Last active
August 29, 2015 14:09
-
-
Save mbykovskyy/92b011bbdd97ce953907 to your computer and use it in GitHub Desktop.
Generating Certificates
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Root CA | |
| openssl genrsa -out root/root.key 2048 | |
| openssl req -x509 -new -nodes -key root/root.key -out root/root.crt -sha256 -days 36500 | |
| # Intermediate CA | |
| openssl genrsa -out inter/inter.key 2048 | |
| openssl req -new -key inter/inter.key -out inter/inter.csr -config ca/conf/caconfig.cnf | |
| openssl ca -keyfile root/root.key -cert root/root.crt -extensions v3_ca -in inter/inter.csr -out inter/inter.crt -notext -md sha256 -config ca/conf/caconfig.cnf -days 36500 | |
| # Host Cert | |
| openssl genrsa -out host/host.key 2048 | |
| openssl req -new -key host/host.key -out host/host.csr | |
| openssl x509 -req -in host/host.csr -CA inter/inter.crt -CAkey inter/inter.key -CAcreateserial -out host/host.crt -sha256 -days 36500 | |
| # PEM | |
| cat host/host.crt inter/inter.crt root/root.crt host/host.key > pems/trusted-root-chain.pem | |
| # Add to Trust Store | |
| keytool -import -trustcacerts -alias "Root CA" -file root/root.crt -keystore store/trusted-root.jks |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment