Skip to content

Instantly share code, notes, and snippets.

@minrwhite
Last active September 11, 2020 02:05
Show Gist options
  • Save minrwhite/a2ee7c5107bcc5a350bf541e363ac0ac to your computer and use it in GitHub Desktop.
Save minrwhite/a2ee7c5107bcc5a350bf541e363ac0ac to your computer and use it in GitHub Desktop.
cfssl pathlen weirdness
{
"CN": "My Root CA",
"key": {
"algo": "ecdsa",
"size": 256
},
"names": [
{
"C": "GB",
"L": "Bristol",
"O": "Acme Software Ltd.",
"ST": "England",
"OU": "Support"
}
],
"CA": {
"pathlen": 0
}
}
{
"signing": {
"default": {
"expiry": "2160h"
},
"profiles": {
"intermediate": {
"usages": [
"signing",
"cert sign",
"crl sign"
],
"expiry": "2160h",
"is_ca": true
}
}
}
}
#!/bin/sh
cfssl gencert -initca ca-csr.json 2>out-ca.txt | cfssljson -bare ca -
cfssl gencert -ca ca.pem -ca-key ca-key.pem -config config.json -profile="intermediate" int-csr.json 2>>out-int.txt | cfssljson -bare int -
{
"CN": "My Intermediate CA",
"hosts": [
""
],
"key": {
"algo": "ecdsa",
"size": 256
},
"names": [
{
"C": "GB",
"L": "Bristol",
"O": "Acme Software Ltd.",
"ST": "England",
"OU": "Support"
}
],
"CA": {
"pathlen": 0
}
}
2016/04/06 21:43:29 [INFO] generating a new CA key and certificate from CSR
2016/04/06 21:43:29 [INFO] generate received request
2016/04/06 21:43:29 [INFO] received CSR
2016/04/06 21:43:29 [INFO] generating key: ecdsa-256
2016/04/06 21:43:29 [INFO] encoded CSR
2016/04/06 21:43:29 [INFO] signed certificate with serial number 490740001196759146705435558794779121141306255599
ca section only permitted in initca
@smartvolshell
Copy link

[ca section only permitted in initca]
what does this mean?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment