SSL short

From www.deloptes.org
Revision as of 12:29, 15 May 2015 by Admin (talk | contribs)
Jump to navigation Jump to search

Setup

create dir to store data

   mkdir -p /var/lib/ssl/{private,keys,certs,newcerts,crl,requests}

echo 01 > /var/lib/ssl/serial touch /var/lib/ssl/index.txt

set directory

  • put $dir = /var/lib/ssl/private/ in openssl.cnf

create root cert

openssl req -config /etc/openssl.cnf -new -x509 -keyout /var/lib/ssl/private/cakey.pem -out /var/lib/ssl/certs/cacert.pem

or to init the dir 

   ./CA.pl -newcert

   mv newkey.pem /var/lib/ssl/private/cakey.pem ; mv newcert.pem /var/lib/ssl/certs/cacert.pem

Strip the cert

First strip the certificate from all its text to keep only the -CERTIFICATE- section 

   openssl x509 -in /var/lib/ssl/certs/cacert.pem -out /var/lib/ssl/certs/cacert.crt

Requests

Create requests

   openssl req -config /etc/openssl.cnf -new -keyout /var/lib/ssl/requests/wwwreq.pem -out /var/lib/ssl/requests/wwwreq.pem

   openssl req -config /etc/openssl.cnf -new -keyout /var/lib/ssl/requests/www-localreq.pem -out /var/lib/ssl/requests/www-localreq.pem 

   openssl req -config /etc/openssl.cnf -new -keyout /var/lib/ssl/requests/smtpreq.pem \
               -out /var/lib/ssl/requests/smtpreq.pem 

   openssl req -config /etc/openssl.cnf -new -keyout /var/lib/ssl/requests/smtp-localreq.pem \
               -out /var/lib/ssl/requests/smtp-localreq.pem 

   openssl req -config /etc/openssl.cnf -new -keyout /var/lib/ssl/requests/mailreq.pem -out /var/lib/ssl/requests/mailreq.pem 

   openssl req -config /etc/openssl.cnf -new -keyout /var/lib/ssl/requests/mail-localreq.pem -out /var/lib/ssl/requests/mail-localreq.pem 

   openssl req -config /etc/openssl.cnf -new -keyout /var/lib/ssl/requests/vpnreq.pem -out /var/lib/ssl/requests/vpnreq.pem 

   openssl req -config /etc/openssl.cnf -new -keyout /var/lib/ssl/requests/vpn-localreq.pem -out /var/lib/ssl/requests/vpn-localreq.pem 

   openssl req -config /etc/openssl.cnf -new -keyout /var/lib/ssl/requests/maistor-localreq.pem -out /var/lib/ssl/requests/maistor-localreq.pem

Sign

  openssl ca -config /etc/openssl.cnf -policy policy_anything  \
               -out /var/lib/ssl/certs/wwwcert.pem -infiles /var/lib/ssl/requests/wwwreq.pem
  openssl ca -config /etc/openssl.cnf -policy policy_anything  \
               -out /var/lib/ssl/certs/www-localcert.pem -infiles /var/lib/ssl/requests/www-localreq.pem
  openssl ca -config /etc/openssl.cnf -policy policy_anything  \
               -out /var/lib/ssl/certs/smtpcert.pem -infiles /var/lib/ssl/requests/smtpreq.pem
  openssl ca -config /etc/openssl.cnf -policy policy_anything  \
               -out /var/lib/ssl/certs/smtp-localcert.pem -infiles /var/lib/ssl/requests/smtp-localreq.pem
  openssl ca -config /etc/openssl.cnf -policy policy_anything  \
               -out /var/lib/ssl/certs/mailcert.pem -infiles /var/lib/ssl/requests/mailreq.pem
  openssl ca -config /etc/openssl.cnf -policy policy_anything -out /var/lib/ssl/certs/mail-localcert.pem -infiles /var/lib/ssl/requests/mail-localreq.pem
  openssl ca -config /etc/openssl.cnf -policy policy_anything  \
               -out /var/lib/ssl/certs/vpncert.pem -infiles /var/lib/ssl/requests/vpnreq.pem
  openssl ca -config /etc/openssl.cnf -policy policy_anything  \
               -out /var/lib/ssl/certs/vpn-localcert.pem -infiles /var/lib/ssl/requests/vpn-localreq.pem
  openssl ca -config /etc/openssl.cnf -policy policy_anything  -out /var/lib/ssl/certs/maistor-localcert.pem -infiles /var/lib/ssl/requests/maistor-localreq.pem

Certificates

remove passwords

       openssl rsa  -in /var/lib/ssl/requests/wwwreq.pem 		-out /var/lib/ssl/keys/www.key
       openssl rsa  -in /var/lib/ssl/requests/www-localreq.pem	-out /var/lib/ssl/keys/www-local.key
         
       openssl rsa  -in /var/lib/ssl/requests/smtpreq.pem		-out /var/lib/ssl/keys/smtp.key
       openssl rsa  -in /var/lib/ssl/requests/smtp-localreq.pem -out /var/lib/ssl/keys/smtp-local.key
       
       openssl rsa  -in /var/lib/ssl/requests/mailreq.pem		-out /var/lib/ssl/keys/mail.key
       openssl rsa  -in /var/lib/ssl/requests/mail-localreq.pem -out /var/lib/ssl/keys/mail-local.key
 
       openssl rsa  -in /var/lib/ssl/requests/vpnreq.pem		-out /var/lib/ssl/keys/vpn.key
       openssl rsa  -in /var/lib/ssl/requests/vpn-localreq.pem -out /var/lib/ssl/keys/vpn-local.key
 
       openssl rsa  -in /var/lib/ssl/requests/maistor-localreq.pem -out /var/lib/ssl/keys/maistor-local.key

view content

       openssl x509 -in www.crt -text

gen dh

       openssl gendh -out /var/lib/ssl/keys/dh2048.key 2048
Retrieved from "http://deloptes.org/wiki/index.php?title=SSL_short&oldid=229"