Created
April 20, 2021 07:31
-
-
Save jbruchanov/8e0a5ea2dc56a2c3250184182c3145b5 to your computer and use it in GitHub Desktop.
SSL Certificates
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
? | |
https://stackoverflow.com/questions/12334468/java-sign-certificate-programmatically-without-bc | |
https://www.programmersought.com/article/50962351573/ | |
https://github.com/apache/commons-crypto | |
https://deliciousbrains.com/ssl-certificate-authority-for-local-https-development/ | |
#Private CA key | |
openssl genrsa -des3 -out myCA.key 2048 | |
#Public CA certificate | |
openssl req -x509 -new -nodes -key myCA.key -sha256 -days 1825 -out myCA.pem | |
#convert Public CA certificate PEM to CRT (to import it to windows) | |
openssl x509 -outform der -in myCA.pem -out myCA.crt | |
#generate our domain cert | |
openssl genrsa -out zunpa.cz.key 2048 | |
#create CSR | |
openssl req -new -key zunpa.cz.key -out zunpa.cz.csr | |
#generate config ext config -> zunpa.cz.ext | |
``` | |
authorityKeyIdentifier=keyid,issuer | |
basicConstraints=CA:FALSE | |
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment | |
subjectAltName = @alt_names | |
[alt_names] | |
DNS.1 = zunpa.cz | |
``` | |
openssl x509 -req -in zunpa.cz.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out zunpa.cz.crt -days 825 -sha256 -extfile zunpa.cz.ext | |
openssl pkcs12 -export -in zunpa.cz.crt -inkey zunpa.cz.key -out zunpa.cz.p12 | |
openssl pkcs12 -in _KuProxyServer.p12 -clcerts -nokeys -out server.crt | |
#works on android | |
openssl pkcs12 -in KuProxyCA.p12 -out KuProxyCA.p12.crt.pem -clcerts -nokeys | |
360x640 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment