Zertifikat: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| (23 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
| Zeile 1: | Zeile 1: | ||
[[Kategorie:ServerApplikation]] | [[Kategorie:ServerApplikation]] [[Kategorie:Sicherheit]] | ||
== | == Dateitypen == | ||
* Encodings (also used as extensions) | |||
** .DER = The DER extension is used for binary DER encoded certificates. These files may also bear the CER or the CRT extension. | |||
** .PEM = The PEM extension is used for different types of X.509v3 files which contain ASCII (Base64) armored data prefixed with a “—– BEGIN …” line. | |||
* Extensions: | |||
= | ** .CRT = The CRT extension is used for certificates. The certificates may be encoded as binary DER or as ASCII PEM. The CER and CRT extensions are nearly synonymous. Most common among *nix systems | ||
** .CER = alternate form of .crt (Microsoft Convention) You can use MS to convert .crt to .cer (.both DER encoded .cer, or base64[PEM] encoded .cer) The .cer file extension is also recognized by IE as a command to run a MS cryptoAPI command (specifically rundll32.exe cryptext.dll,CryptExtOpenCER) which displays a dialogue for importing and/or viewing certificate contents. | |||
** KEY = The KEY extension is used both for public and private PKCS#8 keys. The keys may be encoded as binary DER or as ASCII PEM. | |||
openssl | == Wildcard-Zertifikat == | ||
<pre>ROOT_CA=rootCA | |||
VALID_DAYS=1000 | |||
CERT=vmd9593 | |||
# Schlüssel generieren, kein Passwort: | |||
openssl genrsa -out $CERT.key 2048 | |||
# Zertifikatsanfrage generieren: CN (Common Name) evt. IP-Adresse | |||
# | # Bei CN (Common Name) eintragen: "*.f-r-e-i.de" | ||
openssl req -new -key $CERT.key -out $CERT.csr -sha512 -config ./openssl.cnf | |||
openssl | |||
# Signieren: | |||
openssl x509 -req -days $VALID_DAYS -in $CERT.csr -signkey ${ROOT_CA}.key -out $CERT.pem | |||
openssl | |||
</pre> | </pre> | ||
Aktuelle Version vom 23. September 2015, 13:55 Uhr
Dateitypen[Bearbeiten]
- Encodings (also used as extensions)
- .DER = The DER extension is used for binary DER encoded certificates. These files may also bear the CER or the CRT extension.
- .PEM = The PEM extension is used for different types of X.509v3 files which contain ASCII (Base64) armored data prefixed with a “—– BEGIN …” line.
- Extensions:
- .CRT = The CRT extension is used for certificates. The certificates may be encoded as binary DER or as ASCII PEM. The CER and CRT extensions are nearly synonymous. Most common among *nix systems
- .CER = alternate form of .crt (Microsoft Convention) You can use MS to convert .crt to .cer (.both DER encoded .cer, or base64[PEM] encoded .cer) The .cer file extension is also recognized by IE as a command to run a MS cryptoAPI command (specifically rundll32.exe cryptext.dll,CryptExtOpenCER) which displays a dialogue for importing and/or viewing certificate contents.
- KEY = The KEY extension is used both for public and private PKCS#8 keys. The keys may be encoded as binary DER or as ASCII PEM.
Wildcard-Zertifikat[Bearbeiten]
ROOT_CA=rootCA
VALID_DAYS=1000
CERT=vmd9593
# Schlüssel generieren, kein Passwort:
openssl genrsa -out $CERT.key 2048
# Zertifikatsanfrage generieren: CN (Common Name) evt. IP-Adresse
# Bei CN (Common Name) eintragen: "*.f-r-e-i.de"
openssl req -new -key $CERT.key -out $CERT.csr -sha512 -config ./openssl.cnf
# Signieren:
openssl x509 -req -days $VALID_DAYS -in $CERT.csr -signkey ${ROOT_CA}.key -out $CERT.pem