earthquakesan · July 12, 2021 10:03
diff --git a/gistfile1.txt b/gistfile1.txt
 # Create CA & Server Cert

 ## Create CA

 ```
 cat <<EOF > openssl.cnf
 [ req ]
 #default_bits           = 2048
 #default_md             = sha256
 #default_keyfile        = privkey.pem
 distinguished_name      = req_distinguished_name
 attributes              = req_attributes

 [ req_distinguished_name ]
 countryName                     = DE
 countryName_min                 = 2
 countryName_max                 = 2
 stateOrProvinceName             = Sachsen
 localityName                    = Leipzig
 0.organizationName              = DevOps
 organizationalUnitName          = Team
 commonName                      = localhost
 commonName_max                  = 64
 emailAddress                    = your@mail
 emailAddress_max                = 64

 [ req_attributes ]
 challengePassword               = A challenge password
 challengePassword_min           = 4
 challengePassword_max           = 20

 [ v3_req ]
 basicConstraints = CA:FALSE
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 #extendedKeyUsage=serverAuth
 subjectAltName = @alt_names

 [ alt_names ]
 DNS = localhost
 IP = 127.0.0.1

 [ v3_ca ]
 basicConstraints = critical,CA:TRUE
 subjectKeyIdentifier = hash
 authorityKeyIdentifier = keyid:always,issuer:always
 EOF

 openssl genrsa -out ca.key 2048
 # Use v3_ca section to create CA
 openssl req -x509 -new -nodes -key ca.key -subj "/CN=localhost" -days 3650 -out ca.crt -extensions v3_ca -config openssl.cnf
 ```

 ## Create Server Certificate

 ```
 openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out server.key
 # Use v3_req section to create request
 openssl req -subj "/CN=localhost" -extensions v3_req -sha256 -new -addext "subjectAltName = DNS:localhost" -key server.key -out server.csr 
 openssl req -text -noout -verify -in server.csr

 # Use v3_req section to create certificate
 openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -out server.crt -CAcreateserial -days 365 -sha256 -extfile openssl.cnf -extensions v3_req
 openssl x509 -in server.crt -text -noout
 ```
	# Create CA & Server Cert

	## Create CA

	```
	cat <<EOF > openssl.cnf
	[ req ]
	#default_bits = 2048
	#default_md = sha256
	#default_keyfile = privkey.pem
	distinguished_name = req_distinguished_name
	attributes = req_attributes

	[ req_distinguished_name ]
	countryName = DE
	countryName_min = 2
	countryName_max = 2
	stateOrProvinceName = Sachsen
	localityName = Leipzig
	0.organizationName = DevOps
	organizationalUnitName = Team
	commonName = localhost
	commonName_max = 64
	emailAddress = your@mail
	emailAddress_max = 64

	[ req_attributes ]
	challengePassword = A challenge password
	challengePassword_min = 4
	challengePassword_max = 20

	[ v3_req ]
	basicConstraints = CA:FALSE
	keyUsage = nonRepudiation, digitalSignature, keyEncipherment
	#extendedKeyUsage=serverAuth
	subjectAltName = @alt_names

	[ alt_names ]
	DNS = localhost
	IP = 127.0.0.1

	[ v3_ca ]
	basicConstraints = critical,CA:TRUE
	subjectKeyIdentifier = hash
	authorityKeyIdentifier = keyid:always,issuer:always
	EOF

	openssl genrsa -out ca.key 2048
	# Use v3_ca section to create CA
	openssl req -x509 -new -nodes -key ca.key -subj "/CN=localhost" -days 3650 -out ca.crt -extensions v3_ca -config openssl.cnf
	```

	## Create Server Certificate

	```
	openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out server.key
	# Use v3_req section to create request
	openssl req -subj "/CN=localhost" -extensions v3_req -sha256 -new -addext "subjectAltName = DNS:localhost" -key server.key -out server.csr
	openssl req -text -noout -verify -in server.csr

	# Use v3_req section to create certificate
	openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -out server.crt -CAcreateserial -days 365 -sha256 -extfile openssl.cnf -extensions v3_req
	openssl x509 -in server.crt -text -noout
	```
No results found