Skip to content

Instantly share code, notes, and snippets.

@tsaarni

tsaarni/cfssl-ca-tips.md

Created September 10, 2017 07:03
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save tsaarni/557511180c49e9a3c281f5b67f25b093 to your computer and use it in GitHub Desktop.
Save tsaarni/557511180c49e9a3c281f5b67f25b093 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
cfssl-ca-tips.md

Install CFSSL

https://github.com/cloudflare/cfssl

go get -v -u github.com/cloudflare/cfssl/cmd/cfssl
go get -v -u github.com/cloudflare/cfssl/cmd/...

Create new CA

cat > root-ca-csr.json <<EOF
{
  "CN": "cluster-ca",
  "key": {
    "algo": "ecdsa",
    "size": 256
  },
  "ca": {
    "expiry": "876000h"
  }
}
EOF
    
cfssl gencert -initca root-ca-csr.json | cfssljson -bare root-ca

Create client cert

cat > node-csr.json <<EOF
{
  "CN": "node1.local",
  "Hosts": [
    "node1.local"
  ]
}
EOF

cfssl gencert -ca root-ca.pem -ca-key root-ca-key.pem node-csr.json | cfssljson -bare node

Commands

cfssl certinfo -cert cert.pem           # print certificate
cfssl certinfo -domain www.google.com   # print certificate from web server
cfssl certinfo -csr request.csr         # print CSR
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment