Commit 47a4201c authored by Raymond Kristiansen's avatar Raymond Kristiansen
Browse files

More

parent 5356d9e9
#!/bin/bash
#mkdir certs crl newcerts private
mkdir -p certs crl newcerts private
chmod 700 private
touch index.txt
echo 1000 > serial
#openssl genrsa -aes256 -out private/ca.key.pem 4096
openssl genrsa -aes256 -out private/ca.key.pem 4096
chmod 400 private/ca.key.pem
#openssl req -config openssl.cnf \
# -key private/ca.key.pem \
# -new -x509 -days 7300 -sha256 -extensions v3_ca \
# -out certs/ca.cert.pem
openssl req -config openssl.cnf \
-key private/ca.key.pem \
-new -x509 -days 7300 -sha256 -extensions v3_ca \
-out certs/ca.cert.pem
chmod 444 certs/ca.cert.pem
openssl x509 -noout -text -in certs/ca.cert.pem
mkdir intermediate
./bootstrap_intermediate.sh
./create_intermediate.sh
......@@ -14,6 +14,7 @@ new_certs_dir = $dir/newcerts
database = $dir/index.txt
serial = $dir/serial
RANDFILE = $dir/private/.rand
email_in_dn = no
# The root key and root certificate.
private_key = $dir/private/intermediate.key.pem
......@@ -33,6 +34,8 @@ cert_opt = ca_default
default_days = 375
preserve = no
policy = policy_loose
copy_extensions = copy
unique_subject = no
[ policy_strict ]
# The root CA should only sign intermediate certificates that match.
......
......@@ -13,6 +13,8 @@ new_certs_dir = $dir/newcerts
database = $dir/index.txt
serial = $dir/serial
RANDFILE = $dir/private/.rand
unique_subject = no
email_in_dn = no
# The root key and root certificate.
private_key = $dir/private/ca.key.pem
......
HOME = .
RANDFILE = $ENV::HOME/.rnd
[ req ]
default_bits = 2048
default_md = sha256
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
prompt = no
string_mask = utf8only
req_extensions = v3_req
email_in_dn = no
[ req_distinguished_name ]
countryName = NO
organizationName = UH-IaaS
commonName = dashboard.local1.intern
emailAddress = raymond@uib.no
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = "api.local1.intern"
#/bin/bash
openssl genrsa -out intermediate/private/www.example.com.key.pem 2048
openssl req -config server.cnf -key intermediate/private/www.example.com.key.pem -new -sha256 -out intermediate/csr/www.example.com.csr.pem
openssl ca -config intermediate/openssl.cnf -extensions v3_req \
-days 375 -notext -md sha256 -in intermediate/csr/www.example.com.csr.pem \
-out intermediate/certs/www.example.com.cert.pem -noemailDN
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment