Openssl

From I Will Fear No Evil
Revision as of 10:25, 24 April 2023 by Chubbard (talk | contribs) (Created page with "===Stuff you need to remember for openssl=== For creating a self signed certificate chain, having a password makes things more of a PITA.. * Process to create chain without a password: <pre> openssl genrsa -out ca.key 4096 openssl req -new -x509 -days 36500 -key ca.key -out ca.crt openssl genrsa -out client.key 4096 openssl req -new -key client.key -out client.csr openssl x509 -req -days 36500 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client....")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Stuff you need to remember for openssl

For creating a self signed certificate chain, having a password makes things more of a PITA..

  • Process to create chain without a password:
  openssl genrsa -out ca.key 4096
  openssl req -new -x509 -days 36500 -key ca.key -out ca.crt
  openssl genrsa -out client.key 4096
  openssl req -new -key client.key -out client.csr
  openssl x509 -req -days 36500 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt
  openssl rsa -in client.key -out client.priv

  cat client.crt ca.crt client.priv > client.pem
  openssl x509 -text -noout -in ./client.pem

If you WANT a password set for the certificate, then the genrsa command needs -des3 added as a switch. That will require a password at that point. Source Link for how to

Retrieved from "https://wiki.iwillfearnoevil.com/mediawiki/index.php?title=Openssl&oldid=234"