Update webpage "Documentation - OpenSSL Self-signed Certificate Chain" from version "5.0.0" to "5.0.1"
This commit is contained in:
parent
634e1813e9
commit
5182e6c1a1
SSH Key Fingerprint:
SHA256:FtEVfx1CmTKMy40VwZvF4k+3TC+QhCWy+EmPRg50Nnc
@ -1,7 +1,7 @@
|
|||||||
<!DOCTYPE html>
|
<!DOCTYPE html>
|
||||||
|
|
||||||
<!-- Inferencium - Website - Documentation - OpenSSL Self-signed Certificate Chain -->
|
<!-- Inferencium - Website - Documentation - OpenSSL Self-signed Certificate Chain -->
|
||||||
<!-- Version: 5.0.0 -->
|
<!-- Version: 5.0.1 -->
|
||||||
|
|
||||||
<!-- Copyright 2023 Jake Winters -->
|
<!-- Copyright 2023 Jake Winters -->
|
||||||
<!-- SPDX-License-Identifier: BSD-3-Clause -->
|
<!-- SPDX-License-Identifier: BSD-3-Clause -->
|
||||||
@ -32,13 +32,12 @@
|
|||||||
</nav>
|
</nav>
|
||||||
<h1 id="openssl_selfsigned_certificate_chain"><a href="#openssl_selfsigned_certificate_chain">Documentation - OpenSSL Self-signed Certificate Chain</a></h1>
|
<h1 id="openssl_selfsigned_certificate_chain"><a href="#openssl_selfsigned_certificate_chain">Documentation - OpenSSL Self-signed Certificate Chain</a></h1>
|
||||||
<section id="introduction">
|
<section id="introduction">
|
||||||
<p>This documentation contains the complete set of commands to create a new OpenSSL
|
<p>This documentation contains the complete set of commands to create a new OpenSSL self-signed
|
||||||
self-signed certificate chain with V3 subjectAltName (SAN) extensions enabled. Multiple
|
certificate chain with V3 subjectAltName (SAN) extensions enabled. Multiple SANs can be included in a
|
||||||
SANs can be included in a certificate by adding each domain as a comma-delimited string.
|
certificate by adding each domain as a comma-delimited string. Each key can be encrypted or unencrypted,
|
||||||
Each key can be encrypted or unencrypted, with multiple encryption options; AES
|
with multiple encryption options; AES (<code>aes128</code> or <code>aes256</code>) is recommended.
|
||||||
(<code>aes128</code> or <code>aes256</code>) is recommended. Optional verification can
|
Optional verification can also be performed between multiple levels of certificates to ensure the chain
|
||||||
also be performed between multiple levels of certificates to ensure the chain of trust
|
of trust is valid.</p>
|
||||||
is valid.</p>
|
|
||||||
<p>This documentation is also available in portable AsciiDoc format in my
|
<p>This documentation is also available in portable AsciiDoc format in my
|
||||||
<a href="https://src.inferencium.net/Inferencium/doc/src/branch/stable/security/openssl_selfsigned_certificate_chain.adoc">documentation source code repository</a>.</p>
|
<a href="https://src.inferencium.net/Inferencium/doc/src/branch/stable/security/openssl_selfsigned_certificate_chain.adoc">documentation source code repository</a>.</p>
|
||||||
</section>
|
</section>
|
||||||
@ -66,7 +65,8 @@
|
|||||||
</nav>
|
</nav>
|
||||||
<section id="create_certificate_authority_key">
|
<section id="create_certificate_authority_key">
|
||||||
<h2><a href="#create_certificate_authority_key">Create Certificate Authority Key</a></h2>
|
<h2><a href="#create_certificate_authority_key">Create Certificate Authority Key</a></h2>
|
||||||
<p><code>openssl genrsa <var><encryption type></var> -out <var><CA key name></var>.pem <var><key size></var></code></p>
|
<p><code>openssl genrsa <var><encryption type></var> -out <var><CA key name></var>.pem
|
||||||
|
<var><key size></var></code></p>
|
||||||
</section>
|
</section>
|
||||||
<section id="verify_certificate_authority_key">
|
<section id="verify_certificate_authority_key">
|
||||||
<h2><a href="#verify_certificate_authority_key">Verify Certificate Authority Key</a></h2>
|
<h2><a href="#verify_certificate_authority_key">Verify Certificate Authority Key</a></h2>
|
||||||
@ -74,11 +74,13 @@
|
|||||||
</section>
|
</section>
|
||||||
<section id="create_certificate_authority_certificate">
|
<section id="create_certificate_authority_certificate">
|
||||||
<h2><a href="#create_certificate_authority_certificate">Create Certificate Authority Certificate</a></h2>
|
<h2><a href="#create_certificate_authority_certificate">Create Certificate Authority Certificate</a></h2>
|
||||||
<p><code>openssl req -new -x509 -days <var><days of validity></var> -extensions v3_ca -key <var><CA key name></var>.pem -out <var><CA certificate name></var>.pem</code></p>
|
<p><code>openssl req -new -x509 -days <var><days of validity></var> -extensions v3_ca -key
|
||||||
|
<var><CA key name></var>.pem -out <var><CA certificate name></var>.pem</code></p>
|
||||||
</section>
|
</section>
|
||||||
<section id="convert_certificate_to_pem_format">
|
<section id="convert_certificate_to_pem_format">
|
||||||
<h2><a href="#convert_certificate_to_pem_format">Convert Certificate to PEM Format</a></h2>
|
<h2><a href="#convert_certificate_to_pem_format">Convert Certificate to PEM Format</a></h2>
|
||||||
<p><code>openssl x509 -in <var><CA certificate name></var>.pem -out <var><CA certificate name></var>.pem -outform PEM</code></p>
|
<p><code>openssl x509 -in <var><CA certificate name></var>.pem -out
|
||||||
|
<var><CA certificate name></var>.pem -outform PEM</code></p>
|
||||||
</section>
|
</section>
|
||||||
<section id="verify_certificate_authority_certificate">
|
<section id="verify_certificate_authority_certificate">
|
||||||
<h2><a href="#verify_certificate_authority_certificate">Verify Certificate Authority Certificate</a></h2>
|
<h2><a href="#verify_certificate_authority_certificate">Verify Certificate Authority Certificate</a></h2>
|
||||||
@ -86,7 +88,8 @@
|
|||||||
</section>
|
</section>
|
||||||
<section id="create_intermediate_certificate_authority_key">
|
<section id="create_intermediate_certificate_authority_key">
|
||||||
<h2><a href="#create_intermediate_certificate_authority_key">Create Intermediate Certificate Authority Key</a></h2>
|
<h2><a href="#create_intermediate_certificate_authority_key">Create Intermediate Certificate Authority Key</a></h2>
|
||||||
<p><code>openssl genrsa <var><encryption type></var> -out <var><intermediate CA key name></var>.pem <var><key size></var></code></p>
|
<p><code>openssl genrsa <var><encryption type></var> -out
|
||||||
|
<var><intermediate CA key name></var>.pem <var><key size></var></code></p>
|
||||||
</section>
|
</section>
|
||||||
<section id="verify_intermediate_certificate_authority_key">
|
<section id="verify_intermediate_certificate_authority_key">
|
||||||
<h2><a href="#verify_intermediate_certificate_authority_key">Verify Intermediate Certificate Authority Key</a></h2>
|
<h2><a href="#verify_intermediate_certificate_authority_key">Verify Intermediate Certificate Authority Key</a></h2>
|
||||||
@ -94,23 +97,30 @@
|
|||||||
</section>
|
</section>
|
||||||
<section id="create_intermediate_certificate_authority_signing_request">
|
<section id="create_intermediate_certificate_authority_signing_request">
|
||||||
<h2><a href="#create_intermediate_certificate_authority_signing_request">Create Intermediate Certificate Authority Signing Request</a></h2>
|
