in→docs

docs/public/openssl/ca/create.rst

@@ -0,0 +1,80 @@
+Create
+======
+
+init
+----
+
+.. code:: shell
+
+  rm --force --recursive "demoCA"
+  mkdir --parents "demoCA/newcerts"
+  echo -n "" > "demoCA/index.txt"
+  echo "00" > "demoCA/serial"
+
+request
+-------
+
+.. code:: shell
+
+  echo -n "\
+  US
+  Region / County (code)
+  City / Place
+  Decreasing / Hierarchy
+  Name
+  Name
+  alias@domain.tld
+  .
+  .
+  " \
+  | \
+  openssl \
+  req \
+  -new \
+  -key "name.pem" \
+  -out "name.csr" \
+  -utf8 \
+
+signature
+---------
+
+.. code:: shell
+
+  openssl \
+  ca \
+  -selfsign \
+  -in "name.csr" \
+  -keyfile "name.pem" \
+  -notext \
+  -out "name.crt" \
+  -startdate 20160801000000Z \
+  -enddate 20180801000000Z \
+  -batch \
+  -extensions "v3_ca" \
+
+----
+
+quick & dirty variant
+---------------------
+
+.. code:: shell
+
+  openssl \
+  ca \
+  -selfsign \
+  -keyfile "private_key.pem" \
+
+----
+
+dirtier certificate only variant
+--------------------------------
+
+.. code:: shell
+
+ openssl \
+ req \
+ -in ca.csr \
+ -x509 \
+ -days 365 \
+ -key ca.key \
+ -out ca.crt

docs/public/openssl/ca/index.rst

@@ -0,0 +1,7 @@
+Certification Authority
+=======================
+
+.. toctree::
+
+   create
+   sign

docs/public/openssl/ca/sign.rst

@@ -0,0 +1,31 @@
+Sign certificate request
+========================
+
+from CA key & certificate
+-------------------------
+
+.. code:: shell
+
+ openssl \
+ x509 \
+ -CA ca.crt \
+ -CAkey ca.key \
+ -req \
+ -in "client.csr" \
+ -days 365 \
+ -out "client.crt" \
+ -set_serial nn
+
+from proper CA
+--------------
+
+.. code:: shell
+
+  openssl \
+  req \
+  -in "certificate_request.csr" \
+  -key "private_key.pem" \
+  -x509 \
+  -set_serial 0 \
+  -days 730 \
+  -out "certificate.crt"