Difference between revisions of "Openssl"

openssl

back to esp8266

https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs

in cd ../vhosts/somecerts/smallcerts/

Generate a Private Key and a CSR

openssl req -newkey rsa:512 -nodes -keyout domain.key -out domain.csr

Generate a Self-Signed Certificate from an Existing Private Key

openssl req -key domain.key -new -x509 -days 365 -out domain.crt

View CSR Entries

openssl req -text -noout -verify -in domain.csr

View Certificate Entries

openssl x509 -text -noout -in domain.crt

Verify a Certificate was Signed by a CA

openssl verify -verbose -CAFile ca.crt domain.crt

from https://www.feistyduck.com/library/openssl-cookbook/online/ch-openssl.html#

openssl genrsa -out fd.key 512                           //create private key (no pass)
openssl rsa -in fd.key -pubout -out fd-public.key        //to separate out the public key
openssl req -new -key fd.key -out fd.csr                 //create csr from key
openssl req -text -in fd.csr -noout                      //show your csr
openssl x509 -req -days 365 -in fd.csr -signkey fd.key -out fd.crt          // create a cert w/o questions
openssl x509 -text -in fd.crt -noout                     //view the cert
openssl x509 -text -noout -in fd.crt -fingerprint        //GET A CERTS FINGERPRINT

Ciphers

openssl ciphers -v 'ALL:COMPLEMENTOFALL'                 //list available

https://engineering.circle.com/https-authorized-certs-with-node-js-315e548354a2#.3atvisjhz

vis a vis letsencrypt

your key file will be privkey.pem

your cert file will be cert.pem

your ca file will be chain.pem or fullchain.pem ( depending exactly what you need )

creating a certificate signing authority ca

https://jamielinux.com/docs/openssl-certificate-authority/create-the-root-pair.html

Acting as a certificate authority (CA) means dealing with cryptographic pairs of private keys and public certificates. The very first cryptographic pair we’ll create is the root pair. This consists of the root key (ca.key.pem) and root certificate (ca.cert.pem). This pair forms the identity of your CA.

in C:\wamp\vhosts\somecerts\caSetup create root certificates

put in a openssl.conf
openssl genrsa -aes256 -out private/ca.key.pem 4096 //pwd required 
openssl req -config openssl.conf -key private/ca.key.pem -new -x509 -days 12000 -sha256 -extensions v3_ca -out certs/ca.cert.pem //need privar pwd and Common Name hpTimCa
openssl x509 -noout -text -in certs/ca.cert.pem //verify root cert

create intermediate certs

 cd intermediate
 mkdir certs crl csr newcerts private
 chmod 700 private
 touch index.txt
 echo 1000 > serial
 echo 1000 > crlnumber
openssl genrsa -aes256 -out intermediate/private/intermediate.key.pem 4096 //same pwd
openssl req -config intermediate/openssl.conf -new -sha256 -key intermediate/private/intermediate.key.pem -out intermediate/csr/intermediate.csr.pem
openssl ca -config openssl.conf -extensions v3_intermediate_ca -days 10900 -notext -md sha256 -in intermediate/csr/intermediate.csr.pem -out intermediate/certs/intermediate.cert.pem
openssl x509 -noout -text -in intermediate/certs/intermediate.cert.pem