Difference between revisions of "Openssl"
| Line 51: | Line 51: | ||
====creating a certificate signing authority ca==== | ====creating a certificate signing authority ca==== | ||
https://jamielinux.com/docs/openssl-certificate-authority/create-the-root-pair.html | https://jamielinux.com/docs/openssl-certificate-authority/create-the-root-pair.html | ||
Acting as a certificate authority (CA) means dealing with cryptographic pairs of private keys and public certificates. The very first cryptographic pair we’ll create is the root pair. This consists of the root key (ca.key.pem) and root certificate (ca.cert.pem). This pair forms the identity of your CA. | |||
in C:\wamp\vhosts\somecerts\caSetup | |||
put in a openssl.conf | |||
openssl genrsa -aes256 -out private/ca.key.pem 4096 //pwd required | |||
openssl req -config openssl.conf -key private/ca.key.pem -new -x509 -days 12000 -sha256 -extensi ons v3_ca -out certs/ca.cert.pem | |||
Revision as of 13:26, 3 February 2017
openssl
back to esp8266
in cd ../vhosts/somecerts/smallcerts/
Generate a Private Key and a CSR
openssl req -newkey rsa:512 -nodes -keyout domain.key -out domain.csr
Generate a Self-Signed Certificate from an Existing Private Key
openssl req -key domain.key -new -x509 -days 365 -out domain.crt
View CSR Entries
openssl req -text -noout -verify -in domain.csr
View Certificate Entries
openssl x509 -text -noout -in domain.crt
Verify a Certificate was Signed by a CA
openssl verify -verbose -CAFile ca.crt domain.crt
from https://www.feistyduck.com/library/openssl-cookbook/online/ch-openssl.html#
openssl genrsa -out fd.key 512 //create private key (no pass) openssl rsa -in fd.key -pubout -out fd-public.key //to separate out the public key openssl req -new -key fd.key -out fd.csr //create csr from key openssl req -text -in fd.csr -noout //show your csr openssl x509 -req -days 365 -in fd.csr -signkey fd.key -out fd.crt // create a cert w/o questions openssl x509 -text -in fd.crt -noout //view the cert openssl x509 -text -noout -in fd.crt -fingerprint //GET A CERTS FINGERPRINT
Ciphers
openssl ciphers -v 'ALL:COMPLEMENTOFALL' //list available
https://engineering.circle.com/https-authorized-certs-with-node-js-315e548354a2#.3atvisjhz
vis a vis letsencrypt
- your key file will be privkey.pem
- your cert file will be cert.pem
- your ca file will be chain.pem or fullchain.pem ( depending exactly what you need )
creating a certificate signing authority ca
https://jamielinux.com/docs/openssl-certificate-authority/create-the-root-pair.html
Acting as a certificate authority (CA) means dealing with cryptographic pairs of private keys and public certificates. The very first cryptographic pair we’ll create is the root pair. This consists of the root key (ca.key.pem) and root certificate (ca.cert.pem). This pair forms the identity of your CA.
in C:\wamp\vhosts\somecerts\caSetup
put in a openssl.conf openssl genrsa -aes256 -out private/ca.key.pem 4096 //pwd required openssl req -config openssl.conf -key private/ca.key.pem -new -x509 -days 12000 -sha256 -extensi ons v3_ca -out certs/ca.cert.pem
