tsaarni/cfssl-ca-tips.md

Created September 10, 2017 07:03

Star (0) You must be signed in to star a gist
Fork (1) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/tsaarni/557511180c49e9a3c281f5b67f25b093.js"></script>
Save tsaarni/557511180c49e9a3c281f5b67f25b093 to your computer and use it in GitHub Desktop.

Download ZIP

Raw

cfssl-ca-tips.md

Install CFSSL

https://github.com/cloudflare/cfssl

go get -v -u github.com/cloudflare/cfssl/cmd/cfssl
go get -v -u github.com/cloudflare/cfssl/cmd/...

Create new CA

cat > root-ca-csr.json <<EOF
{
  "CN": "cluster-ca",
  "key": {
    "algo": "ecdsa",
    "size": 256
  },
  "ca": {
    "expiry": "876000h"
  }
}
EOF
    
cfssl gencert -initca root-ca-csr.json | cfssljson -bare root-ca

Create client cert

cat > node-csr.json <<EOF
{
  "CN": "node1.local",
  "Hosts": [
    "node1.local"
  ]
}
EOF

cfssl gencert -ca root-ca.pem -ca-key root-ca-key.pem node-csr.json | cfssljson -bare node

Commands

cfssl certinfo -cert cert.pem           # print certificate
cfssl certinfo -domain www.google.com   # print certificate from web server
cfssl certinfo -csr request.csr         # print CSR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment