![]() ![]() ![]() KeyUsage = critical, digitalSignature, cRLSign, ke圜ertSign # Extensions for a typical CA, man x509v3_configĪuthorityKeyIdentifier = keyid:always,issuer # Extensions to apply when createing root ca OrganizationalUnitName = Organizational Unit Name StateOrProvinceName = State or Province Name # Extension to add when the -x509 option is used.ĬountryName = Country Name (2 letter code) # Create OpenSSL configuration file for root-caĭistinguished_name = req_distinguished_name = GENERATING PUBLIC KEYS BASED ON PRIVATE KEYS = # Generate RSA 2048 Bits Keys for server CertificateĬA: openssl genrsa -out server/private/server.key 2048 # Generate RSA 4096 Bits Keys encrypted with AES256 for Root And Sub CA CertificatesĬA: openssl genrsa -aes256 -out root-ca/private/ca.key 4096ĬA: openssl genrsa -aes256 -out sub-ca/private/sub-ca.key 4096 = GENERATING PRiVATE KEYS FOR CA, SUB CA AND SERVER = # Show server x509 certificate without text fileĬA/server/private: openssl x509 -text -in server.crt -noout # Genrate pair of RSA 4096 Bits keys and x509 certificate for localhostĬA/server/private: openssl req -new -newkey rsa:4096 -days 1825 -nodes -x509 -subj "/CN=localhost" -keyout server.key -out server.crt Folder Tree:ĬA: openssl rand -hex 16 > root-ca/serial I preformed it on windows but you should be fine on linux too. PS Please install OpenSSL and then follow the instruction, also I made it when I still was learning english. Sorry for it being a little bit messy and some typing errors but Generate a Root CA, Sub CA and Certificate for server Know what is that read yourself something about asymmetricĬryptology). To file with NOT encrypted private key (If you don't certfile is path to your X.509Ĭertificate (Or just an SSL certificate). But assuming that you don't know what they are you mustīe new in this topic. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |