From d283d5b3d0ce77baa5ea117fd4e89aa90594ad62 Mon Sep 17 00:00:00 2001 From: inference Date: Fri, 28 Jun 2024 19:52:15 +0100 Subject: [PATCH] Improve code tags formatting Switch to `
` tag for code blocks which are not suitable for
in-sentence placement, to allow cleaner formatting along with the
ability to scroll horizontally on overflow.
---
 ...openssl_selfsigned_certificate_chain.xhtml | 56 ++++++-------------
 1 file changed, 18 insertions(+), 38 deletions(-)

diff --git a/documentation/openssl_selfsigned_certificate_chain.xhtml b/documentation/openssl_selfsigned_certificate_chain.xhtml
index fca4584..508702f 100644
--- a/documentation/openssl_selfsigned_certificate_chain.xhtml
+++ b/documentation/openssl_selfsigned_certificate_chain.xhtml
@@ -1,7 +1,7 @@
 
 
 
-
+
 
 
 
@@ -66,91 +66,71 @@
 			
 			

 				
Create Certificate Authority Key

-					
openssl genrsa <encryption type> -out <CA key name>.pem
-					<key size>

+					
openssl genrsa <encryption type> -out <CA key name>.pem <key size>

 			

 			

 				
Verify Certificate Authority Key

-					
openssl rsa -noout -text -in <CA key name>.pem

+					
openssl rsa -noout -text -in <CA key name>.pem

 			

 			

 				
Create Certificate Authority Certificate

-					
openssl req -new -x509 -days <days of validity> -extensions v3_ca -key
-					<CA key name>.pem -out <CA certificate name>.pem

+					
openssl req -new -x509 -days <days of validity> -extensions v3_ca -key <CA key name>.pem -out <CA certificate name>.pem

 			

 			

 				
Convert Certificate to PEM Format

-					
openssl x509 -in <CA certificate name>.pem -out
-					<CA certificate name>.pem -outform PEM

+					
openssl x509 -in <CA certificate name>.pem -out <CA certificate name>.pem -outform PEM

 			

 			

 				
Verify Certificate Authority Certificate

-					
openssl x509 -noout -text -in <CA certificate name>.pem

+					
openssl x509 -noout -text -in <CA certificate name>.pem

 			

 			

 				
Create Intermediate Certificate Authority Key

-					
openssl genrsa <encryption type> -out
-					<intermediate CA key name>.pem <key size>

+					
openssl genrsa <encryption type> -out <intermediate CA key name>.pem <key size>

 			

 			

 				
Verify Intermediate Certificate Authority Key

-					
openssl rsa -noout -text -in <intermediate CA key name>.pem

+					
openssl rsa -noout -text -in <intermediate CA key name>.pem

 			

 			

 				
Create Intermediate Certificate Authority Signing Request

-					
openssl req -new -sha256 -key <intermediate CA key name>.pem -out
-					<intermediate CA certificate signing request name>.pem

+					
openssl req -new -sha256 -key <intermediate CA key name>.pem -out <intermediate CA certificate signing request name>.pem

 			

 			

 				
Create Intermediate Certificate Authority Certificate

-					
openssl ca -config <intermediate CA configuration file> -extensions
-					v3_intermediate_ca -days <days of validity> -notext -md sha256 -in
-					<intermediate CA signing request name>.pem -out
-					<intermediate CA certificate name>.pem

+					
openssl ca -config <intermediate CA configuration file> -extensions v3_intermediate_ca -days <days of validity> -notext -md sha256 -in <intermediate CA signing request name>.pem -out <intermediate CA certificate name>.pem

 			

 			

 				
Verify Intermediate Certificate Authority Certificate

-					
openssl x509 -noout -text -in
-					<intermediate CA certificate name>.pem

+					
openssl x509 -noout -text -in <intermediate CA certificate name>.pem

 			

 			

 				
Verify Chain of Trust (CA to Intermediate)

-					
openssl verify -CAfile <CA certificate name>.pem
-					<intermediate CA certificate name>.pem

+					
openssl verify -CAfile <CA certificate name>.pem <intermediate CA certificate name>.pem

 			

 			

 				
Create Server Key

-					
openssl genrsa <encryption type> -out
-					<server key name>.pem <key size>

+					
openssl genrsa <encryption type> -out <server key name>.pem <key size>

 			

 			

 				
Verify Server Key

-					
openssl rsa -noout -text -in <server key name>.pem

+					
openssl rsa -noout -text -in <server key name>.pem

 			

 			

 				
Create Server Certificate Signing Request

-					
openssl req -new -sha256 -subj "/C=<country>/ST=<state/province>/L=<locality>/O=<organization>/CN=<common name>"
-					-addext "subjectAltName = DNS.1:<alternative DNS entry>" -key
-					<server key name>.pem -out
-					<server certificate signing request name>.pem

+					
openssl req -new -sha256 -subj "/C=<country>/ST=<state/province>/L=<locality>/O=<organization>/CN=<common name>" -addext "subjectAltName = DNS.1:<alternative DNS entry>" -key <server key name>.pem -out <server certificate signing request name>.pem

 			

 			

 				
Create Server Certificate

-					
openssl x509 -sha256 -req  -days <days of validity> -in
-					<server certificate signing request name>.pem -CA
-					<intermediate CA certificate name>.pem -CAkey
-					<intermediate CA key name>.pem -extensions SAN -extfile <(cat
-					/etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS.1:")) -out
-					<server certificate name>.pem

+					
openssl x509 -sha256 -req  -days <days of validity> -in <server certificate signing request name>.pem -CA <intermediate CA certificate name>.pem -CAkey <intermediate CA key name>.pem -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS.1:")) -out <server certificate name>.pem

 			

 			

 				
Verify Server Certificate

-					
openssl x509 -noout -text -in <server certificate name>.pem

+					
openssl x509 -noout -text -in <server certificate name>.pem

 			

 			

 				
Verify Chain of Trust (Intermediate to Server)

-					
openssl verify -CAfile <intermediate CA certificate name>.pem
-					<server certificate>.pem

+					
openssl verify -CAfile <intermediate CA certificate name>.pem <server certificate>.pem

 			

 		
Sitemap