ssl:generate-certificates-self-signed
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | Next revisionBoth sides next revision | ||
ssl:generate-certificates-self-signed [2020/08/08 18:19] – odefta | ssl:generate-certificates-self-signed [2020/08/08 18:45] – odefta | ||
---|---|---|---|
Line 261: | Line 261: | ||
{{: | {{: | ||
+ | ====== Generate another intermediate CA ====== | ||
+ | |||
+ | Repeat the steps for the above configuration, | ||
+ | |||
+ | <file ini int2.conf> | ||
+ | [ ca ] | ||
+ | default_ca = default_CA | ||
+ | [ default_CA ] | ||
+ | dir = . | ||
+ | certs = . | ||
+ | new_certs_dir = ca.db.certs | ||
+ | database = ca.db.index | ||
+ | serial = ca.db.serial | ||
+ | RANDFILE = random-bits | ||
+ | certificate = int1.crt | ||
+ | private_key = int1.key | ||
+ | default_days = 500 | ||
+ | default_crl_days = 30 | ||
+ | default_md = sha256 | ||
+ | preserve = no | ||
+ | x509_extensions = server_cert | ||
+ | policy = policy_anything | ||
+ | [ policy_anything ] | ||
+ | countryName = optional | ||
+ | stateOrProvinceName = optional | ||
+ | localityName = optional | ||
+ | organizationName = optional | ||
+ | organizationalUnitName = optional | ||
+ | commonName = supplied | ||
+ | emailAddress = optional | ||
+ | [ server_cert ] | ||
+ | # | ||
+ | authorityKeyIdentifier = keyid | ||
+ | extendedKeyUsage = serverAuth, | ||
+ | basicConstraints = critical, | ||
+ | </ | ||
+ | |||
+ | Then generate the private key and csr: | ||
+ | |||
+ | < | ||
+ | openssl req -new -newkey rsa:2048 -nodes -keyout int2.key -out int2.csr | ||
+ | </ | ||
+ | |||
+ | Finally generate the certificate: | ||
+ | |||
+ | < | ||
+ | openssl ca -config int2.conf -out int2.crt -infiles int2.csr | ||
+ | </ | ||
+ | |||
+ | Output: | ||
+ | |||
+ | < | ||
+ | Using configuration from int2.conf | ||
+ | Check that the request matches the signature | ||
+ | Signature ok | ||
+ | The Subject' | ||
+ | countryName | ||
+ | stateOrProvinceName | ||
+ | localityName | ||
+ | organizationName | ||
+ | organizationalUnitName: | ||
+ | commonName | ||
+ | emailAddress | ||
+ | Certificate is to be certified until Dec 21 15:39:26 2021 GMT (500 days) | ||
+ | Sign the certificate? | ||
+ | |||
+ | |||
+ | 1 out of 1 certificate requests certified, commit? [y/n]y | ||
+ | Write out database with 1 new entries | ||
+ | Data Base Updated | ||
+ | </ | ||
+ | |||
+ | Final CA certificate with 2 intermediate CA - int2.crt images: | ||
+ | |||
+ | {{: | ||
+ | |||
+ | {{: | ||
+ | |||
+ | {{: | ||
+ | |||
ssl/generate-certificates-self-signed.txt · Last modified: 2023/07/04 19:36 by 127.0.0.1