Created
July 5, 2012 16:11
-
-
Save codeprimate/3054582 to your computer and use it in GitHub Desktop.
OpenSSL Commands
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| The following assume that you are in the homedir of your private CA userdir (/home/myca). I would suggest creating a limited system account used solely for key creation and signing. Use homedir encryption to protect your CA keys from root compromise. | |
| Create CA Certificate | |
| openssl genrsa -des3 -out private/cacert.key 4096 -config conf/caconfig.cnf | |
| openssl req -new -x509 -days 365 -key private/cacert.key -out certs/cacert.crt -config conf/caconfig.cnf | |
| Create Server Certificate | |
| openssl genrsa -des3 -out private/nullbacon.patrick-morgan.net.key 4096 -config conf/caconfig.cnf | |
| openssl req -new -key private/nullbacon.patrick-morgan.net.key -out nullbacon.patrick-morgan.net.csr -config conf/caconfig.cnf | |
| Sign Server Certificate | |
| openssl x509 -req -days 365 -in nullbacon.patrick-morgan.net.csr -CA certs/cacert.crt -CAkey private/cacert.key -set_serial 01 -out private/nullbacon.patrick-morgan.net.crt | |
| View the contents of a CSR | |
| openssl req -noout -text -in certreq.csr | |
| View the contents of a certificate | |
| openssl x509 -noout -text -in newcert.pem | |
| Display the MD5 fingerprint of a certificate | |
| openssl x509 -fingerprint -noout -in newcert.pem | |
| Verify that your private key, CSR, and signed cert match | |
| openssl rsa -noout -modulus -in privkey.pem | openssl md5 | |
| openssl req -noout -modulus -in certreq.csr | openssl md5 | |
| openssl x509 -noout -modulus -in newcert.pem | openssl md5 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment