viernes, 5 de junio de 2009

OpenSSL Basic CA operation

With the following commands you will be able to generate certificates with your own CA, for testing porpuoses. So... Enjoy!!!

Generating CA:

openssl req -x509 -nodes -days 365 -subj "/C=ES/O=Recipes/CN=ca" -newkey rsa:1024 -keyout ca_key.pem -out ca_pub.pem

Generate a client private key and csr:
openssl req -newkey rsa:1024 -out p10.p10 -keyout privket.pem

Generate a self signed certificate based on a csr:
openssl x509 -req -days 360 -in p10.p10 -signkey privket.pem -out server.crt

Sign a certificate request.
openssl ca -in p10.p10 -out server.p

Generate a PKCS12
openssl pkcs12 -export -in signcert.pem -out signFile.p12 -name "certSign" -inkey domainname.key -CAfile cacert.cer -chain

Extract a private key from a PKCS12 crypto bag
openssl pkcs12 -nokeys -in Certificado.p12 -passin pass:12345678 -out Certificado.pem

Other operations

Display the contents of a certificate:

 openssl x509 -in cert.pem -noout -text

Display the certificate serial number:

 openssl x509 -in cert.pem -noout -serial

Display the certificate subject name:

 openssl x509 -in cert.pem -noout -subject

Extract the private key:


openssl pkcs12 -nocerts -out userkey.pem -in cert.p12

No hay comentarios:

Publicar un comentario