Med Java

User Tools

Site Tools

Trace:
ssl:generate-certificates-self-signed

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revisionBoth sides next revision
ssl:generate-certificates-self-signed [2020/08/08 18:19] odeftassl:generate-certificates-self-signed [2020/08/08 18:45] odefta
Line 261: Line 261:
 {{:ssl:pasted:20200808-180456.png}} {{:ssl:pasted:20200808-180456.png}}
  
 +====== Generate another intermediate CA ======
 +
 +Repeat the steps for the above configuration, but change the config file as:
 +
 +<file ini int2.conf>
 +[ ca ]
 +default_ca = default_CA
 +[ default_CA ]
 +dir = .
 +certs = .
 +new_certs_dir = ca.db.certs
 +database = ca.db.index
 +serial = ca.db.serial
 +RANDFILE = random-bits
 +certificate = int1.crt
 +private_key = int1.key
 +default_days = 500
 +default_crl_days = 30
 +default_md = sha256
 +preserve = no
 +x509_extensions = server_cert
 +policy = policy_anything
 +[ policy_anything ]
 +countryName = optional
 +stateOrProvinceName = optional
 +localityName = optional
 +organizationName = optional
 +organizationalUnitName = optional
 +commonName = supplied
 +emailAddress = optional
 +[ server_cert ]
 +#subjectKeyIdentifier = hash
 +authorityKeyIdentifier = keyid
 +extendedKeyUsage = serverAuth,clientAuth,msSGC,nsSGC
 +basicConstraints = critical,CA:true
 +</file>
 +
 +Then generate the private key and csr:
 +
 +<code>
 +openssl req -new -newkey rsa:2048 -nodes -keyout int2.key -out int2.csr
 +</code> 
 +
 +Finally generate the certificate:
 +
 +<code>
 +openssl ca -config int2.conf -out int2.crt -infiles int2.csr
 +</code>
 +
 +Output:
 +
 +<code>
 +Using configuration from int2.conf
 +Check that the request matches the signature
 +Signature ok
 +The Subject's Distinguished Name is as follows
 +countryName           :PRINTABLE:'RO'
 +stateOrProvinceName   :ASN.1 12:'Romania'
 +localityName          :ASN.1 12:'Bucharest'
 +organizationName      :ASN.1 12:'AX'
 +organizationalUnitName:ASN.1 12:'AX INT2 CA'
 +commonName            :ASN.1 12:'item-ax32034-INT2'
 +emailAddress          :IA5STRING:'int2@ax.com'
 +Certificate is to be certified until Dec 21 15:39:26 2021 GMT (500 days)
 +Sign the certificate? [y/n]:y
 +
 +
 +1 out of 1 certificate requests certified, commit? [y/n]y
 +Write out database with 1 new entries
 +Data Base Updated
 +</code>
 +
 +Final CA certificate with 2 intermediate CA - int2.crt images:
 +
 +{{:ssl:pasted:20200808-184510.png}}
 +
 +{{:ssl:pasted:20200808-184522.png}}
 +
 +{{:ssl:pasted:20200808-184533.png}}
 + 
  
  
ssl/generate-certificates-self-signed.txt · Last modified: 2023/07/04 19:36 by 127.0.0.1