Inferencium/website
1
0
Fork 0
Code Issues Activity

Fix code to conform to code style

Browse Source
This commit is contained in:
inference 2023-11-16 20:09:00 +00:00
parent 7928aff117
commit 2d25219322
Signed by: inference
SSH Key Fingerprint: SHA256:FtEVfx1CmTKMy40VwZvF4k+3TC+QhCWy+EmPRg50Nnc
2 changed files with 152 additions and 162 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

132
documentation/hardened_malloc.html
View File

@ -1,7 +1,7 @@
<!DOCTYPE html> <!DOCTYPE html>
<!-- Inferencium - Website - Documentation - GrapheneOS hardened_malloc --> <!-- Inferencium - Website - Documentation - GrapheneOS hardened_malloc -->
<!-- Version: 1.0.3-alpha.10 --> <!-- Version: 1.0.3-alpha.11 -->
<!-- Copyright 2023 Jake Winters --> <!-- Copyright 2023 Jake Winters -->
<!-- SPDX-License-Identifier: BSD-3-Clause --> <!-- SPDX-License-Identifier: BSD-3-Clause -->
@ -41,75 +41,65 @@
<p>This documentation is also available in portable AsciiDoc format in my <p>This documentation is also available in portable AsciiDoc format in my
<a href="https://src.inferencium.net/Inferencium/doc/src/branch/stable/security/hardened_malloc.adoc">documentation source code repository</a>. <a href="https://src.inferencium.net/Inferencium/doc/src/branch/stable/security/hardened_malloc.adoc">documentation source code repository</a>.
</section> </section>
<nav id="toc"> <nav id="toc">
<h2 id="toc"><a href="#toc">Table of Contents<a/></h2> <h2 id="toc"><a href="#toc">Table of Contents<a/></h2>
<ul> <ul>
<li><a href="#memory_pages">Increase Permitted Amount of Memory Pages</a></li> <li><a href="#memory_pages">Increase Permitted Amount of Memory Pages</a></li>
<li><a href="#clone_source_code">Clone hardened_malloc Source Code</a></li> <li><a href="#clone_source_code">Clone hardened_malloc Source Code</a></li>
<li><a href="#enter_local_repository">Enter hardened_malloc Local Git Repository</a></li> <li><a href="#enter_local_repository">Enter hardened_malloc Local Git Repository</a></li>
<li><a href="#compile">Compile hardened_malloc</a></li> <li><a href="#compile">Compile hardened_malloc</a></li>
<li><a href="#copy_library">Copy Compiled hardened_malloc Library</a></li> <li><a href="#copy_library">Copy Compiled hardened_malloc Library</a></li>
<li><a href="#preload_on_boot">Set System to Preload hardened_malloc on Boot</a></li> <li><a href="#preload_on_boot">Set System to Preload hardened_malloc on Boot</a></li>
</ul> </ul>
</nav> </nav>
<section id="memory_pages"> <section id="memory_pages">
<h2 id="memory_pages"><a href="#memory_pages">Increase Permitted Amount of Memory Pages</a></h2> <h2 id="memory_pages"><a href="#memory_pages">Increase Permitted Amount of Memory Pages</a></h2>
<p>Add <code>vm.max_map_count = 1048576</code> to <p>Add <code>vm.max_map_count = 1048576</code> to
<code>/etc/sysctl.conf</code> to accommodate hardened_malloc's large <code>/etc/sysctl.conf</code> to accommodate hardened_malloc's large amount of guard
amount of guard pages.</p> pages.</p>
</section> </section>
<section id="clone_source_code"> <section id="clone_source_code">
<h2 id="clone_source_code"><a href="#clone_source_code">Clone hardened_malloc Source Code</a></h2> <h2 id="clone_source_code"><a href="#clone_source_code">Clone hardened_malloc Source Code</a></h2>
<p><code>$ git clone https://github.com/GrapheneOS/hardened_malloc.git</code></p> <p><code>$ git clone https://github.com/GrapheneOS/hardened_malloc.git</code></p>
</section> </section>
<section id="enter_local_repository"> <section id="enter_local_repository">
<h2 id="enter_local_repository"><a href="#enter_local_repository">Enter hardened_malloc Local Git Repository</a></h2> <h2 id="enter_local_repository"><a href="#enter_local_repository">Enter hardened_malloc Local Git Repository</a></h2>
<p><code>$ cd hardened_malloc/</code></p> <p><code>$ cd hardened_malloc/</code></p>
</section> </section>
<section id="compile"> <section id="compile">
<h2 id="compile"><a href="#compile">Compile hardened_malloc</a></h2> <h2 id="compile"><a href="#compile">Compile hardened_malloc</a></h2>
<p><p><code>$ make <var>&lt;arguments&gt;</var></code></p> <p><p><code>$ make <var>&lt;arguments&gt;</var></code></p>
<p><code>CONFIG_N_ARENA=<var>n</var></code> can be adjusted to increase <p><code>CONFIG_N_ARENA=<var>n</var></code> can be adjusted to increase parallel
parallel performance at the expense of memory usage, or decrease memory performance at the expense of memory usage, or decrease memory usage at the expense of
usage at the expense of parallel performance, where <var>n</var> is an parallel performance, where <var>n</var> is an integer. Higher values prefer parallel
integer. Higher values prefer parallel performance, lower values prefer performance, lower values prefer lower memory usage. The number of arenas has no impact
lower memory usage. The number of arenas has no impact on the security on the security properties of hardened_malloc.<br>
properties of hardened_malloc. <b>Minimum number of arenas:</b> 1<br>
<ul> <b>Maximum number of arenas:</b> 256</p>
<li>Minimum number of arenas: 1</li> <p>For extra security, <code>CONFIG_SEAL_METADATA=true</code> can be used in order to
<li>Maximum number of arenas: 256</li> control whether Memory Protection Keys are used to disable access to all writable
</ul> allocator state outside of the memory allocator code. It's currently disabled by default
<p>For extra security, <code>CONFIG_SEAL_METADATA=true</code> can be due to a significant performance cost for this use case on current generation hardware.
used in order to control whether Memory Protection Keys are used to Whether or not this feature is enabled, the metadata is all contained within an isolated
disable access to all writable allocator state outside of the memory memory region with high entropy random guard regions around it.</p>
allocator code. It's currently disabled by default due to a significant <p>For low-memory systems, <code>VARIANT=light</code> can be used to compile the light
performance cost for this use case on current generation hardware. variant of hardened_malloc, which sacrifices some security for much less memory
Whether or not this feature is enabled, the metadata is all contained usage.</p>
within an isolated memory region with high entropy random guard regions <p>For all compile-time options, see the
around it.</p> <a href="https://github.com/GrapheneOS/hardened_malloc#configuration">configuration section</a>
<p>For low-memory systems, <code>VARIANT=light</code> can be used to of hardened_malloc's extensive official documentation.</p>
compile the light variant of hardened_malloc, which sacrifices some </section>
security for much less memory usage.</p> <section id="copy_library">
<p>For all compile-time options, see the <h2 id="copy_library"><a href="#copy_library">Copy Compiled hardened_malloc Library</a></h2>
<a href="https://github.com/GrapheneOS/hardened_malloc#configuration">configuration section</a> <p><code># cp out/libhardened_malloc.so <var>&lt;target path&gt;</var></code></p>
of hardened_malloc's extensive official documentation.</p> </section>
</section> <section id="preload_on_boot">
<section id="copy_library"> <h2 id="preload_on_boot"><a href="#preload_on_boot">Set System to Preload hardened_malloc on Boot</a></h2>
<h2 id="copy_library"><a href="#copy_library">Copy Compiled hardened_malloc Library</a></h2> <p><b>musl-based systems:</b> Add
