C=DE/ST=Berlin/L=Berlin/O=SOS/OU=IT/CN=${ca_key_name}"

Expand

title	Windows version...

Code Block

language	text
title	Example how to create Private Key and Certificate Signing Request using RSA encryption (Windows)
linenumbers	true

@rem Specify key name used for file names
set ca_key_name=signing-ca
 
@rem Create Private Key and Certificate Signing Request
openssl req -new -newkey rsa:4096 -sha256 -nodes ^
    -keyout %ca_key_name%.key ^
    -out %ca_key_name%.csr ^
    -subj "/C=DE/ST=Berlin/L=Berlin/O=SOS/OU=IT/CN=%ca_key_name%"

Expand

title	Explanations...

Explanations are the same as from Creating Private Key and Certificate Signing Request for self-issued Certificates.
Users can choose Using ECDSA Encryption or Using RSA Encryption.
The following files will be created with this step:
- The signing-ca.key file will hold the Private Key.
- The signing-ca.csr file will hold the Certificate Signing Request.

...

Anchor
creating_ca_certificate
creating_ca_certificate
Creating the CA Certificate

...

Code Block

language	bash
title	Example how to create CA Private Key and Certificate Signing Request using ECDSA encryption (Unix)
linenumbers	true

# Specify key name used for file names
key_name=signing

# Create Private Key
openssl ecparam -genkey -name secp384r1 -out ${key_name}.key

# Create Certificate Signing Request
openssl req -new -sha512 -nodes \
    -key ${key_name}.key \
    -out ${key_name}.csr \
    -subj "/C=DE/ST=Berlin/L=Berlin/O=SOS/OU=IT/CN=${key_name}"

...

Expand

title	Windows version...

Code Block

language	text
title	Example how to create Signing Certificate (UnixWindows)
linenumbers	true

@rem Specify key name used for file names
set key_name=signing
 
@rem Create Certificate
set user_crt_tmp_file=user-crt-%RANDOM%.tmp
copy /Y NUL %user_crt_tmp_file%
echo basicConstraints=CA:TRUE >> %user_crt_tmp_file%
echo keyUsage=critical,nonRepudiation,digitalSignature >> %user_crt_tmp_file%
echo extendedKeyUsage=critical,codeSigning >> %user_crt_tmp_file%

openssl x509 -req -sha512 -days 3652 ^
    -CA signing-ca.crt ^
    -CAkey signing-ca.key ^
    -CAcreateserial ^
    -in %key_name%.csr ^
    -out %key_name%.crt ^
    -extfile %user_crt_tmp_file%

del /q %user_crt_tmp_file%

...

Space shortcuts

Page tree

Versions Compared

Old Version 37

New Version 38

Key

Anchor
creating_ca_certificate
creating_ca_certificate
Creating the CA Certificate

Space shortcuts

Page tree

Page History

Versions Compared

Old Version 37

New Version 38

Key

Anchorcreating_ca_certificatecreating_ca_certificateCreating the CA Certificate

Anchor
creating_ca_certificate
creating_ca_certificate
Creating the CA Certificate