Last active
July 18, 2021 21:34
-
-
Save risha700/ce2ed9f5e845874aa60e14a6ba7f91c4 to your computer and use it in GitHub Desktop.
Revisions
-
risha700 revised this gist
Jul 18, 2021 . No changes.There are no files selected for viewing
-
Jul 18, 2021 . 1 changed file with 17 additions and 12 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -30,19 +30,19 @@ openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateseria # server.csr.cnf ``` [req] default_bits=4096 prompt=no default_md=sha256 distinguished_name=dn [dn] C=US ST=California L=Long Beach O=E-LIFEHUB LTD OU=77 emailAddress=info@e-lifehub.com CN=building-crm.mac ``` # v3.ext @@ -52,8 +52,13 @@ basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment subjectAltName = @alt_names [ alternate_names ] DNS.1=building-crm.mac DNS.2=www.building-crm.mac DNS.3=localhost IP.1=127.0.0.1 IP.2=192.168.6.102 IP.3=::1 ``` -
Dec 15, 2019 . 1 changed file with 5 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -54,4 +54,8 @@ subjectAltName = @alt_names [alt_names] DNS.1 = localhost ``` # good refrence https://deliciousbrains.com/ssl-certificate-authority-for-local-https-development/ -
Dec 15, 2019 . 1 changed file with 6 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -6,20 +6,24 @@ ``` # generate a signing key openssl genrsa -des3 -out rootCA.key 2048 # request a root certificate openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem #DO NOT forget to validate root cert on macos keychain # Create a key and csr # request new key from a config file openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config <( cat server.csr.cnf ) # Sign them with the rootkey openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext ``` -
Dec 15, 2019 . 1 changed file with 4 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -24,6 +24,7 @@ openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateseria ``` # server.csr.cnf ``` [req] default_bits = 2048 prompt = no @@ -38,12 +39,15 @@ O=RandomOrganization OU=RandomOrganizationUnit emailAddress=hello@example.com CN = localhost ``` # v3.ext ``` authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment subjectAltName = @alt_names [alt_names] DNS.1 = localhost ``` -
Dec 15, 2019 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,49 @@ 1. Create a private key (as Root CA Key), keep this very private 2. Self-sign a root certificate 3. Install root CA on your various workstations 4. Create a CSR(Certificate Signing Request) for each of your authorized needed circumstances(device, server, client, etc.) 5. Sign CA with root CA Key ``` # generate a signing key openssl genrsa -des3 -out rootCA.key 2048 # request a root certificate openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem #DO NOT forget to validate root cert on macos keychain #then we can start signing servers cert # request new key from a config file openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config <( cat server.csr.cnf ) # request new certificate signed with the previous key openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext ``` # server.csr.cnf [req] default_bits = 2048 prompt = no default_md = sha256 distinguished_name = dn [dn] C=US ST=RandomState L=RandomCity O=RandomOrganization OU=RandomOrganizationUnit emailAddress=hello@example.com CN = localhost # v3.ext authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment subjectAltName = @alt_names [alt_names] DNS.1 = localhost