Skip to content

Instantly share code, notes, and snippets.

@wiz

wiz/README.md

Created August 14, 2018 12:10
Show Gist options
  • Save wiz/6083cf8ebe59cc659b0070cc14e77c35 to your computer and use it in GitHub Desktop.
Save wiz/6083cf8ebe59cc659b0070cc14e77c35 to your computer and use it in GitHub Desktop.
Download ZIP
openssl CA creation commands
Raw
README.md

initial setup:

mkdir /data/ca
mkdir /data/ca/private
mkdir /data/ca/newcerts
touch /data/ca/index.txt
echo 1001 > /data/ca/serial

ca key generate:

openssl genrsa -des3 -out /data/ca/private/cakey.pem 4096

self-sign ca cert:

openssl req -sha256 -new -x509 -days 3650 -key /data/ca/private/cakey.pem -out /data/ca/cacert.pem -config /usr/local/openssl/openssl.cnf

host key generate key+csr:

openssl req -sha256 -newkey rsa:2048 -nodes -keyout server.key -config /usr/local/openssl/openssl.cnf -out server.csr

host CSR:

openssl req -sha256 -new -key aoyama.key -config /usr/local/openssl/openssl.cnf -out aoyama.csr

ca sign host key:

openssl ca -config /usr/local/openssl/openssl.cnf -out server.crt -infiles server.csr

dh param generate:

openssl dhparam -out dh2048.pem 2048

convert to google appengine format:

openssl rsa -in server.key -text > private.pem
openssl x509 -inform PEM -in server.crt > public.pem
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment