-
-
Save superseb/788a234647324b49ee5a56e07e3a91ac to your computer and use it in GitHub Desktop.
| # Generate RSASSA-PSS private key for CA | |
| # The key size is 2048; the exponent is 65537 | |
| openssl genpkey -algorithm rsa-pss -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 -out CA.priKey | |
| # Generate self-signed RSASSA-PSS CA | |
| openssl req -x509 -new -key CA.priKey -subj "/CN=CA" -sha256 -out CA.cer | |
| # Generate RSASSA-PSS private key for EE | |
| #openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 -out EE.priKey | |
| openssl genpkey -algorithm rsa-pss -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 -out EE.priKey | |
| # Generate certificate signing request for RSASSA-PSS EE | |
| openssl req -new -key EE.priKey -subj "/CN=rancher.my.org" -sha256 -out EE.csr | |
| # Generate RSASSA-PSS EE based on the above CSR, and sign it with the above RSASSA-PSS CA | |
| openssl x509 -req -CAcreateserial -in EE.csr -sha256 -CA CA.cer -CAkey CA.priKey -out EE.cer |
Hi..I need one more info here, in this you are passing rsa-pss, but how does it decides PSSParameters?
Good day,
I have similar problems with the second command.
openssl req -x509 -new -key CA.priKey -subj "/CN=CA" -sha256 -out CA.cer
Can't open C:\ci\openssl_1587479240221_h_env\Library/openssl.cnf for reading, No such file or directory
11040:error:02001003:system library:fopen:No such process:crypto\bio\bss_file.c:69:fopen('C:\ci\openssl_1587479240221_h_env\Library/openssl.cnf','r')
11040:error:2006D080:BIO routines:BIO_new_file:no such file:crypto\bio\bss_file.c:76:
Is this approach still up to date? I am using version OpenSSL 1.1.1g 21 Apr 2020.
Are there other instructions for creating an RSA-PSS certificate?
@3ddministrator can you share exact OS you are using? This is still valid, just tested on Ubuntu 20.04
I have similar problems with the second command.
Your problem is not similar. It is simple: 😉
openssl req -x509 -new -key CA.priKey -subj "/CN=CA" -sha256 -out CA.cer
Can't open C:\ci\openssl_1587479240221_h_env\Library/openssl.cnf for reading, No such file or directory
11040:error:02001003:system library:fopen:No such process:crypto\bio\bss_file.c:69:fopen('C:\ci\openssl_1587479240221_h_env
\Library/openssl.cnf','r') 11040:error:2006D080:BIO routines:BIO_new_file:no such file:crypto\bio\bss_file.c:76:
sorry the problem here was, I have two openssl in same setup one is 1.0.2 and other is 1.1.1 , and used 1.0.2 for second command