Update OpenSSL Self-signed Certificate Chain documentation from version 0.0.2.11 to 0.0.3.12.
This commit is contained in:
parent
a8c9437aed
commit
439931a644
SSH Key Fingerprint:
SHA256:9Pl0nZ2UJacgm+IeEtLSZ4FOESgP1eKCtRflfPfdX9M
@ -1,6 +1,6 @@
|
|||||||
= OpenSSL Self-signed Certificate Chain
|
= OpenSSL Self-signed Certificate Chain
|
||||||
|
|
||||||
Version: 0.0.2.11
|
Version: 0.0.3.12
|
||||||
|
|
||||||
|
|
||||||
This documentation contains the complete set of commands to create a new OpenSSL self-signed
|
This documentation contains the complete set of commands to create a new OpenSSL self-signed
|
||||||
@ -12,52 +12,69 @@ chain of trust is valid.
|
|||||||
|
|
||||||
|
|
||||||
== Create Certificate Authority Key
|
== Create Certificate Authority Key
|
||||||
|
|
||||||
`openssl genrsa -aes256 -out ca-key.pem 4096`
|
`openssl genrsa -aes256 -out ca-key.pem 4096`
|
||||||
|
|
||||||
== Verify Certificate Authority Key
|
== Verify Certificate Authority Key
|
||||||
|
|
||||||
`openssl rsa -noout -text -in ca-key.pem`
|
`openssl rsa -noout -text -in ca-key.pem`
|
||||||
|
|
||||||
== Create Certificate Authority Certificate
|
== Create Certificate Authority Certificate
|
||||||
|
|
||||||
`openssl req -new -x509 -days 3653 -extensions v3_ca -key ca-key.pem -out ca-crt.pem`
|
`openssl req -new -x509 -days 3653 -extensions v3_ca -key ca-key.pem -out ca-crt.pem`
|
||||||
|
|
||||||
== Convert Certificate to PEM Format
|
== Convert Certificate to PEM Format
|
||||||
|
|
||||||
`openssl x509 -in ca-crt.pem -out ca-crt.pem -outform PEM`
|
`openssl x509 -in ca-crt.pem -out ca-crt.pem -outform PEM`
|
||||||
|
|
||||||
== Verify Certificate Authority Certificate
|
== Verify Certificate Authority Certificate
|
||||||
|
|
||||||
`openssl x509 -noout -text -in ca-crt.pem`
|
`openssl x509 -noout -text -in ca-crt.pem`
|
||||||
|
|
||||||
== Create Intermediate Certificate Authority Key
|
== Create Intermediate Certificate Authority Key
|
||||||
|
|
||||||
`openssl genrsa -aes256 -out intermediate-key.pem 4096`
|
`openssl genrsa -aes256 -out intermediate-key.pem 4096`
|
||||||
|
|
||||||
== Verify Intermediate Certificate Authority Key
|
== Verify Intermediate Certificate Authority Key
|
||||||
|
|
||||||
`openssl rsa -noout -text -in intermediate-key.pem`
|
`openssl rsa -noout -text -in intermediate-key.pem`
|
||||||
|
|
||||||
== Create Intermediate Certificate Signing Request
|
== Create Intermediate Certificate Signing Request
|
||||||
|
|
||||||
`openssl req -new -sha256 -key intermediate-key.pem -out intermediate-csr.pem`
|
`openssl req -new -sha256 -key intermediate-key.pem -out intermediate-csr.pem`
|
||||||
|
|
||||||
== Create Intermediate Certificate Authority Certificate
|
== Create Intermediate Certificate Authority Certificate
|
||||||
|
|
||||||
`openssl ca -config intermediate.conf -extensions v3_intermediate_ca -days 1096 -notext -md sha256 -in intermediate-csr.pem -out intermediate-crt.pem`
|
`openssl ca -config intermediate.conf -extensions v3_intermediate_ca -days 1096 -notext -md sha256 -in intermediate-csr.pem -out intermediate-crt.pem`
|
||||||
|
|
||||||
== Verify Intermediate Certificate Authority Certificate
|
== Verify Intermediate Certificate Authority Certificate
|
||||||
|
|
||||||
`openssl x509 -noout -text -in intermediate-crt.pem`
|
`openssl x509 -noout -text -in intermediate-crt.pem`
|
||||||
|
|
||||||
== Verify Chain of Trust (CA to Intermediate)
|
== Verify Chain of Trust (CA to Intermediate)
|
||||||
|
|
||||||
`openssl verify -CAfile ca-crt.pem intermediate-crt.pem`
|
`openssl verify -CAfile ca-crt.pem intermediate-crt.pem`
|
||||||
|
|
||||||
== Create Server Key
|
== Create Server Key
|
||||||
|
|
||||||
`openssl genrsa -aes256 -out server-key.pem 2048`
|
`openssl genrsa -aes256 -out server-key.pem 2048`
|
||||||
|
|
||||||
== Verify Server Key
|
== Verify Server Key
|
||||||
|
|
||||||
`openssl rsa -noout -text -in server-key.pem`
|
`openssl rsa -noout -text -in server-key.pem`
|
||||||
|
|
||||||
== Create Server Cerificate Signing Request
|
== Create Server Cerificate Signing Request
|
||||||
|
|
||||||
`openssl req -new -sha256 -subj "/C=/ST=/L=/O=/CN=" -addext "subjectAltName = DNS.1:" -key server-key.pem -out server-csr.pem`
|
`openssl req -new -sha256 -subj "/C=/ST=/L=/O=/CN=" -addext "subjectAltName = DNS.1:" -key server-key.pem -out server-csr.pem`
|
||||||
|
|
||||||
== Create Server Certificate
|
== Create Server Certificate
|
||||||
|
|
||||||
`openssl x509 -sha256 -req -days 365 -in server-csr.pem -CA intermediate-crt.pem -CAkey intermediate-key.pem -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS.1:")) -out server-crt.pem`
|
`openssl x509 -sha256 -req -days 365 -in server-csr.pem -CA intermediate-crt.pem -CAkey intermediate-key.pem -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS.1:")) -out server-crt.pem`
|
||||||
|
|
||||||
== Verify Server Certificate
|
== Verify Server Certificate
|
||||||
|
|
||||||
`openssl x509 -noout -text -in server-crt.pem`
|
`openssl x509 -noout -text -in server-crt.pem`
|
||||||
|
|
||||||
== Verify Chain of Trust (Intermediate to Server)
|
== Verify Chain of Trust (Intermediate to Server)
|
||||||
|
|
||||||
`openssl verify -CAfile intermediate-crt.pem server-crt.pem`
|
`openssl verify -CAfile intermediate-crt.pem server-crt.pem`
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user