Nethence Newdoc Olddoc Lab Your IP BBDock  

Playing with OpenSSL

generating your own root CA and signed certificate

create a root CA,

cp -pi /etc/ssl/openssl.cnf /etc/ssl/openssl.cnf.dist
vi /etc/ssl/openssl.cnf

dir             = ./            # Where everything is kept
new_certs_dir   = $dir/         # default place for new certs.

mkdir private/
chmod 700 private/
openssl genrsa -aes256 -out private/cakey.pem 4096
chmod 400 private/cakey.pem

openssl req -key private/cakey.pem -new -x509 -days 7300 -sha256 -out cacert.pem
chmod 444 cacert.pem

openssl x509 -noout -text -in cacert.pem

generate a server CSR,

openssl genrsa -aes256 -out private/ 2048
chmod 400 private/

openssl req -key private/ -new -sha256 -out

sign the request with your root CA,

touch index.txt
echo 01 > serial

openssl ca -days 375 -notext -md sha256 -in -out
chmod 444

tail -1 index.txt

openssl x509 -noout -text -in
openssl verify -CAfile cacert.pem

Home | GitHub | Docker Hub | Donate | Contact