Poor Man's PKI

From WikiWiki
Revision as of 15:12, 12 April 2018 by Mendel (talk | contribs)
(change visibility) (diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Openssl 


Mkdir root
Mkdir leaf
#create root - asks for cn parameters and pem password
openssl req -new -x509 -days 3650 -out root/cert.crt -out root/rootcert.crt -keyout root/rootprivkey.key
#create new leaf private key - not encrypted!
openssl genrsa -out leaf/privkey.key 2048
#create new leaf request based on private key, provide parameters and challenge password
openssl req -new -key leaf/privkey.key -out leaf/someserver.csr -config openssl.cnf
 #sign the leaf with the root
openssl x509 -req -in leaf/someserver.csr -CA root/rootcert.crt -CAkey root/rootprivkey.key -out leaf/someserversigned.cer -days 365 -sha256 -Cacreateserial
Retrieved from "https://mendelonline.be/wiki/index.php?title=Poor_Man%27s_PKI&oldid=548"