Difference between revisions of "Poor Man's PKI"

From WikiWiki
Jump to navigation Jump to search
(Created page with "Openssl")   (change visibility)
 
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
[[Openssl]]
 
[[Openssl]]
 +
 +
 +
<syntaxhighlight lang="console">
 +
Mkdir root
 +
Mkdir leaf
 +
#create root - asks for cn parameters and pem password
 +
openssl req -new -x509 -days 3650 -out root/cert.crt -out root/rootcert.crt -keyout root/rootprivkey.key
 +
#create new leaf private key - not encrypted!
 +
openssl genrsa -out leaf/privkey.key 2048
 +
#create new leaf request based on private key, provide parameters and challenge password
 +
openssl req -new -key leaf/privkey.key -out leaf/someserver.csr -config openssl.cnf
 +
 #sign the leaf with the root
 +
openssl x509 -req -in leaf/someserver.csr -CA root/rootcert.crt -CAkey root/rootprivkey.key -out leaf/someserversigned.cer -days 365 -sha256 -Cacreateserial
 +
</syntaxhighlight>

Latest revision as of 14:12, 12 April 2018