Page History
...
Create Root CA Certificate
This The first step includes to create a private key (root-ca.key
) and self-signed certificate (root-ca.crt
) both in PEM format. As a result the following files will be created:
...
- Download: create_root_ca.sh
- The shell script is executed without arguments.
Code Block | ||||
---|---|---|---|---|
| ||||
./create_root_ca.sh |
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
#!/bin/bash # Create Root CA private key and certificate set -e CA_HOME=$(dirname "$0") CA_HOME=$(cd "${CA_HOME}" >/dev/null && pwd) CA_CERTS=${CA_HOME}/certs CA_PRIVATE=${CA_HOME}/private # step 1 Generate Certificate Authority (CA) Private Key openssl ecparam -name prime256v1 -genkey -noout -out ${CA_PRIVATE}/root-ca.key # step 2: Generate Certificate Authority Certificate openssl req -new -x509 -sha256 -key ${CA_PRIVATE}/root-ca.key -out ${CA_CERTS}/root-ca.crt |
Create Server Certificate
This The second step includes to create a private key and certificate request (CSR). The resulting server certificate will be signed.
...
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
#!/bin/bash # Create certificate for Server Authentication and Client Authentication set -e CA_HOME=$(dirname "$0") CA_HOME=$(cd "${CA_HOME}" >/dev/null && pwd) CA_CERTS=${CA_HOME}/certs CA_CSR=${CA_HOME}/csr CA_PRIVATE=${CA_HOME}/private # Specify server for which the certificate should be created SERVER=$1 # Create required sub-directories mkdir -p ${CA_CERTS} ${CA_CSR} ${CA_PRIVATE} # Step 1 - Generate Private Key and Certificate Signing Request openssl req -new -config ${CA_HOME}/openssl-cert.config -extensions 'standard exts' -nodes \ -days 7300 -newkey rsa:4096 -keyout ${CA_PRIVATE}/${SERVER}.key -out ${CA_CSR}/${SERVER}.csr # Step 2 - Generate and Sign the Server Certificate openssl x509 -req \ -in ${CA_CSR}/${SERVER}.csr \ -CA ${CA_CERTS}/root-ca.crt \ -CAkey ${CA_PRIVATE}/root-ca.key \ -CAcreateserial \ -out ${CA_CERTS}/${SERVER}.crt -days 7300 \ -extfile <(printf "subjectAltName=DNS:apmaccs,DNS:apmaccs.sos\nnsCertType = client, server\nkeyUsage = digitalSignature, keyEncipherment\nextendedKeyUsage = serverAuth, clientAuth\n") |
...
Overview
Content Tools