Skip to content

Instantly share code, notes, and snippets.

@superseb

superseb/openssl-generate-rsa-pss.sh

Created March 1, 2019 17:16
Show Gist options
  • Save superseb/788a234647324b49ee5a56e07e3a91ac to your computer and use it in GitHub Desktop.
Save superseb/788a234647324b49ee5a56e07e3a91ac to your computer and use it in GitHub Desktop.
Download ZIP
Generate openssl pss certificate
Raw
openssl-generate-rsa-pss.sh
# Generate RSASSA-PSS private key for CA
# The key size is 2048; the exponent is 65537
openssl genpkey -algorithm rsa-pss -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 -out CA.priKey
# Generate self-signed RSASSA-PSS CA
openssl req -x509 -new -key CA.priKey -subj "/CN=CA" -sha256 -out CA.cer
# Generate RSASSA-PSS private key for EE
#openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 -out EE.priKey
openssl genpkey -algorithm rsa-pss -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 -out EE.priKey
# Generate certificate signing request for RSASSA-PSS EE
openssl req -new -key EE.priKey -subj "/CN=rancher.my.org" -sha256 -out EE.csr
# Generate RSASSA-PSS EE based on the above CSR, and sign it with the above RSASSA-PSS CA
openssl x509 -req -CAcreateserial -in EE.csr -sha256 -CA CA.cer -CAkey CA.priKey -out EE.cer
@mspncp
Copy link

mspncp commented Apr 8, 2022
edited
Loading

I have similar problems with the second command.

Your problem is not similar. It is simple: 😉

openssl req -x509 -new -key CA.priKey -subj "/CN=CA" -sha256 -out CA.cer
Can't open C:\ci\openssl_1587479240221_h_env\Library/openssl.cnf for reading, No such file or directory
11040:error:02001003:system library:fopen:No such process:crypto\bio\bss_file.c:69:fopen('C:\ci\openssl_1587479240221_h_env
\Library/openssl.cnf','r') 11040:error:2006D080:BIO routines:BIO_new_file:no such file:crypto\bio\bss_file.c:76:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment