Update webpage "Documentation - OpenSSL Self-signed Certificate Chain" from version "5.0.1" to "5.0.2"

2024-06-28 21:31:36 +01:00 · 2024-06-28 21:31:36 +01:00 · 263cdc951f
commit 263cdc951f
parent 7dd30552d3
1 changed files with 26 additions and 44 deletions
--- a/documentation/openssl_selfsigned_certificate_chain.xhtml
+++ b/documentation/openssl_selfsigned_certificate_chain.xhtml
@ -1,7 +1,7 @@
 <!DOCTYPE html>
 <!-- Inferencium - Website - Documentation - OpenSSL Self-signed Certificate Chain -->
-<!-- Version: 5.0.1 -->
+<!-- Version: 5.0.2 -->
 <!-- Copyright 2023 Jake Winters -->
 <!-- SPDX-License-Identifier: BSD-3-Clause -->
@ -33,13 +33,15 @@
 		<h1 id="openssl_selfsigned_certificate_chain"><a href="#openssl_selfsigned_certificate_chain">Documentation - OpenSSL Self-signed Certificate Chain</a></h1>
 			<section id="introduction">
 				<p>This documentation contains the complete set of commands to create a new OpenSSL self-signed
-				certificate chain with V3 subjectAltName (SAN) extensions enabled. Multiple SANs can be included in a
+				certificate chain with V3 subjectAltName (SAN) extensions enabled. SANs can be included in a certificate
-				certificate by adding each domain as a comma-delimited string. Each key can be encrypted or unencrypted,
+				by adding each domain as a comma-delimited string.</p>
-				with multiple encryption options; AES (<code>aes128</code> or <code>aes256</code>) is recommended.
+				<p>Each key can be encrypted or unencrypted, with multiple encryption options; AES (<code>aes128</code>
-				Optional verification can also be performed between multiple levels of certificates to ensure the chain
+				or <code>aes256</code>) is recommended.</p>
 				<p>Optional verification can also be performed between multiple levels of certificates to ensure the chain
 				of trust is valid.</p>
-				<p>This documentation is also available in portable AsciiDoc format in my
+				<p>This documentation is also available in portable
-				<a href="https://src.inferencium.net/Inferencium/doc/src/branch/stable/security/openssl_selfsigned_certificate_chain.adoc">documentation source code repository</a>.</p>
+				<a href="https://src.inferencium.net/Inferencium/doc/src/branch/stable/security/openssl_selfsigned_certificate_chain.adoc">AsciiDoc format</a>
 				in my documentation source code repository.</p>
 			</section>
 			<nav id="toc">
 				<h2><a href="#toc">Table of Contents</a></h2>
@ -65,91 +67,71 @@
 			</nav>
 			<section id="create_certificate_authority_key">
 				<h2><a href="#create_certificate_authority_key">Create Certificate Authority Key</a></h2>
-					<p><code>openssl genrsa <var>&lt;encryption type&gt;</var> -out <var>&lt;CA key name&gt;</var>.pem
+					<pre>openssl genrsa <var>&lt;encryption type&gt;</var> -out <var>&lt;CA key name&gt;</var>.pem <var>&lt;key size&gt;</var></pre>
 					<var>&lt;key size&gt;</var></code></p>
 			</section>
 			<section id="verify_certificate_authority_key">
 				<h2><a href="#verify_certificate_authority_key">Verify Certificate Authority Key</a></h2>
-					<p><code>openssl rsa -noout -text -in <var>&lt;CA key name&gt;</var>.pem</code></p>
+					<pre>openssl rsa -noout -text -in <var>&lt;CA key name&gt;</var>.pem</pre>
 			</section>
 			<section id="create_certificate_authority_certificate">
 				<h2><a href="#create_certificate_authority_certificate">Create Certificate Authority Certificate</a></h2>
-					<p><code>openssl req -new -x509 -days <var>&lt;days of validity&gt;</var> -extensions v3_ca -key
+					<pre>openssl req -new -x509 -days <var>&lt;days of validity&gt;</var> -extensions v3_ca -key <var>&lt;CA key name&gt;</var>.pem -out <var>&lt;CA certificate name&gt;</var>.pem</pre>
 					<var>&lt;CA key name&gt;</var>.pem -out <var>&lt;CA certificate name&gt;</var>.pem</code></p>
 			</section>
 			<section id="convert_certificate_to_pem_format">
 				<h2><a href="#convert_certificate_to_pem_format">Convert Certificate to PEM Format</a></h2>
-					<p><code>openssl x509 -in <var>&lt;CA certificate name&gt;</var>.pem -out
+					<pre>openssl x509 -in <var>&lt;CA certificate name&gt;</var>.pem -out <var>&lt;CA certificate name&gt;</var>.pem -outform PEM</pre>
 					<var>&lt;CA certificate name&gt;</var>.pem -outform PEM</code></p>
 			</section>
 			<section id="verify_certificate_authority_certificate">
 				<h2><a href="#verify_certificate_authority_certificate">Verify Certificate Authority Certificate</a></h2>
-					<p><code>openssl x509 -noout -text -in <var>&lt;CA certificate name&gt;</var>.pem</code></p>
+					<pre>openssl x509 -noout -text -in <var>&lt;CA certificate name&gt;</var>.pem</pre>
 			</section>
 			<section id="create_intermediate_certificate_authority_key">
 				<h2><a href="#create_intermediate_certificate_authority_key">Create Intermediate Certificate Authority Key</a></h2>
-					<p><code>openssl genrsa <var>&lt;encryption type&gt;</var> -out
+					<pre>openssl genrsa <var>&lt;encryption type&gt;</var> -out <var>&lt;intermediate CA key name&gt;</var>.pem <var>&lt;key size&gt;</var></pre>
 					<var>&lt;intermediate CA key name&gt;</var>.pem <var>&lt;key size&gt;</var></code></p>
 			</section>
 			<section id="verify_intermediate_certificate_authority_key">
 				<h2><a href="#verify_intermediate_certificate_authority_key">Verify Intermediate Certificate Authority Key</a></h2>
-					<p><code>openssl rsa -noout -text -in <var>&lt;intermediate CA key name&gt;</var>.pem</code></p>
+					<pre>openssl rsa -noout -text -in <var>&lt;intermediate CA key name&gt;</var>.pem</pre>
 			</section>
 			<section id="create_intermediate_certificate_authority_signing_request">
 				<h2><a href="#create_intermediate_certificate_authority_signing_request">Create Intermediate Certificate Authority Signing Request</a></h2>
-					<p><code>openssl req -new -sha256 -key <var>&lt;intermediate CA key name&gt;</var>.pem -out
+					<pre>openssl req -new -sha256 -key <var>&lt;intermediate CA key name&gt;</var>.pem -out <var>&lt;intermediate CA certificate signing request name&gt;</var>.pem</pre>
 					<var>&lt;intermediate CA certificate signing request name&gt;</var>.pem</code></p>
 			</section>
 			<section id="create_intermediate_certificate_authority_certificate">
 				<h2><a href="#create_intermediate_certificate_authority_certificate">Create Intermediate Certificate Authority Certificate</a></h2>
-					<p><code>openssl ca -config <var>&lt;intermediate CA configuration file&gt;</var> -extensions
+					<pre>openssl ca -config <var>&lt;intermediate CA configuration file&gt;</var> -extensions v3_intermediate_ca -days <var>&lt;days of validity&gt;</var> -notext -md sha256 -in <var>&lt;intermediate CA signing request name&gt;</var>.pem -out <var>&lt;intermediate CA certificate name&gt;</var>.pem</pre>
 					v3_intermediate_ca -days <var>&lt;days of validity&gt;</var> -notext -md sha256 -in
 					<var>&lt;intermediate CA signing request name&gt;</var>.pem -out
 					<var>&lt;intermediate CA certificate name&gt;</var>.pem</code></p>
 			</section>
 			<section id="verify_intermediate_certificate_authority_certificate">
 				<h2><a href="#verify_intermediate_certificate_authority_certificate">Verify Intermediate Certificate Authority Certificate</a></h2>
-					<p><code>openssl x509 -noout -text -in
+					<pre>openssl x509 -noout -text -in <var>&lt;intermediate CA certificate name&gt;</var>.pem</pre>
 					<var>&lt;intermediate CA certificate name&gt;</var>.pem</code></p>
 			</section>
 			<section id="verify_chain_of_trust-ca_to_intermediate">
 				<h2><a href="#verify_chain_of_trust-ca_to_intermediate">Verify Chain of Trust (CA to Intermediate)</a></h2>
-					<p><code>openssl verify -CAfile <var>&lt;CA certificate name&gt;</var>.pem
