Skip to content
Snippets Groups Projects
Commit b752b50a authored by mazenovi's avatar mazenovi
Browse files

generate CA and associated keys

parent 7007dd74
Branches
No related tags found
No related merge requests found
...@@ -116,16 +116,35 @@ sudo apache2ctl restart ...@@ -116,16 +116,35 @@ sudo apache2ctl restart
############################# #############################
# generate certificate # generate certificate
# sudo mkdir -p /etc/apache2/ssl # sudo mkdir -p /etc/apache2/ssl
# https://datacenteroverlords.com/2012/03/01/creating-your-own-ssl-certificate-authority/ # http://superuser.com/questions/126121/how-to-create-my-own-certificate-chain
# https://blogs.msdn.microsoft.com/benjaminperkins/2014/05/05/make-your-own-ssl-certificate-for-testing-and-learning/
openssl req -new -newkey rsa:1024 -nodes -out ca.csr -keyout ca.key
openssl x509 -trustout -signkey ca.key -days 365 -req -in ca.csr -out ca.pem
openssl genrsa -out client.key 1024
openssl req -new -key client.key -out client.csr
openssl ca -in client.csr -out client.cer
# https://blog.didierstevens.com/2008/12/30/howto-make-your-own-cert-with-openssl/
# 4096-bit long RSA key for our root CA and store it in file ca.key:
openssl genrsa -out ca.key 4096
# self-signed root CA certificate ca.crt; you’ll need to provide an identity for your root CA:
openssl req -new -x509 -days 1826 -key ca.key -out ca.crt
# create our subordinate CA that will be used for the actual signing. First, generate the key:
openssl genrsa -out ia.key 4096
# process the request for the subordinate CA certificate and get it signed by the root CA.
openssl x509 -req -days 730 -in ia.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out ia.crt
# To use this subordinate CA key for Authenticode signatures with Microsoft’s signtool, you’ll have to package the keys and certs in a PKCS12 file:
openssl pkcs12 -export -out ia.p12 -inkey ia.key -in ia.crt -chain -CAfile ca.crt
# création du certificat # création du certificat
# https://datacenteroverlords.com/2012/03/01/creating-your-own-ssl-certificate-authority/
# https://blogs.msdn.microsoft.com/benjaminperkins/2014/05/05/make-your-own-ssl-certificate-for-testing-and-learning/
# http://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl # http://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl
# https://softwareinabottle.wordpress.com/2011/12/18/creating-self-signed-certificates-on-ubuntu-server/ # https://softwareinabottle.wordpress.com/2011/12/18/creating-self-signed-certificates-on-ubuntu-server/
# with let's encrypt? # with let's encrypt?
# http://www.fidian.com/programming/public-dns-pointing-to-localhost # http://www.fidian.com/programming/public-dns-pointing-to-localhost
# OPTIONAL # OPTIONAL
# STEP 9 - nginx as reverse proxy / http router - nginx front serve listen 80 # STEP 9 - nginx as reverse proxy / http router - nginx front serve listen 80
# STEP 10 - nginx as reverse proxy / https router - nginx front serve listen 443 - configure cert ssl with nginx # STEP 10 - nginx as reverse proxy / https router - nginx front serve listen 443 - configure cert ssl with nginx
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment