From 5182e6c1a19f0d530c1f42578fc16b8554c9e51d Mon Sep 17 00:00:00 2001 From: inference Date: Mon, 18 Mar 2024 05:19:59 +0000 Subject: [PATCH] Update webpage "Documentation - OpenSSL Self-signed Certificate Chain" from version "5.0.0" to "5.0.1" --- ...openssl_selfsigned_certificate_chain.xhtml | 273 ++++++++++-------- 1 file changed, 146 insertions(+), 127 deletions(-) diff --git a/documentation/openssl_selfsigned_certificate_chain.xhtml b/documentation/openssl_selfsigned_certificate_chain.xhtml index 8d63e2e..e237899 100644 --- a/documentation/openssl_selfsigned_certificate_chain.xhtml +++ b/documentation/openssl_selfsigned_certificate_chain.xhtml @@ -1,137 +1,156 @@ - + - - - - - - Inferencium - Documentation - OpenSSL Self-signed Certificate Chain - - - -

Documentation - OpenSSL Self-signed Certificate Chain

-
-

This documentation contains the complete set of commands to create a new OpenSSL - self-signed certificate chain with V3 subjectAltName (SAN) extensions enabled. Multiple - SANs can be included in a certificate by adding each domain as a comma-delimited string. - Each key can be encrypted or unencrypted, with multiple encryption options; AES - (aes128 or aes256) is recommended. Optional verification can - also be performed between multiple levels of certificates to ensure the chain of trust - is valid.

-

This documentation is also available in portable AsciiDoc format in my - documentation source code repository.

-
- -
-

Create Certificate Authority Key

-

openssl genrsa <encryption type> -out <CA key name>.pem <key size>

-
-
-

Verify Certificate Authority Key

-

openssl rsa -noout -text -in <CA key name>.pem

-
-
-

Create Certificate Authority Certificate

-

openssl req -new -x509 -days <days of validity> -extensions v3_ca -key <CA key name>.pem -out <CA certificate name>.pem

-
-
-

Convert Certificate to PEM Format

-

openssl x509 -in <CA certificate name>.pem -out <CA certificate name>.pem -outform PEM

-
-
-

Verify Certificate Authority Certificate

-

openssl x509 -noout -text -in <CA certificate name>.pem

-
-
-

Create Intermediate Certificate Authority Key

-

openssl genrsa <encryption type> -out <intermediate CA key name>.pem <key size>

-
-
-

Verify Intermediate Certificate Authority Key

-

openssl rsa -noout -text -in <intermediate CA key name>.pem

-
-
-

Create Intermediate Certificate Authority Signing Request

-

openssl req -new -sha256 -key <intermediate CA key name>.pem -out <intermediate CA certificate signing request name>.pem

-
-
-

Create Intermediate Certificate Authority Certificate

-

openssl ca -config <intermediate CA configuration file> -extensions v3_intermediate_ca -days <days of validity> -notext -md sha256 -in <intermediate CA signing request name>.pem -out <intermediate CA certificate name>.pem

-
-
-

Verify Intermediate Certificate Authority Certificate

-

openssl x509 -noout -text -in <intermediate CA certificate name>.pem

-
-
-

Verify Chain of Trust (CA to Intermediate)

-

openssl verify -CAfile <CA certificate name>.pem <intermediate CA certificate name>.pem

-
-
-

Create Server Key

-

openssl genrsa <encryption type> -out <server key name>.pem <key size>

-
-
-

Verify Server Key

-

openssl rsa -noout -text -in <server key name>.pem

-
-
-

Create Server Certificate Signing Request

-

openssl req -new -sha256 -subj "/C=<country>/ST=<state/province>/L=<locality>/O=<organization>/CN=<common name>" -addext "subjectAltName = DNS.1:<alternative DNS entry>" -key <server key name>.pem -out <server certificate signing request name>.pem

-
-
-

Create Server Certificate

-

openssl x509 -sha256 -req -days <days of validity> -in <server certificate signing request name>.pem -CA <intermediate CA certificate name>.pem -CAkey <intermediate CA key name>.pem -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS.1:")) -out <server certificate name>.pem

