Poor Man's PKI: Difference between revisions
Jump to navigation
Jump to search
(Created page with "Openssl") (change visibility) |
No edit summary (change visibility) |
||
Line 1: | Line 1: | ||
[[Openssl]] | [[Openssl]] | ||
Mkdir root | |||
Mkdir leaf | |||
#create root - asks for cn parameters and pem password | |||
openssl req -new -x509 -days 3650 -out root/cert.crt -out root/rootcert.crt -keyout root/rootprivkey.key | |||
#create new leaf private key - not encrypted! | |||
openssl genrsa -out leaf/privkey.key 2048 | |||
#create new leaf request based on private key, provide parameters and challenge password | |||
openssl req -new -key leaf/privkey.key -out leaf/someserver.csr -config openssl.cnf | |||
#sign the leaf with the root | |||
openssl x509 -req -in leaf/someserver.csr -CA root/rootcert.crt -CAkey root/rootprivkey.key -out leaf/someserversigned.cer -days 365 -sha256 -Cacreateserial |
Revision as of 15:08, 12 April 2018
Mkdir root Mkdir leaf
- create root - asks for cn parameters and pem password
openssl req -new -x509 -days 3650 -out root/cert.crt -out root/rootcert.crt -keyout root/rootprivkey.key
- create new leaf private key - not encrypted!
openssl genrsa -out leaf/privkey.key 2048
- create new leaf request based on private key, provide parameters and challenge password
openssl req -new -key leaf/privkey.key -out leaf/someserver.csr -config openssl.cnf
#sign the leaf with the root
openssl x509 -req -in leaf/someserver.csr -CA root/rootcert.crt -CAkey root/rootprivkey.key -out leaf/someserversigned.cer -days 365 -sha256 -Cacreateserial