Poor Man's PKI: Difference between revisions
Jump to navigation
Jump to search
No edit summary (change visibility) |
No edit summary (change visibility) |
||
(One intermediate revision by the same user not shown) | |||
Line 2: | Line 2: | ||
<syntaxhighlight lang="console"> | |||
Mkdir root | Mkdir root | ||
Mkdir leaf | Mkdir leaf | ||
#create root - asks for cn parameters and pem password | #create root - asks for cn parameters and pem password | ||
openssl req -new -x509 -days 3650 -out root/cert.crt -out root/rootcert.crt -keyout root/rootprivkey.key | openssl req -new -x509 -days 3650 -out root/cert.crt -out root/rootcert.crt -keyout root/rootprivkey.key | ||
#create new leaf private key - not encrypted! | #create new leaf private key - not encrypted! | ||
openssl genrsa -out leaf/privkey.key 2048 | openssl genrsa -out leaf/privkey.key 2048 | ||
#create new leaf request based on private key, provide parameters and challenge password | #create new leaf request based on private key, provide parameters and challenge password | ||
openssl req -new -key leaf/privkey.key -out leaf/someserver.csr -config openssl.cnf | openssl req -new -key leaf/privkey.key -out leaf/someserver.csr -config openssl.cnf | ||
#sign the leaf with the root | #sign the leaf with the root | ||
openssl x509 -req -in leaf/someserver.csr -CA root/rootcert.crt -CAkey root/rootprivkey.key -out leaf/someserversigned.cer -days 365 -sha256 -Cacreateserial | openssl x509 -req -in leaf/someserver.csr -CA root/rootcert.crt -CAkey root/rootprivkey.key -out leaf/someserversigned.cer -days 365 -sha256 -Cacreateserial | ||
</syntaxhighlight> |
Latest revision as of 14:12, 12 April 2018
Mkdir root
Mkdir leaf
#create root - asks for cn parameters and pem password
openssl req -new -x509 -days 3650 -out root/cert.crt -out root/rootcert.crt -keyout root/rootprivkey.key
#create new leaf private key - not encrypted!
openssl genrsa -out leaf/privkey.key 2048
#create new leaf request based on private key, provide parameters and challenge password
openssl req -new -key leaf/privkey.key -out leaf/someserver.csr -config openssl.cnf
#sign the leaf with the root
openssl x509 -req -in leaf/someserver.csr -CA root/rootcert.crt -CAkey root/rootprivkey.key -out leaf/someserversigned.cer -days 365 -sha256 -Cacreateserial