Zertifikat: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 4: | Zeile 4: | ||
<pre> | <pre> | ||
openssl req -new -x509 -newkey rsa:2048 -keyout nginx.key -out nginx.pem -days 3650 | openssl req -new -x509 -newkey rsa:2048 -keyout nginx.key -out nginx.pem -days 3650 | ||
</pre> | |||
== Mit Signierung == | |||
<pre> | |||
FN_CA=dockerCA | |||
FN_CERT=hamatoma.de | |||
cd /etc/ssl | |||
test -d ca || mkdir ca | |||
cd ca | |||
openssl genrsa -out $FN_CA.key 2048 | |||
openssl req -x509 -new -nodes -key $FN_CA.key -days 3650 -out $FN_CA.crt | |||
openssl genrsa -out $FN_CERT.key 2048 | |||
# kein Passwort vergeben! | |||
openssl req -new -key $FN_CERT.key -out $FN_CERT.csr | |||
echo "subjectAltName = IP:212.144.248.3" > extfile.cnf | |||
openssl x509 -req -in $FN_CERT.csr -CA $FN_CA.crt -CAkey $FN_CA.key -CAcreateserial -out $FN_CERT.crt -days 3650 -extfile extfile.cnf | |||
cp $FN_CERT.crt ../certs | |||
cp $FN_CERT.key ../private | |||
</pre> | </pre> | ||
Version vom 2. März 2015, 11:49 Uhr
Erstellen
openssl req -new -x509 -newkey rsa:2048 -keyout nginx.key -out nginx.pem -days 3650
Mit Signierung
FN_CA=dockerCA FN_CERT=hamatoma.de cd /etc/ssl test -d ca || mkdir ca cd ca openssl genrsa -out $FN_CA.key 2048 openssl req -x509 -new -nodes -key $FN_CA.key -days 3650 -out $FN_CA.crt openssl genrsa -out $FN_CERT.key 2048 # kein Passwort vergeben! openssl req -new -key $FN_CERT.key -out $FN_CERT.csr echo "subjectAltName = IP:212.144.248.3" > extfile.cnf openssl x509 -req -in $FN_CERT.csr -CA $FN_CA.crt -CAkey $FN_CA.key -CAcreateserial -out $FN_CERT.crt -days 3650 -extfile extfile.cnf cp $FN_CERT.crt ../certs cp $FN_CERT.key ../private
Passwort entfernen
openssl rsa -in nginx.key -out nginx.key
- Es wird einmal das Passwort abgefragt