Poor Man's PKI: Difference between revisions

From WikiWiki
Jump to navigation Jump to search
No edit summary   (change visibility)
No edit summary   (change visibility)
 
(One intermediate revision by the same user not shown)
Line 2: Line 2:




 
<syntaxhighlight lang="console">
Mkdir root
Mkdir root
Mkdir leaf
Mkdir leaf
#create root - asks for cn parameters and pem password
#create root - asks for cn parameters and pem password
openssl req -new -x509 -days 3650 -out root/cert.crt -out root/rootcert.crt -keyout root/rootprivkey.key
openssl req -new -x509 -days 3650 -out root/cert.crt -out root/rootcert.crt -keyout root/rootprivkey.key
#create new leaf private key - not encrypted!
#create new leaf private key - not encrypted!
openssl genrsa -out leaf/privkey.key 2048
openssl genrsa -out leaf/privkey.key 2048
#create new leaf request based on private key, provide parameters and challenge password
#create new leaf request based on private key, provide parameters and challenge password
openssl req -new -key leaf/privkey.key -out leaf/someserver.csr -config openssl.cnf
openssl req -new -key leaf/privkey.key -out leaf/someserver.csr -config openssl.cnf
 #sign the leaf with the root
 #sign the leaf with the root
openssl x509 -req -in leaf/someserver.csr -CA root/rootcert.crt -CAkey root/rootprivkey.key -out leaf/someserversigned.cer -days 365 -sha256 -Cacreateserial
openssl x509 -req -in leaf/someserver.csr -CA root/rootcert.crt -CAkey root/rootprivkey.key -out leaf/someserversigned.cer -days 365 -sha256 -Cacreateserial
</syntaxhighlight>

Latest revision as of 14:12, 12 April 2018

Openssl


Mkdir root
Mkdir leaf
#create root - asks for cn parameters and pem password
openssl req -new -x509 -days 3650 -out root/cert.crt -out root/rootcert.crt -keyout root/rootprivkey.key
#create new leaf private key - not encrypted!
openssl genrsa -out leaf/privkey.key 2048
#create new leaf request based on private key, provide parameters and challenge password
openssl req -new -key leaf/privkey.key -out leaf/someserver.csr -config openssl.cnf
 #sign the leaf with the root
openssl x509 -req -in leaf/someserver.csr -CA root/rootcert.crt -CAkey root/rootprivkey.key -out leaf/someserversigned.cer -days 365 -sha256 -Cacreateserial