Differences

This shows you the differences between two versions of the page.

--- software:openssl:createca [2025/10/19 03:55] – rodolico
+++ software:openssl:createca [2025/10/20 00:01] (current) – rodolico
@@ Line 20: / Line 20: @@
 <code bash>
-# create a little directory tree.
-# Not required, but allows the certs to be kept organized
-mkdir -p /opt/localCert/newcerts
-mkdir -p /opt/localCert/private
-# this will store the indicies. Again, not required
-touch /opt/localCert/DailyDataCAindex
-cd /opt/localCert
 # create a random rsa key pair of 2048 bits and ask for encryption passphrase (min 8 char)
 openssl genpkey -algorithm RSA --outform PEM --des3 --out DailyDataCA.key --pkeyopt rsa_keygen_bits:2048
@@ Line 67: / Line 60: @@
 <code conf openssl.cnf>
+RANDFILE = ./.rnd # Used as a seed for random number generation for key files
 # this section is for requests
 [ req ]
@@ Line 72: / Line 66: @@
 default_md             = sha256 # use sha256 (default)
 prompt                 = no  # do not ask any questions you don't have to
+# override with -reqexts command line switch
+req_extensions         = v3_req # go look at v3_req section for the extensions def
+man x509v3_config
+# override with the -extensions command line switch
 distinguished_name     = req_distinguished_name # section where DN information stored
@@ Line 120: / Line 119: @@
   * //-reqexts// - use v3_ca section of config file also (for generating CA)
   * //-out// - name of the output file.
+==== View Cert ====
+You can view the certificate you created using the -text. With this, you can see the issuer (itself, self signed), the Signature Algorithm, the DN (Distinguished Name, the line starting with Subject:) and information about the public key and signature.
+<code bash>
+openssl x509 -in ca.pem -text -noout
+</code>
 ==== Modify openssl.cnf ====