<h2><a href="#create_intermediate_certificate_authority_signing_request">Create Intermediate Certificate Authority Signing Request</a></h2>
|
||||||
<p><code>openssl req -new -sha256 -key <var><intermediate CA key name></var>.pem -out <var><intermediate CA certificate signing request name></var>.pem</code></p>
|
<p><code>openssl req -new -sha256 -key <var><intermediate CA key name></var>.pem -out
|
||||||
|
<var><intermediate CA certificate signing request name></var>.pem</code></p>
|
||||||
</section>
|
</section>
|
||||||
<section id="create_intermediate_certificate_authority_certificate">
|
<section id="create_intermediate_certificate_authority_certificate">
|
||||||
<h2><a href="#create_intermediate_certificate_authority_certificate">Create Intermediate Certificate Authority Certificate</a></h2>
|
<h2><a href="#create_intermediate_certificate_authority_certificate">Create Intermediate Certificate Authority Certificate</a></h2>
|
||||||
<p><code>openssl ca -config <var><intermediate CA configuration file></var> -extensions v3_intermediate_ca -days <var><days of validity></var> -notext -md sha256 -in <var><intermediate CA signing request name></var>.pem -out <var><intermediate CA certificate name></var>.pem</code></p>
|
<p><code>openssl ca -config <var><intermediate CA configuration file></var> -extensions
|
||||||
|
v3_intermediate_ca -days <var><days of validity></var> -notext -md sha256 -in
|
||||||
|
<var><intermediate CA signing request name></var>.pem -out
|
||||||
|
<var><intermediate CA certificate name></var>.pem</code></p>
|
||||||
</section>
|
</section>
|
||||||
<section id="verify_intermediate_certificate_authority_certificate">
|
<section id="verify_intermediate_certificate_authority_certificate">
|
||||||
<h2><a href="#verify_intermediate_certificate_authority_certificate">Verify Intermediate Certificate Authority Certificate</a></h2>
|
<h2><a href="#verify_intermediate_certificate_authority_certificate">Verify Intermediate Certificate Authority Certificate</a></h2>
|
||||||
<p><code>openssl x509 -noout -text -in <var><intermediate CA certificate name></var>.pem</code></p>
|
<p><code>openssl x509 -noout -text -in
|
||||||
|
<var><intermediate CA certificate name></var>.pem</code></p>
|
||||||
</section>
|
</section>
|
||||||
<section id="verify_chain_of_trust-ca_to_intermediate">
|
<section id="verify_chain_of_trust-ca_to_intermediate">
|
||||||
<h2><a href="#verify_chain_of_trust-ca_to_intermediate">Verify Chain of Trust (CA to Intermediate)</a></h2>
|
<h2><a href="#verify_chain_of_trust-ca_to_intermediate">Verify Chain of Trust (CA to Intermediate)</a></h2>
|
||||||
<p><code>openssl verify -CAfile <var><CA certificate name></var>.pem <var><intermediate CA certificate name></var>.pem</code></p>
|
<p><code>openssl verify -CAfile <var><CA certificate name></var>.pem
|
||||||
|
<var><intermediate CA certificate name></var>.pem</code></p>
|
||||||
</section>
|
</section>
|
||||||
<section id="create_server_key">
|
<section id="create_server_key">
|
||||||
<h2><a href="#create_server_key">Create Server Key</a></h2>
|
<h2><a href="#create_server_key">Create Server Key</a></h2>
|
||||||
<p><code>openssl genrsa <var><encryption type></var> -out <var><server key name></var>.pem <var><key size></var></code></p>
|
<p><code>openssl genrsa <var><encryption type></var> -out
|
||||||
|
<var><server key name></var>.pem <var><key size></var></code></p>
|
||||||
</section>
|
</section>
|
||||||
<section id="verify_server_key">
|
<section id="verify_server_key">
|
||||||
<h2><a href="#verify_server_key">Verify Server Key</a></h2>
|
<h2><a href="#verify_server_key">Verify Server Key</a></h2>
