add scripts
Signed-off-by: Martin Matous <m@matous.dev>
This commit is contained in:
parent
c6c66648ea
commit
5a4419bb4e
GPG key ID:
8BED4CD352953224
12 changed files with 802 additions and 1 deletions
79
from-ca-to-server.sh
Normal file
79
from-ca-to-server.sh
Normal file
|
|
@ -0,0 +1,79 @@
|
|||
# generate key
|
||||
sudo openssl ecparam -out ca-key.pem -name secp384r1 -genkey
|
||||
# generate certificate signing request
|
||||
sudo openssl req -config dassem-ca.conf -new -key ca-key.pem -out ca-cert-req.pem -sha384 -extensions v3_ca
|
||||
# sign request
|
||||
sudo openssl x509 -in ca-cert-req.pem -out ca-cert.pem -req -signkey ca-key.pem -days 365 -extfile dassem-ca.conf -extensions v3_ca
|
||||
# verify output
|
||||
sudo openssl x509 -in ca-cert.pem -text -noout
|
||||
|
||||
# generate key for server
|
||||
sudo openssl ecparam -out glados-key.pem -name secp384r1 -genkey
|
||||
# generate request
|
||||
sudo openssl req -config dassem-ca.conf -new -key glados-key.pem -out glados-cert-req.pem -sha384 -extensions v3_req
|
||||
# sign it with our CA
|
||||
sudo openssl ca -in glados-cert-req.pem -out glados-cert.pem -config dassem-ca.conf -extensions v3_req -policy signing_policy
|
||||
|
||||
#config file used:
|
||||
HOME = .
|
||||
RANDFILE = /root/.rnd
|
||||
|
||||
####################################################################
|
||||
[ ca ]
|
||||
default_ca = CA_default # The default ca section
|
||||
|
||||
[ CA_default ]
|
||||
|
||||
default_days = 1000 # how long to certify for
|
||||
default_crl_days = 30 # how long before next CRL
|
||||
default_md = sha384 # use public key default MD
|
||||
preserve = no # keep passed DN ordering
|
||||
|
||||
x509_extensions = v3_ca # The extensions to add to the cert
|
||||
|
||||
email_in_dn = no # Don't concat the email in the DN
|
||||
copy_extensions = copy # Required to copy SANs from CSR to cert
|
||||
|
||||
####################################################################
|
||||
[ req ]
|
||||
default_bits = 384
|
||||
default_keyfile = ca-key.pem
|
||||
distinguished_name = ca_distinguished_name
|
||||
x509_extensions = v3_ca
|
||||
req_extensions = v3_req
|
||||
string_mask = utf8only
|
||||
|
||||
####################################################################
|
||||
[ ca_distinguished_name ]
|
||||
countryName = Country Name (2 letter code)
|
||||
countryName_default = ME
|
||||
|
||||
stateOrProvinceName = State or Province Name (full name)
|
||||
stateOrProvinceName_default = Malazan Empire
|
||||
|
||||
localityName = Locality Name (eg, city)
|
||||
localityName_default = Malaz City
|
||||
|
||||
organizationName = Organization Name (eg, company)
|
||||
organizationName_default = Malazan military forces
|
||||
|
||||
organizationalUnitName = Organizational Unit (eg, division)
|
||||
organizationalUnitName_default = "Dassem's First Sword"
|
||||
|
||||
commonName = Common Name (e.g. server FQDN or YOUR name)
|
||||
commonName_default = Dassem Ultor
|
||||
|
||||
emailAddress = Email Address
|
||||
emailAddress_default = dassem@dessembrae.com
|
||||
|
||||
####################################################################
|
||||
[ v3_req ]
|
||||
basicConstraints = CA:FALSE
|
||||
keyUsage = digitalSignature, nonRepudiation, keyEncipherment
|
||||
|
||||
[ v3_ca ]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always, issuer
|
||||
basicConstraints = critical, CA:TRUE, pathlen:0
|
||||
keyUsage = keyCertSign, cRLSign
|
||||
|
||||
Loading…
Add table
Add a link
Reference in a new issue