Diferencia entre revisiones de «OpenSSL»
De gacq wiki
| Línea 1: | Línea 1: | ||
| + | = Self signed certificate = | ||
<pre> | <pre> | ||
openssl genrsa 2048 > /etc/ssl/private/`hostname`.key | openssl genrsa 2048 > /etc/ssl/private/`hostname`.key | ||
| Línea 5: | Línea 6: | ||
openssl req -new -key /etc/ssl/private/`hostname`.key -x509 -days 9999 -out /etc/ssl/certs/`hostname`.cert | openssl req -new -key /etc/ssl/private/`hostname`.key -x509 -days 9999 -out /etc/ssl/certs/`hostname`.cert | ||
</pre> | </pre> | ||
| + | |||
| + | = Own CA (Certification Authority) = | ||
| + | == Without phass phrase to use with daemons == | ||
| + | vi /etc/ssl/openssl.cnf | ||
| + | cd /srv | ||
| + | /usr/lib/ssl/misc/CA.pl -newca | ||
| + | vi /etc/ssl/openssl.cnf | ||
| + | mkdir /etc/ssl/`hostname` | ||
| + | cd /etc/ssl/`hostname` | ||
| + | /usr/lib/ssl/misc/CA.pl -newreq-nodes | ||
| + | /usr/lib/ssl/misc/CA.pl -signreq | ||
Revisión del 12:41 29 jul 2008
Self signed certificate
openssl genrsa 2048 > /etc/ssl/private/`hostname`.key chmod 640 /etc/ssl/private/`hostname`.key chown root:ssl-cert /etc/ssl/private/`hostname`.key openssl req -new -key /etc/ssl/private/`hostname`.key -x509 -days 9999 -out /etc/ssl/certs/`hostname`.cert
Own CA (Certification Authority)
Without phass phrase to use with daemons
vi /etc/ssl/openssl.cnf cd /srv /usr/lib/ssl/misc/CA.pl -newca vi /etc/ssl/openssl.cnf mkdir /etc/ssl/`hostname` cd /etc/ssl/`hostname` /usr/lib/ssl/misc/CA.pl -newreq-nodes /usr/lib/ssl/misc/CA.pl -signreq