-
-
-

Verify Server Certificate

-

openssl x509 -noout -text -in <server certificate name>.pem

-
-
-

Verify Chain of Trust (Intermediate to Server)

-

openssl verify -CAfile <intermediate CA certificate name>.pem <server certificate>.pem

-
-
Sitemap
- + + + + + + Inferencium - Documentation - OpenSSL Self-signed Certificate Chain + + + +

Documentation - OpenSSL Self-signed Certificate Chain

+
+

This documentation contains the complete set of commands to create a new OpenSSL self-signed + certificate chain with V3 subjectAltName (SAN) extensions enabled. Multiple SANs can be included in a + certificate by adding each domain as a comma-delimited string. Each key can be encrypted or unencrypted, + with multiple encryption options; AES (aes128 or aes256) is recommended. + Optional verification can also be performed between multiple levels of certificates to ensure the chain + of trust is valid.

+

This documentation is also available in portable AsciiDoc format in my + documentation source code repository.

+
+ +
+

Create Certificate Authority Key

+

openssl genrsa <encryption type> -out <CA key name>.pem + <key size>

+
+
+

Verify Certificate Authority Key

+

openssl rsa -noout -text -in <CA key name>.pem

+
+
+

Create Certificate Authority Certificate

+

openssl req -new -x509 -days <days of validity> -extensions v3_ca -key + <CA key name>.pem -out <CA certificate name>.pem

+
+
+

Convert Certificate to PEM Format

+

openssl x509 -in <CA certificate name>.pem -out + <CA certificate name>.pem -outform PEM

+
+
+

Verify Certificate Authority Certificate

+

openssl x509 -noout -text -in <CA certificate name>.pem

+
+
+

Create Intermediate Certificate Authority Key

+

openssl genrsa <encryption type> -out + <intermediate CA key name>.pem <key size>

+
+
+

Verify Intermediate Certificate Authority Key

+

openssl rsa -noout -text -in <intermediate CA key name>.pem

+
+
+

Create Intermediate Certificate Authority Signing Request

+

openssl req -new -sha256 -key <intermediate CA key name>.pem -out + <intermediate CA certificate signing request name>.pem

+
+
+

Create Intermediate Certificate Authority Certificate

+

openssl ca -config <intermediate CA configuration file> -extensions + v3_intermediate_ca -days <days of validity> -notext -md sha256 -in + <intermediate CA signing request name>.pem -out + <intermediate CA certificate name>.pem

+
+
+

Verify Intermediate Certificate Authority Certificate

+

openssl x509 -noout -text -in + <intermediate CA certificate name>.pem

+
+
+

Verify Chain of Trust (CA to Intermediate)

+

openssl verify -CAfile <CA certificate name>.pem + <intermediate CA certificate name>.pem

+
+
+

Create Server Key

+

openssl genrsa <encryption type> -out + <server key name>.pem <key size>

+
+
+

Verify Server Key

+

openssl rsa -noout -text -in <server key name>.pem

+
+
+

Create Server Certificate Signing Request

+

openssl req -new -sha256 -subj "/C=<country>/ST=<state/province>/L=<locality>/O=<organization>/CN=<common name>" + -addext "subjectAltName = DNS.1:<alternative DNS entry>" -key + <server key name>.pem -out + <server certificate signing request name>.pem

+
+
+

Create Server Certificate

+

openssl x509 -sha256 -req -days <days of validity> -in + <server certificate signing request name>.pem -CA + <intermediate CA certificate name>.pem -CAkey + <intermediate CA key name>.pem -extensions SAN -extfile <(cat + /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS.1:")) -out + <server certificate name>.pem

+
+
+

Verify Server Certificate

+

openssl x509 -noout -text -in <server certificate name>.pem

+
+
+

Verify Chain of Trust (Intermediate to Server)

+

openssl verify -CAfile <intermediate CA certificate name>.pem + <server certificate>.pem

+
+
Sitemap
+