Page History
...
The first step includes to create a private key the root-ca.key
private key file and self-signed certificate the root-ca.crt
for self-signed certificate file for the Root CA both in PEM format. This step is performed just once.
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
# Specify server for which the certificate should be created SERVER=somehost # Step 1 - Generate Private Key and Certificate Signing Request openssl req -new -config openssl-cert.config -extensions 'standard exts' -nodes \ -days 7300 -newkey rsa:4096 -keyout ${SERVER}.key -out ${SERVER}.csr # Step 2 - Generate and Sign the Server Certificate openssl x509 -req \ -in ${SERVER}.csr \ -CA root-ca.crt \ -CAkey root-ca.key \ -CAcreateserial \ -out ${SERVER}.crt -days 7300 \ -extfile <(printf "subjectAltName=DNS:${SERVER}\nnsCertType = client, server\nkeyUsage = digitalSignature, keyEncipherment\nextendedKeyUsage = serverAuth, clientAuth\n") |
Explanation:
- The following files will be created for the given server:
<SERVER>
.key
: the private key<SERVER>
.csr
: the Certificate Signing Request<SERVER>
.crt
: the Server Certificate
In order to run the script successfully the following openssl-cert.config
file has to be present. To create a server certificate the CommonName
attribute has to be adjusted.
...
Overview
Content Tools