Last active
September 11, 2020 02:05
-
-
Save minrwhite/a2ee7c5107bcc5a350bf541e363ac0ac to your computer and use it in GitHub Desktop.
cfssl pathlen weirdness
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
*.pem | |
*.csr |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"CN": "My Root CA", | |
"key": { | |
"algo": "ecdsa", | |
"size": 256 | |
}, | |
"names": [ | |
{ | |
"C": "GB", | |
"L": "Bristol", | |
"O": "Acme Software Ltd.", | |
"ST": "England", | |
"OU": "Support" | |
} | |
], | |
"CA": { | |
"pathlen": 0 | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"signing": { | |
"default": { | |
"expiry": "2160h" | |
}, | |
"profiles": { | |
"intermediate": { | |
"usages": [ | |
"signing", | |
"cert sign", | |
"crl sign" | |
], | |
"expiry": "2160h", | |
"is_ca": true | |
} | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
cfssl gencert -initca ca-csr.json 2>out-ca.txt | cfssljson -bare ca - | |
cfssl gencert -ca ca.pem -ca-key ca-key.pem -config config.json -profile="intermediate" int-csr.json 2>>out-int.txt | cfssljson -bare int - |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"CN": "My Intermediate CA", | |
"hosts": [ | |
"" | |
], | |
"key": { | |
"algo": "ecdsa", | |
"size": 256 | |
}, | |
"names": [ | |
{ | |
"C": "GB", | |
"L": "Bristol", | |
"O": "Acme Software Ltd.", | |
"ST": "England", | |
"OU": "Support" | |
} | |
], | |
"CA": { | |
"pathlen": 0 | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2016/04/06 21:43:29 [INFO] generating a new CA key and certificate from CSR | |
2016/04/06 21:43:29 [INFO] generate received request | |
2016/04/06 21:43:29 [INFO] received CSR | |
2016/04/06 21:43:29 [INFO] generating key: ecdsa-256 | |
2016/04/06 21:43:29 [INFO] encoded CSR | |
2016/04/06 21:43:29 [INFO] signed certificate with serial number 490740001196759146705435558794779121141306255599 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ca section only permitted in initca |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
[ca section only permitted in initca]
what does this mean?