<p><code># cp out/libhardened_malloc.so <var>&lt;target path&gt;</var></code></p> <code>export LD_PRELOAD="<var>&lt;hardened_malloc path&gt;</var>"</code> to
</section> <code>/etc/environment</code><br>
<section id="preload_on_boot"> <b>glibc-based systems:</b> Add <code><var>&lt;hardened_malloc path&gt;</var></code> to
<h2 id="preload_on_boot"><a href="#preload_on_boot">Set System to Preload hardened_malloc on Boot</a></h2> <code>/etc/ld.so.preload</code></p>
<p> </section>
<ul>
<li>musl-based systems: Add
<code>export LD_PRELOAD="<var>&lt;hardened_malloc path&gt;</var>"</code>
to <code>/etc/environment</code></li>
<li>glibc-based systems:
Add <code><var>&lt;hardened_malloc path&gt;</var></code> to
<code>/etc/ld.so.preload</code></li>
</ul>
</p>
</section>
</body> </body>
</html> </html>

182
documentation/openssl_selfsigned_certificate_chain.html
View File

@ -1,7 +1,7 @@
<!DOCTYPE html> <!DOCTYPE html>
<!-- Inferencium - Website - Documentation - OpenSSL Self-signed Certificate Chain --> <!-- Inferencium - Website - Documentation - OpenSSL Self-signed Certificate Chain -->
<!-- Version: 1.0.2-alpha.13 --> <!-- Version: 1.0.2-alpha.14 -->
<!-- Copyright 2023 Jake Winters --> <!-- Copyright 2023 Jake Winters -->
<!-- SPDX-License-Identifier: BSD-3-Clause --> <!-- SPDX-License-Identifier: BSD-3-Clause -->
@ -38,95 +38,95 @@
<p>This documentation is also available in portable AsciiDoc format in my <p>This documentation is also available in portable AsciiDoc format in my
<a href="https://src.inferencium.net/Inferencium/doc/src/branch/stable/security/openssl_selfsigned_certificate_chain.adoc">documentation source code repository</a>. <a href="https://src.inferencium.net/Inferencium/doc/src/branch/stable/security/openssl_selfsigned_certificate_chain.adoc">documentation source code repository</a>.
</section> </section>
<nav id="toc"> <nav id="toc">
<h2 id="toc"><a href="#toc">Table of Contents<a/></h2> <h2 id="toc"><a href="#toc">Table of Contents<a/></h2>
<ul> <ul>
<li><a href="#create_certificate_authority_key">Create Certificate Authority Key</a></li> <li><a href="#create_certificate_authority_key">Create Certificate Authority Key</a></li>
<li><a href="#verify_certificate_authority_key">Verify Certificate Authority Key</a></li> <li><a href="#verify_certificate_authority_key">Verify Certificate Authority Key</a></li>
<li><a href="#create_certificate_authority_certificate">Create Certificate Authority Certificate</a></li> <li><a href="#create_certificate_authority_certificate">Create Certificate Authority Certificate</a></li>
<li><a href="#convert_certificate_to_pem_format">Convert Certificate to PEM Format</a></li> <li><a href="#convert_certificate_to_pem_format">Convert Certificate to PEM Format</a></li>
<li><a href="#verify_certificate_authority_certificate">Verify Certificate Authority Certificate</a></li> <li><a href="#verify_certificate_authority_certificate">Verify Certificate Authority Certificate</a></li>
<li><a href="#create_intermediate_certificate_authority_key">Create Intermediate Certificate Authority Key</a></li> <li><a href="#create_intermediate_certificate_authority_key">Create Intermediate Certificate Authority Key</a></li>
<li><a href="#verify_intermediate_certificate_authority_key">Verify Intermediate Certificate Authority Key</a></li> <li><a href="#verify_intermediate_certificate_authority_key">Verify Intermediate Certificate Authority Key</a></li>
<li><a href="#create_intermediate_certificate_authority_signing_request">Create Intermediate Certificate Signing Request</a></li> <li><a href="#create_intermediate_certificate_authority_signing_request">Create Intermediate Certificate Signing Request</a></li>
<li><a href="#create_intermediate_certificate_authority_certificate">Create Intermediate Certificate Authority Certificate</a></li> <li><a href="#create_intermediate_certificate_authority_certificate">Create Intermediate Certificate Authority Certificate</a></li>
<li><a href="#verify_intermediate_certificate_authority_certificate">Verify Intermediate Certificate Authority Certificate</a></li> <li><a href="#verify_intermediate_certificate_authority_certificate">Verify Intermediate Certificate Authority Certificate</a></li>
<li><a href="#verify_chain_of_trust-ca_to_intermediate">Verify Chain of Trust (CA to Intermediate)</a></li> <li><a href="#verify_chain_of_trust-ca_to_intermediate">Verify Chain of Trust (CA to Intermediate)</a></li>
<li><a href="#create_server_key">Create Server Key</a></li> <li><a href="#create_server_key">Create Server Key</a></li>
<li><a href="#verify_server_key">Verify Server Key</a></li> <li><a href="#verify_server_key">Verify Server Key</a></li>
<li><a href="#create_server_certificate_signing_request">Create Server Cerificate Signing Request</a></li> <li><a href="#create_server_certificate_signing_request">Create Server Cerificate Signing Request</a></li>
<li><a href="#create_server_certificate">Create Server Certificate</a></li> <li><a href="#create_server_certificate">Create Server Certificate</a></li>
<li><a href="#verify_server_certificate">Verify Server Certificate</a></li> <li><a href="#verify_server_certificate">Verify Server Certificate</a></li>
<li><a href="#verify_chain_of_trust-intermediate_to_server">Verify Chain of Trust (Intermediate to Server)</a></li> <li><a href="#verify_chain_of_trust-intermediate_to_server">Verify Chain of Trust (Intermediate to Server)</a></li>
</ul> </ul>
</nav> </nav>
<section id="create_certificate_authority_key"> <section id="create_certificate_authority_key">
<h2 id="create_certificate_authority_key"><a href="#create_certificate_authority_key">Create Certificate Authority Key</a></h2> <h2 id="create_certificate_authority_key"><a href="#create_certificate_authority_key">Create Certificate Authority Key</a></h2>
<p><code>openssl genrsa <var>&lt;encryption type&gt;</var> -out <var>&lt;CA key name&gt;</var>.pem <var>&lt;key size&gt;</var></code></p> <p><code>openssl genrsa <var>&lt;encryption type&gt;</var> -out <var>&lt;CA key name&gt;</var>.pem <var>&lt;key size&gt;</var></code></p>
</section> </section>
<section id="verify_certificate_authority_key"> <section id="verify_certificate_authority_key">
<h2 id="verify_certificate_authority_key"><a href="#verify_certificate_authority_key">Verify Certificate Authority Key</a></h2> <h2 id="verify_certificate_authority_key"><a href="#verify_certificate_authority_key">Verify Certificate Authority Key</a></h2>
<p><code>openssl rsa -noout -text -in <var>&lt;CA key name&gt;</var>.pem</code></p> <p><code>openssl rsa -noout -text -in <var>&lt;CA key name&gt;</var>.pem</code></p>
</section> </section>
<section id="create_certificate_authority_certificate"> <section id="create_certificate_authority_certificate">
<h2 id="create_certificate_authority_certificate"><a href="#create_certificate_authority_certificate">Create Certificate Authority Certificate</a></h2> <h2 id="create_certificate_authority_certificate"><a href="#create_certificate_authority_certificate">Create Certificate Authority Certificate</a></h2>
<p><code>openssl req -new -x509 -days <var>&lt;days of validity&gt;</var> -extensions v3_ca -key <var>&lt;CA key name&gt;</var>.pem -out <var>&lt;CA certificate name&gt;</var>.pem</code></p> <p><code>openssl req -new -x509 -days <var>&lt;days of validity&gt;</var> -extensions v3_ca -key <var>&lt;CA key name&gt;</var>.pem -out <var>&lt;CA certificate name&gt;</var>.pem</code></p>
</section> </section>
<section id="convert_certificate_to_pem_format"> <section id="convert_certificate_to_pem_format">
<h2 id="convert_certificate_to_pem_format"><a href="#convert_certificate_to_pem_format">Convert Certificate to PEM Format</a></h2> <h2 id="convert_certificate_to_pem_format"><a href="#convert_certificate_to_pem_format">Convert Certificate to PEM Format</a></h2>
<p><p><code>openssl x509 -in <var>&lt;CA certificate name&gt;</var>.pem -out <var>&lt;CA certificate name&gt;</var>.pem -outform PEM</code></p> <p><p><code>openssl x509 -in <var>&lt;CA certificate name&gt;</var>.pem -out <var>&lt;CA certificate name&gt;</var>.pem -outform PEM</code></p>
</section> </section>
<section id="verify_certificate_authority_certificate"> <section id="verify_certificate_authority_certificate">
<h2 id="verify_certificate_authority_certificate"><a href="#verify_certificate_authority_certificate">Verify Certificate Authority Certificate</a></h2> <h2 id="verify_certificate_authority_certificate"><a href="#verify_certificate_authority_certificate">Verify Certificate Authority Certificate</a></h2>
<p><code>openssl x509 -noout -text -in <var>&lt;CA certificate name&gt;</var>.pem</code></p> <p><code>openssl x509 -noout -text -in <var>&lt;CA certificate name&gt;</var>.pem</code></p>
</section> </section>
<section id="create_intermediate_certificate_authority_key"> <section id="create_intermediate_certificate_authority_key">
<h2 id="create_intermediate_certificate_authority_key"><a href="#create_intermediate_certificate_authority_key">Create Intermediate Certificate Authority Key</a></h2> <h2 id="create_intermediate_certificate_authority_key"><a href="#create_intermediate_certificate_authority_key">Create Intermediate Certificate Authority Key</a></h2>
<p><code>openssl genrsa <var>&lt;encryption type&gt;</var> -out <var>&lt;intermediate CA key name&gt;</var>.pem <var>&lt;key size&gt;</var></code> <p><code>openssl genrsa <var>&lt;encryption type&gt;</var> -out <var>&lt;intermediate CA key name&gt;</var>.pem <var>&lt;key size&gt;</var></code>
</section> </section>
<section id="verify_intermediate_certificate_authority_key"> <section id="verify_intermediate_certificate_authority_key">
<h2 id="verify_intermediate_certificate_authority_key"><a href="#verify_intermediate_certificate_authority_key">Verify Intermediate Certificate Authority Key</a></h2> <h2 id="verify_intermediate_certificate_authority_key"><a href="#verify_intermediate_certificate_authority_key">Verify Intermediate Certificate Authority Key</a></h2>
<p><code>openssl rsa -noout -text -in <var>&lt;intermediate CA key name&gt;</var>.pem</code></p> <p><code>openssl rsa -noout -text -in <var>&lt;intermediate CA key name&gt;</var>.pem</code></p>
</section> </section>
<section id="create_intermediate_certificate_authority_signing_request"> <section id="create_intermediate_certificate_authority_signing_request">
<h2 id="create_intermediate_certificate_authority_signing_request"><a href="#create_intermediate_certificate_authority_signing_request">Create Intermediate Certificate Authority Signing Request</a></h2> <h2 id="create_intermediate_certificate_authority_signing_request"><a href="#create_intermediate_certificate_authority_signing_request">Create Intermediate Certificate Authority Signing Request</a></h2>
<p><code>openssl req -new -sha256 -key <var>&lt;intermediate CA key name&gt;</var>.pem -out <var>&lt;intermediate CA certificate signing request name&gt;</var>.pem</code></p> <p><code>openssl req -new -sha256 -key <var>&lt;intermediate CA key name&gt;</var>.pem -out <var>&lt;intermediate CA certificate signing request name&gt;</var>.pem</code></p>
</section> </section>
<section id="create_intermediate_certificate_authority_certificate"> <section id="create_intermediate_certificate_authority_certificate">
<h2 id="create_intermediate_certificate_authority_certificate"><a href="#create_intermediate_certificate_authority_certificate">Create Intermediate Certificate Authority Certificate</a></h2> <h2 id="create_intermediate_certificate_authority_certificate"><a href="#create_intermediate_certificate_authority_certificate">Create Intermediate Certificate Authority Certificate</a></h2>
<p><code>openssl ca -config <var>&lt;intermediate CA configuration file&gt;</var> -extensions v3_intermediate_ca -days <var>&lt;days of validity&gt;</var> -notext -md sha256 -in <var>&lt;intermediate CA signing request name&gt;</var>.pem -out <var>&lt;intermediate CA certificate name&gt;</var>.pem</code></p> <p><code>openssl ca -config <var>&lt;intermediate CA configuration file&gt;</var> -extensions v3_intermediate_ca -days <var>&lt;days of validity&gt;</var> -notext -md sha256 -in <var>&lt;intermediate CA signing request name&gt;</var>.pem -out <var>&lt;intermediate CA certificate name&gt;</var>.pem</code></p>
</section> </section>
<section id="verify_intermediate_certificate_authority_certificate"> <section id="verify_intermediate_certificate_authority_certificate">
<h2 id="verify_intermediate_certificate_authority_certificate"><a href="#verify_intermediate_certificate_authority_certificate">Verify Intermediate Certificate Authority Certificate</a></h2> <h2 id="verify_intermediate_certificate_authority_certificate"><a href="#verify_intermediate_certificate_authority_certificate">Verify Intermediate Certificate Authority Certificate</a></h2>
<p><code>openssl x509 -noout -text -in <var>&lt;intermediate CA certificate name&gt;</var>.pem</code></p> <p><code>openssl x509 -noout -text -in <var>&lt;intermediate CA certificate name&gt;</var>.pem</code></p>
</section> </section>
<section id="verify_chain_of_trust-ca_to_intermediate"> <section id="verify_chain_of_trust-ca_to_intermediate">
<h2 id="verify_chain_of_trust-ca_to_intermediate"><a href="#verify_chain_of_trust-ca_to_intermediate">Verify Chain of Trust (CA to Intermediate)</a></h2> <h2 id="verify_chain_of_trust-ca_to_intermediate"><a href="#verify_chain_of_trust-ca_to_intermediate">Verify Chain of Trust (CA to Intermediate)</a></h2>
<p><code>openssl verify -CAfile <var>&lt;CA certificate name&gt;</var>.pem <var>&lt;intermediate CA certificate name&gt;</var>.pem</code></p> <p><code>openssl verify -CAfile <var>&lt;CA certificate name&gt;</var>.pem <var>&lt;intermediate CA certificate name&gt;</var>.pem</code></p>
</section> </section>
<section id="create_server_key"> <section id="create_server_key">
<h2 id="create_server_key"><a href="#create_server_key">Create Server Key</a></h2> <h2 id="create_server_key"><a href="#create_server_key">Create Server Key</a></h2>
<p><code>openssl genrsa <var>&lt;encryption type&gt;</var> -out <var>&lt;server key name&gt;</var>.pem <var>&lt;key size&gt;</var></code></p> <p><code>openssl genrsa <var>&lt;encryption type&gt;</var> -out <var>&lt;server key name&gt;</var>.pem <var>&lt;key size&gt;</var></code></p>
</section> </section>
<section id="verify_server_key"> <section id="verify_server_key">
<h2 id="verify_server_key"><a href="#verify_server_key">Verify Server Key</a></h2> <h2 id="verify_server_key"><a href="#verify_server_key">Verify Server Key</a></h2>
<p><code>openssl rsa -noout -text -in <var>&lt;server key name&gt;</var>.pem</code></p> <p><code>openssl rsa -noout -text -in <var>&lt;server key name&gt;</var>.pem</code></p>
</section> </section>
<section id="create_server_certificate_signing_request"> <section id="create_server_certificate_signing_request">
<h2 id="create_server_certificate_signing_request"><a href="#create_server_certificate_signing_request">Create Server Certificate Signing Request</a></h2> <h2 id="create_server_certificate_signing_request"><a href="#create_server_certificate_signing_request">Create Server Certificate Signing Request</a></h2>
<p><code>openssl req -new -sha256 -subj "/C=<var>&lt;country&gt;</var>/ST=<var>&lt;state/province&gt;</var>/L=<var>&lt;locality&gt;</var>/O=<var>&lt;organization&gt;</var>/CN=&lt;common name&gt;</var>" -addext "subjectAltName = DNS.1:<var>&lt;alternative DNS entry&gt;</var>" -key <var>&lt;server key name&gt;</var>.pem -out <var>&lt;server certificate signing request name&gt;</var>.pem</code></p> <p><code>openssl req -new -sha256 -subj "/C=<var>&lt;country&gt;</var>/ST=<var>&lt;state/province&gt;</var>/L=<var>&lt;locality&gt;</var>/O=<var>&lt;organization&gt;</var>/CN=&lt;common name&gt;</var>" -addext "subjectAltName = DNS.1:<var>&lt;alternative DNS entry&gt;</var>" -key <var>&lt;server key name&gt;</var>.pem -out <var>&lt;server certificate signing request name&gt;</var>.pem</code></p>
</section> </section>
<section id="create_server_certificate"> <section id="create_server_certificate">
<h2 id="create_server_certificate"><a href="#create_server_certificate">Create Server Certificate</a></h2> <h2 id="create_server_certificate"><a href="#create_server_certificate">Create Server Certificate</a></h2>
<p><code>openssl x509 -sha256 -req -days <var>&lt;days of validity&gt;</var> -in <var>&lt;server certificate signing request name&gt;</var>.pem -CA <var>&lt;intermediate CA certificate name&gt;</var>.pem -CAkey <var>&lt;intermediate CA key name&gt;</var>.pem -extensions SAN -extfile &lt;(cat /etc/ssl/openssl.cnf &lt;(printf "\n[SAN]\nsubjectAltName=DNS.1:")) -out <var>&lt;server certificate name&gt;</var>.pem</code></p> <p><code>openssl x509 -sha256 -req -days <var>&lt;days of validity&gt;</var> -in <var>&lt;server certificate signing request name&gt;</var>.pem -CA <var>&lt;intermediate CA certificate name&gt;</var>.pem -CAkey <var>&lt;intermediate CA key name&gt;</var>.pem -extensions SAN -extfile &lt;(cat /etc/ssl/openssl.cnf &lt;(printf "\n[SAN]\nsubjectAltName=DNS.1:")) -out <var>&lt;server certificate name&gt;</var>.pem</code></p>
</section> </section>
<section id="verify_server_certificate"> <section id="verify_server_certificate">
<h2 id="verify_server_certificate"><a href="#verify_server_certificate">Verify Server Certificate</a></h2> <h2 id="verify_server_certificate"><a href="#verify_server_certificate">Verify Server Certificate</a></h2>
<p><code>openssl x509 -noout -text -in <var>&lt;server certificate name&gt;</var>.pem</code></p> <p><code>openssl x509 -noout -text -in <var>&lt;server certificate name&gt;</var>.pem</code></p>
</section> </section>
<section id="verify_chain_of_trust-intermediate_to_server"> <section id="verify_chain_of_trust-intermediate_to_server">
<h2 id="verify_chain_of_trust-intermediate_to_server"><a href="#verify_chain_of_trust-intermediate_to_server">Verify Chain of Trust (Intermediate to Server)</a></h2> <h2 id="verify_chain_of_trust-intermediate_to_server"><a href="#verify_chain_of_trust-intermediate_to_server">Verify Chain of Trust (Intermediate to Server)</a></h2>
<p><code>openssl verify -CAfile <var>&lt;intermediate CA certificate name&gt;</var>.pem <var>&lt;server certificate&gt;</var>.pem</code></p> <p><code>openssl verify -CAfile <var>&lt;intermediate CA certificate name&gt;</var>.pem <var>&lt;server certificate&gt;</var>.pem</code></p>
</section> </section>
</body> </body>
</html> </html>