rtfd/in/public/openssl/ca.rst

Create a Certification Authority
================================

init
----

.. code:: shell

  rm --force --recursive "demoCA"
  mkdir --parents "demoCA/newcerts"
  echo -n "" > "demoCA/index.txt"
  echo "00" > "demoCA/serial"

request
-------

.. code:: shell

  echo -n "\
  US
  Region / County (code)
  City / Place
  Decreasing / Hierarchy
  Name
  Name
  alias@domain.tld
  .
  .
  " \
  | \
  openssl \
  req \
  -new \
  -key "name.pem" \
  -out "name.csr" \
  -utf8 \

signature
---------

.. code:: shell

  openssl \
  ca \
  -selfsign \
  -in "name.csr" \
  -keyfile "name.pem" \
  -notext \
  -out "name.crt" \
  -startdate 20160801000000Z \
  -enddate 20180801000000Z \
  -batch \
  -extensions "v3_ca" \

----

quick & dirty variant
---------------------

.. code:: shell

  openssl \
  ca \
  -selfsign \
  -keyfile "private_key.pem" \

----

dirtier certificate only variant
--------------------------------

.. code:: shell

 openssl \
 req \
 -new \
 -x509 \
 -days 365 \
 -key ca.key \
 -out ca.crt

Sign request
============

.. code:: shell

  openssl \
  req \
  -in "certificate_request.csr" \
  -key "private_key.pem" \
  -x509 \
  -set_serial 0 \
  -days 730 \
  -out "certificate.crt" \

----

from CA key & certificate
-------------------------

.. code:: shell

 openssl \
 x509 \
 -CA ca.crt \
 -CAkey ca.key \
 -req \
 -in "client.csr" \
 -days 365 \
 -out "client.crt" \
 -set_serial nn
openssl/split 2019-08-24 14:04:04 +00:00			`Create a Certification Authority`
			`================================`

			`init`
			`----`

			`.. code:: shell`

			`rm --force --recursive "demoCA"`
			`mkdir --parents "demoCA/newcerts"`
			`echo -n "" > "demoCA/index.txt"`
			`echo "00" > "demoCA/serial"`

			`request`
			`-------`

			`.. code:: shell`

			`echo -n "\`
			`US`
			`Region / County (code)`
			`City / Place`
			`Decreasing / Hierarchy`
			`Name`
			`Name`
			`alias@domain.tld`
			`.`
			`.`
			`" \`
			`\| \`
			`openssl \`
			`req \`
			`-new \`
			`-key "name.pem" \`
			`-out "name.csr" \`
			`-utf8 \`

			`signature`
			`---------`

			`.. code:: shell`

			`openssl \`
			`ca \`
			`-selfsign \`
			`-in "name.csr" \`
			`-keyfile "name.pem" \`
			`-notext \`
			`-out "name.crt" \`
			`-startdate 20160801000000Z \`
			`-enddate 20180801000000Z \`
			`-batch \`
			`-extensions "v3_ca" \`

			`----`

			`quick & dirty variant`
			`---------------------`

			`.. code:: shell`

			`openssl \`
			`ca \`
			`-selfsign \`
			`-keyfile "private_key.pem" \`

			`----`

			`dirtier certificate only variant`
			`--------------------------------`

			`.. code:: shell`

			`openssl \`
			`req \`
			`-new \`
			`-x509 \`
			`-days 365 \`
			`-key ca.key \`
			`-out ca.crt`

			`Sign request`
			`============`

			`.. code:: shell`

			`openssl \`
			`req \`
			`-in "certificate_request.csr" \`
			`-key "private_key.pem" \`
			`-x509 \`
			`-set_serial 0 \`
			`-days 730 \`
			`-out "certificate.crt" \`

			`----`

			`from CA key & certificate`
			`-------------------------`

			`.. code:: shell`

			`openssl \`
			`x509 \`
			`-CA ca.crt \`
			`-CAkey ca.key \`
			`-req \`
			`-in "client.csr" \`
			`-days 365 \`
			`-out "client.crt" \`
			`-set_serial nn`