+					<pre>openssl verify -CAfile <var>&lt;CA certificate name&gt;</var>.pem <var>&lt;intermediate CA certificate name&gt;</var>.pem</pre>
 					<var>&lt;intermediate CA certificate name&gt;</var>.pem</code></p>
 			</section>
 			<section id="create_server_key">
 				<h2><a href="#create_server_key">Create Server Key</a></h2>
-					<p><code>openssl genrsa <var>&lt;encryption type&gt;</var> -out
+					<pre>openssl genrsa <var>&lt;encryption type&gt;</var> -out <var>&lt;server key name&gt;</var>.pem <var>&lt;key size&gt;</var></pre>
 					<var>&lt;server key name&gt;</var>.pem <var>&lt;key size&gt;</var></code></p>
 			</section>
 			<section id="verify_server_key">
 				<h2><a href="#verify_server_key">Verify Server Key</a></h2>
-					<p><code>openssl rsa -noout -text -in <var>&lt;server key name&gt;</var>.pem</code></p>
+					<pre>openssl rsa -noout -text -in <var>&lt;server key name&gt;</var>.pem</pre>
 			</section>
 			<section id="create_server_certificate_signing_request">
 				<h2><a href="#create_server_certificate_signing_request">Create Server Certificate Signing Request</a></h2>
-					<p><code>openssl req -new -sha256 -subj "/C=<var>&lt;country&gt;</var>/ST=<var>&lt;state/province&gt;</var>/L=<var>&lt;locality&gt;</var>/O=<var>&lt;organization&gt;</var>/CN=<var>&lt;common name&gt;</var>"
+					<pre>openssl req -new -sha256 -subj "/C=<var>&lt;country&gt;</var>/ST=<var>&lt;state/province&gt;</var>/L=<var>&lt;locality&gt;</var>/O=<var>&lt;organization&gt;</var>/CN=<var>&lt;common name&gt;</var>" -addext "subjectAltName = DNS.1:<var>&lt;alternative DNS entry&gt;</var>" -key <var>&lt;server key name&gt;</var>.pem -out <var>&lt;server certificate signing request name&gt;</var>.pem</pre>
 					-addext "subjectAltName = DNS.1:<var>&lt;alternative DNS entry&gt;</var>" -key
 					<var>&lt;server key name&gt;</var>.pem -out
 					<var>&lt;server certificate signing request name&gt;</var>.pem</code></p>
 			</section>
 			<section id="create_server_certificate">
 				<h2><a href="#create_server_certificate">Create Server Certificate</a></h2>
-					<p><code>openssl x509 -sha256 -req  -days <var>&lt;days of validity&gt;</var> -in
+					<pre>openssl x509 -sha256 -req  -days <var>&lt;days of validity&gt;</var> -in <var>&lt;server certificate signing request name&gt;</var>.pem -CA <var>&lt;intermediate CA certificate name&gt;</var>.pem -CAkey <var>&lt;intermediate CA key name&gt;</var>.pem -extensions SAN -extfile &lt;(cat /etc/ssl/openssl.cnf &lt;(printf "\n[SAN]\nsubjectAltName=DNS.1:")) -out <var>&lt;server certificate name&gt;</var>.pem</pre>
 					<var>&lt;server certificate signing request name&gt;</var>.pem -CA
 					<var>&lt;intermediate CA certificate name&gt;</var>.pem -CAkey
 					<var>&lt;intermediate CA key name&gt;</var>.pem -extensions SAN -extfile &lt;(cat
 					/etc/ssl/openssl.cnf &lt;(printf "\n[SAN]\nsubjectAltName=DNS.1:")) -out
 					<var>&lt;server certificate name&gt;</var>.pem</code></p>
 			</section>
 			<section id="verify_server_certificate">
 				<h2><a href="#verify_server_certificate">Verify Server Certificate</a></h2>
-					<p><code>openssl x509 -noout -text -in <var>&lt;server certificate name&gt;</var>.pem</code></p>
+					<pre>openssl x509 -noout -text -in <var>&lt;server certificate name&gt;</var>.pem</pre>
 			</section>
 			<section id="verify_chain_of_trust-intermediate_to_server">
 				<h2><a href="#verify_chain_of_trust-intermediate_to_server">Verify Chain of Trust (Intermediate to Server)</a></h2>
-					<p><code>openssl verify -CAfile <var>&lt;intermediate CA certificate name&gt;</var>.pem
+					<pre>openssl verify -CAfile <var>&lt;intermediate CA certificate name&gt;</var>.pem <var>&lt;server certificate&gt;</var>.pem</pre>
 					<var>&lt;server certificate&gt;</var>.pem</code></p>
 			</section>
 		<div class="sitemap-small"><a href="../sitemap.xhtml">Sitemap</a></div>
 	</body>