wiki:creating_ca_and_signing_server_and_client_certs_with_openssl
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
wiki:creating_ca_and_signing_server_and_client_certs_with_openssl [2022/07/15 15:01] – [Configuring your CA] add warning about absolute path antisa | wiki:creating_ca_and_signing_server_and_client_certs_with_openssl [2022/10/24 16:46] – add commands to generate server and client key without passwords antisa | ||
---|---|---|---|
Line 20: | Line 20: | ||
===== Create the CA ===== | ===== Create the CA ===== | ||
- | ==== Create CA private key ==== | + | Generate CA private key with or without passphrase |
+ | |||
+ | ==== Create CA private key without passphrase ==== | ||
+ | openssl genrsa -out rootCA.key 4096 | ||
+ | |||
+ | ==== Create CA private key with passphrase | ||
openssl genrsa -des3 -passout pass:qwerty -out private/ | openssl genrsa -des3 -passout pass:qwerty -out private/ | ||
- | ==== Remove passphrase ==== | + | ==== Remove passphrase |
openssl rsa -passin pass:qwerty -in private/ | openssl rsa -passin pass:qwerty -in private/ | ||
Line 31: | Line 36: | ||
===== Create a SSL Server certificate ===== | ===== Create a SSL Server certificate ===== | ||
- | ==== Create private key for the server ==== | + | |
+ | ==== Create private key for the server | ||
+ | openssl genrsa -out private/ | ||
+ | |||
+ | ==== Create private key for the server with passphrase | ||
openssl genrsa -des3 -passout pass:qwerty -out private/ | openssl genrsa -des3 -passout pass:qwerty -out private/ | ||
Line 46: | Line 55: | ||
===== Create a SSL Client certificate ===== | ===== Create a SSL Client certificate ===== | ||
+ | |||
+ | ==== Create private key for the client without passphrase ==== | ||
+ | openssl genrsa -out private/ | ||
+ | |||
==== Create private key for a client ==== | ==== Create private key for a client ==== | ||
Line 51: | Line 64: | ||
==== Remove passphrase ==== | ==== Remove passphrase ==== | ||
- | + | ||
openssl rsa -passin pass:qwerty -in private/ | openssl rsa -passin pass:qwerty -in private/ | ||
Line 68: | Line 81: | ||
====== Tested on ====== | ====== Tested on ====== | ||
- | * Ubuntu 18.04 | + | * Ubuntu 18.04, 20.04.04 |
+ | * stunnel | ||
====== See also ====== | ====== See also ====== |
wiki/creating_ca_and_signing_server_and_client_certs_with_openssl.txt · Last modified: 2024/04/09 14:08 by antisa