vreemt/openssl.md

Last active January 21, 2020 17:28

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/vreemt/d79a7ad0b5cb53242237b2c760eda8c7.js"></script>
Save vreemt/d79a7ad0b5cb53242237b2c760eda8c7 to your computer and use it in GitHub Desktop.

Download ZIP

OpenSSL certs with CA signing

Raw

Creating a CA signed cert with OpenSSL

see also

generating files - *.crt, *.key, *.pubkey, *.csr, *.srl

ca.pem -- root CA
cert.pem -- server cert

example.org: special.io

ca.crt: testme.io

Generate key and signing request for server cert

openssl genrsa -out example.org.key 2048
openssl rsa -in example.org.key -pubout -out example.org.pubkey

# server CN - special.io
openssl req -new -key example.org.key -out example.org.csr

Generate key and cert for CA

# ca CN - testme.io
openssl genrsa -out ca.key 2048
openssl req -new -x509 -key ca.key -out ca.crt

Generate cert via CSR and CA

openssl x509 -req -in example.org.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out example.org.crt

Check issuer and subject CN

signing crt with ca should result in a serial file (ca.srl) being created,
contents should match the (hex) serial number for the server cert

openssl x509 -in example.org.crt -noout -issuer -subject
# issuer= /C=GB/L=Default City/O=Default Company Ltd/CN=testme.io
# subject= /C=GB/L=Default City/O=Default Company Ltd/CN=special.io

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment