rtfd/in/public/openssl/ca.rst
2019-08-24 16:04:04 +02:00

111 lines
1.4 KiB
ReStructuredText

Create a Certification Authority
================================
init
----
.. code:: shell
rm --force --recursive "demoCA"
mkdir --parents "demoCA/newcerts"
echo -n "" > "demoCA/index.txt"
echo "00" > "demoCA/serial"
request
-------
.. code:: shell
echo -n "\
US
Region / County (code)
City / Place
Decreasing / Hierarchy
Name
Name
alias@domain.tld
.
.
" \
| \
openssl \
req \
-new \
-key "name.pem" \
-out "name.csr" \
-utf8 \
signature
---------
.. code:: shell
openssl \
ca \
-selfsign \
-in "name.csr" \
-keyfile "name.pem" \
-notext \
-out "name.crt" \
-startdate 20160801000000Z \
-enddate 20180801000000Z \
-batch \
-extensions "v3_ca" \
----
quick & dirty variant
---------------------
.. code:: shell
openssl \
ca \
-selfsign \
-keyfile "private_key.pem" \
----
dirtier certificate only variant
--------------------------------
.. code:: shell
openssl \
req \
-new \
-x509 \
-days 365 \
-key ca.key \
-out ca.crt
Sign request
============
.. code:: shell
openssl \
req \
-in "certificate_request.csr" \
-key "private_key.pem" \
-x509 \
-set_serial 0 \
-days 730 \
-out "certificate.crt" \
----
from CA key & certificate
-------------------------
.. code:: shell
openssl \
x509 \
-CA ca.crt \
-CAkey ca.key \
-req \
-in "client.csr" \
-days 365 \
-out "client.crt" \
-set_serial nn