Skip to content

Instantly share code, notes, and snippets.

@islishude

islishude/cfssl.json

Last active March 9, 2020 10:06
Show Gist options
  • Save islishude/9d09dc46cd9e14cebbe4c9d9d1be8f8a to your computer and use it in GitHub Desktop.
Save islishude/9d09dc46cd9e14cebbe4c9d9d1be8f8a to your computer and use it in GitHub Desktop.
Download ZIP
cfssl config
Raw
cfssl.json
{
"signing": {
"default": {
"expiry": "87600h"
},
"profiles": {
"rootca": {
"usages": [
"signing",
"digital signature",
"key encipherment",
"cert sign",
"crl sign",
"server auth",
"client auth"
],
"ca_constraint": {
"is_ca": true
},
"expiry": "87600h"
},
"intermediate_ca": {
"usages": [
"signing",
"digital signature",
"key encipherment",
"cert sign",
"crl sign",
"server auth",
"client auth"
],
"expiry": "87600h",
"ca_constraint": {
"is_ca": true,
"max_path_len": 0,
"max_path_len_zero": true
}
},
"peer": {
"usages": [
"signing",
"digital signature",
"key encipherment",
"client auth",
"server auth"
],
"expiry": "87600h"
},
"macos": {
"usages": [
"signing",
"digital signature",
"key encipherment",
"client auth",
"server auth"
],
"expiry": "9360h"
},
"server": {
"usages": [
"signing",
"digital signing",
"key encipherment",
"server auth"
],
"expiry": "87600h"
},
"client": {
"usages": [
"signing",
"digital signature",
"key encipherment",
"client auth"
],
"expiry": "87600h"
}
}
}
}
Raw
csr.json
{
"hosts": [
"ip",
"dns",
"email"
],
"key": {
"algo": "ecdsa",
"size": 256
},
"CN": "common name",
"names": [
{
"C": "contry name",
"ST": "state",
"L": "location",
"O": "organization",
"OU": "organization unit"
}
]
}
Raw
genkey.sh
# generate private key and certificate signing request
cfssl genkey csr.json | cfssljson -bare FILE_NAME
# generate root ca
cfssl selfsign -config cfssl.json --profile rootca "BTSSL Root CA" rootca/csr.json | cfssljson -bare rootca/cert
# sign
cfssl sign -ca CA_CERT -ca-key CA_KEY -config cfssl.json -profile peer YOUR_CSR_FILE | cfssljson -bare CA_FILE_NAME
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment