Difference between revisions of "Poor Man's PKI"

From WikiWiki
Jump to navigation Jump to search
(Created page with "Openssl")   (change visibility)
 
Line 1: Line 1:
 
[[Openssl]]
 
[[Openssl]]
 +
 +
 +
 +
Mkdir root
 +
Mkdir leaf
 +
#create root - asks for cn parameters and pem password
 +
openssl req -new -x509 -days 3650 -out root/cert.crt -out root/rootcert.crt -keyout root/rootprivkey.key
 +
 +
 +
#create new leaf private key - not encrypted!
 +
openssl genrsa -out leaf/privkey.key 2048
 +
 +
#create new leaf request based on private key, provide parameters and challenge password
 +
openssl req -new -key leaf/privkey.key -out leaf/someserver.csr -config openssl.cnf
 +
 +
 +
 #sign the leaf with the root
 +
openssl x509 -req -in leaf/someserver.csr -CA root/rootcert.crt -CAkey root/rootprivkey.key -out leaf/someserversigned.cer -days 365 -sha256 -Cacreateserial

Revision as of 14:08, 12 April 2018

Openssl


Mkdir root Mkdir leaf

  1. create root - asks for cn parameters and pem password

openssl req -new -x509 -days 3650 -out root/cert.crt -out root/rootcert.crt -keyout root/rootprivkey.key


  1. create new leaf private key - not encrypted!

openssl genrsa -out leaf/privkey.key 2048

  1. create new leaf request based on private key, provide parameters and challenge password

openssl req -new -key leaf/privkey.key -out leaf/someserver.csr -config openssl.cnf


 #sign the leaf with the root openssl x509 -req -in leaf/someserver.csr -CA root/rootcert.crt -CAkey root/rootprivkey.key -out leaf/someserversigned.cer -days 365 -sha256 -Cacreateserial