Last active
September 18, 2022 13:20
-
-
Save codenuke/518fb7becbc3460ab5b3fd4207e57987 to your computer and use it in GitHub Desktop.
Generate Self-Signed For Server & Client
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| openssl genrsa 2048 > ca-key.pem | |
| openssl req -new -x509 -sha256 -nodes -days 3600 -key ca-key.pem -out ca-cert.pem | |
| # server key | |
| openssl req -newkey rsa:2048 -days 3600 -nodes -keyout server-key.pem -out server-req.pem | |
| openssl rsa -in server-key.pem -out server-key.pem | |
| openssl x509 -sha256 -req -in server-req.pem -days 3600 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem | |
| # client key | |
| openssl req -newkey rsa:2048 -days 3600 -nodes -keyout client-key.pem -out client-req.pem | |
| openssl rsa -in client-key.pem -out client-key.pem | |
| openssl x509 -sha256 -req -in client-req.pem -days 3600 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem | |
| # check key ok | |
| openssl verify -CAfile ca-cert.pem server-cert.pem client-cert.pem | |
| #DHPARAM | |
| openssl dhparam -out dhparam.pem 2048 |
Certificat for Server Only
openssl req -newkey rsa:4096
-x509
-sha256
-days 3650
-nodes
-out example.crt
-keyout example.key
-subj "/C=TH/ST=Bangkok/L=Bangkok/O=ASR/OU=RD/CN=api.asr.co.th"
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Check expire date
openssl x509 -enddate -noout -in /path/file.pem