Page History
...
The article explains how to create Signing Certificates for use with JS7. Users who operate an existing Private Certificate Authority might find different approaches and different responsibilities for the indicated steps. There's more than one way how to do it.
Examples in the article make use of JS7 Release 2.7.2, OpenSSL 1.1.1k FIPS 25 Mar 2021 for Unix and OpenSSL 3.1.4 24 Oct 2023 for Windows. OpenSSL ships with Linux & other Unix OS and is available for Windows.
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
# Specify key name used for file names
key_name=signing
# Create Private Key
openssl ecparam -genkey -name secp384r1 -out ${key_name}.key
# Create Certificate Signing Request
openssl req -new -sha512 -nodes \
-key ${key_name}.key \
-out ${key_name}.csr \
-subj "/C=DE/ST=Berlin/L=Berlin/O=SOS/OU=IT/CN=${key_name}" |
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
# Specify key name used for file names key_name=signing # Create Certificate openssl x509 -req -sha512 -days 3652 \ -CA signing-ca.crt \ -CAkey signing-ca.key \ -CAcreateserial \ -in ${key_name}.csr \ -out ${key_name}.crt \ -extfile <(printf '\nkeyUsagekeyUsage=critical,nonRepudiation,digitalSignature\nextendedKeyUsage=critical,codeSigning\n') |
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
# Description # create_signing_certificate.sh --key-name=<basename> --ca-key-name=<basename> --subject=<distinguished-name> --days=<number-of-days> # Example for use with key name and lifetime # ./create_signing_certificate.sh --key-name=ap --days=365 # Example for use with key name, CA key name and lifetime # ./create_signing_certificate.sh --key-name=ap --ca-key-name=signing-ca --days=4017 # Example for use with key name, subject and lifetime # ./create_signing_certificate.sh --key-name=ap --subject="/C=DE/ST=Berlin/L=Berlin/O=SOS/OU=IT/CN=ap" --days=4017 |
...
Overview
Content Tools