|
||||||
@ -118,11 +128,19 @@
|
|||||||
</section>
|
</section>
|
||||||
<section id="create_server_certificate_signing_request">
|
<section id="create_server_certificate_signing_request">
|
||||||
<h2><a href="#create_server_certificate_signing_request">Create Server Certificate Signing Request</a></h2>
|
<h2><a href="#create_server_certificate_signing_request">Create Server Certificate Signing Request</a></h2>
|
||||||
<p><code>openssl req -new -sha256 -subj "/C=<var><country></var>/ST=<var><state/province></var>/L=<var><locality></var>/O=<var><organization></var>/CN=<var><common name></var>" -addext "subjectAltName = DNS.1:<var><alternative DNS entry></var>" -key <var><server key name></var>.pem -out <var><server certificate signing request name></var>.pem</code></p>
|
<p><code>openssl req -new -sha256 -subj "/C=<var><country></var>/ST=<var><state/province></var>/L=<var><locality></var>/O=<var><organization></var>/CN=<var><common name></var>"
|
||||||
|
-addext "subjectAltName = DNS.1:<var><alternative DNS entry></var>" -key
|
||||||
|
<var><server key name></var>.pem -out
|
||||||
|
<var><server certificate signing request name></var>.pem</code></p>
|
||||||
</section>
|
</section>
|
||||||
<section id="create_server_certificate">
|
<section id="create_server_certificate">
|
||||||
<h2><a href="#create_server_certificate">Create Server Certificate</a></h2>
|
<h2><a href="#create_server_certificate">Create Server Certificate</a></h2>
|
||||||
<p><code>openssl x509 -sha256 -req -days <var><days of validity></var> -in <var><server certificate signing request name></var>.pem -CA <var><intermediate CA certificate name></var>.pem -CAkey <var><intermediate CA key name></var>.pem -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS.1:")) -out <var><server certificate name></var>.pem</code></p>
|
<p><code>openssl x509 -sha256 -req -days <var><days of validity></var> -in
|
||||||
|
<var><server certificate signing request name></var>.pem -CA
|
||||||
|
<var><intermediate CA certificate name></var>.pem -CAkey
|
||||||
|
<var><intermediate CA key name></var>.pem -extensions SAN -extfile <(cat
|
||||||
|
/etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS.1:")) -out
|
||||||
|
<var><server certificate name></var>.pem</code></p>
|
||||||
</section>
|
</section>
|
||||||
<section id="verify_server_certificate">
|
<section id="verify_server_certificate">
|
||||||
<h2><a href="#verify_server_certificate">Verify Server Certificate</a></h2>
|
<h2><a href="#verify_server_certificate">Verify Server Certificate</a></h2>
|
||||||
@ -130,7 +148,8 @@
|
|||||||
</section>
|
</section>
|
||||||
<section id="verify_chain_of_trust-intermediate_to_server">
|
<section id="verify_chain_of_trust-intermediate_to_server">
|
||||||
<h2><a href="#verify_chain_of_trust-intermediate_to_server">Verify Chain of Trust (Intermediate to Server)</a></h2>
|
<h2><a href="#verify_chain_of_trust-intermediate_to_server">Verify Chain of Trust (Intermediate to Server)</a></h2>
|
||||||
<p><code>openssl verify -CAfile <var><intermediate CA certificate name></var>.pem <var><server certificate></var>.pem</code></p>
|
<p><code>openssl verify -CAfile <var><intermediate CA certificate name></var>.pem
|
||||||
|
<var><server certificate></var>.pem</code></p>
|
||||||
</section>
|
</section>
|
||||||
<div class="sitemap-small"><a href="../sitemap.xhtml">Sitemap</a></div>
|
<div class="sitemap-small"><a href="../sitemap.xhtml">Sitemap</a></div>
|
||||||
</body>
|
</body>
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user