Zertifikat: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 1: | Zeile 1: | ||
[[Kategorie:ServerApplikation]] | [[Kategorie:ServerApplikation]] [[Kategorie:Sicherheit]] | ||
== Erstellen == | == Erstellen CA == | ||
<pre>CA_DIR=/home/ca | |||
mkdir -p $CA_DIR ; cd $CA_DIR | |||
mkdir {certsdb,certreqs,crl,private} | |||
chmod 700 private | |||
touch index.txt | |||
cp /etc/ssl/openssl.cnf . | |||
$EDITOR openssl.cnf | |||
diff /etc/ssl/openssl.cnf openssl.cnf | |||
</pre> | |||
<pre>< dir = ./demoCA # Where everything is kept | |||
> dir = /home/ca # Where everything is kept | |||
< default_days = 365 # how long to certify for | |||
> default_days = 730 # how long to certify for | |||
< countryName_default = AU | |||
> countryName_default = DE | |||
< stateOrProvinceName_default = Some-State | |||
> stateOrProvinceName_default = Bavaria | |||
> localityName_default = Munich | |||
< 0.organizationName_default = Internet Widgits Pty Ltd | |||
> 0.organizationName_default = e-motional-experience.de | |||
> commonName_default = e-motional-experience.de | |||
> emailAddress_default = hamatoma@gmx.de | |||
</pre> | |||
== Erstellen (alte Version == | |||
<pre> | <pre> | ||
openssl req -new -x509 -newkey rsa:2048 -keyout nginx.key -out nginx.pem -days 3650 | openssl req -new -x509 -newkey rsa:2048 -keyout nginx.key -out nginx.pem -days 3650 | ||
Version vom 13. September 2015, 15:56 Uhr
Erstellen CA
CA_DIR=/home/ca
mkdir -p $CA_DIR ; cd $CA_DIR
mkdir {certsdb,certreqs,crl,private}
chmod 700 private
touch index.txt
cp /etc/ssl/openssl.cnf .
$EDITOR openssl.cnf
diff /etc/ssl/openssl.cnf openssl.cnf
< dir = ./demoCA # Where everything is kept > dir = /home/ca # Where everything is kept < default_days = 365 # how long to certify for > default_days = 730 # how long to certify for < countryName_default = AU > countryName_default = DE < stateOrProvinceName_default = Some-State > stateOrProvinceName_default = Bavaria > localityName_default = Munich < 0.organizationName_default = Internet Widgits Pty Ltd > 0.organizationName_default = e-motional-experience.de > commonName_default = e-motional-experience.de > emailAddress_default = hamatoma@gmx.de
Erstellen (alte Version
openssl req -new -x509 -newkey rsa:2048 -keyout nginx.key -out nginx.pem -days 3650
Mit Signierung
FN_CA=dockerCA FN_CERT=hamatoma.de cd /etc/ssl test -d ca || mkdir ca cd ca openssl genrsa -out $FN_CA.key 2048 openssl req -x509 -new -nodes -key $FN_CA.key -days 3650 -out $FN_CA.crt openssl genrsa -out $FN_CERT.key 2048 # kein Passwort vergeben! openssl req -new -key $FN_CERT.key -out $FN_CERT.csr echo "subjectAltName = IP:212.144.248.3" > extfile.cnf openssl x509 -req -in $FN_CERT.csr -CA $FN_CA.crt -CAkey $FN_CA.key -CAcreateserial -out $FN_CERT.crt -days 3650 -extfile extfile.cnf cp $FN_CERT.crt ../certs cp $FN_CERT.key ../private
Passwort entfernen
openssl rsa -in nginx.key -out nginx.key
- Es wird einmal das Passwort abgefragt