Nethence Newdoc Olddoc Lab Your IP BBDock  

PKI // Setting up a root CA

create a root CA,

cp -pi /etc/ssl/openssl.cnf /etc/ssl/openssl.cnf.dist
vi /etc/ssl/openssl.cnf

dir             = ./            # Where everything is kept
new_certs_dir   = $dir/         # default place for new certs.

mkdir private/
chmod 700 private/
openssl genrsa -aes256 -out private/cakey.pem 4096
chmod 400 private/cakey.pem

openssl req -key private/cakey.pem -new -x509 -days 7300 -sha256 -out cacert.pem
chmod 444 cacert.pem

openssl x509 -noout -text -in cacert.pem

generate a server CSR,

openssl genrsa -aes256 -out private/netbsdsec.nethence.com.key 2048
chmod 400 private/netbsdsec.nethence.com.key

openssl req -key private/netbsdsec.nethence.com.key -new -sha256 -out netbsdsec.nethence.com.csr

sign the request with your root CA,

touch index.txt
echo 01 > serial

openssl ca -days 375 -notext -md sha256 -in netbsdsec.nethence.com.csr -out netbsdsec.nethence.com.crt
chmod 444 netbsdsec.nethence.com.crt

tail -1 index.txt

openssl x509 -noout -text -in netbsdsec.nethence.com.crt
openssl verify -CAfile cacert.pem netbsdsec.nethence.com.crt

Home | GitHub | Docker Hub | Donate | Contact