OpenSSL Example Usages

openssl-example.ps1

# example creating certs for use with docker swarm 

$openssl = 'C:\Program Files (x86)\OpenSSL\1.0.1L\bin\openssl.exe'
$Utf8NoBomEncoding = New-Object System.Text.UTF8Encoding $False
$CN = "some-cert-name"
$Fqdn = "computer1.com"

# create a CA
& $openssl genrsa -aes256 -out ca-key.pem 4096
& $openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem -subj "/CN=$CN"

# create a server cert
# create key and csr
& $openssl genrsa -out server-key.pem 4096
& $openssl req -new -sha256  -key server-key.pem -out server.csr -subj "/CN=$Fqdn"

# sign server cert with the ca
$cnf = @"
subjectAltName = DNS:$Fqdn
extendedKeyUsage = serverAuth
"@
[System.IO.File]::WriteAllLines("$PSScriptRoot\server-extfile.cnf", $cnf, $Utf8NoBomEncoding)

& $openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem -extfile server-extfile.cnf

Remove-Item *.srl,*.csr,*.cnf


# create a client cert
# generate new certificate key
& $openssl genrsa -out key.pem 4096
& $openssl req -subj "/CN=$CN" -new -key key.pem -out client.csr

# sign this with the CA
$cnf = 'extendedKeyUsage = clientAuth'
[System.IO.File]::WriteAllLines("$PSScriptRoot\client-extfile.cnf", $cnf, $Utf8NoBomEncoding)
& $openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out cert.pem -extfile client-extfile.cnf

Remove-Item *.srl,*.csr,*.cnf