software:openssl:createca
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| software:openssl:createca [2025/10/19 16:09] – rodolico | software:openssl:createca [2025/10/20 00:01] (current) – rodolico | ||
|---|---|---|---|
| Line 20: | Line 20: | ||
| <code bash> | <code bash> | ||
| - | # create a little directory tree. | ||
| - | # Not required, but allows the certs to be kept organized | ||
| - | mkdir -p / | ||
| - | mkdir -p / | ||
| - | # this will store the indicies. Again, not required | ||
| - | touch / | ||
| - | cd / | ||
| # create a random rsa key pair of 2048 bits and ask for encryption passphrase (min 8 char) | # create a random rsa key pair of 2048 bits and ask for encryption passphrase (min 8 char) | ||
| openssl genpkey -algorithm RSA --outform PEM --des3 --out DailyDataCA.key --pkeyopt rsa_keygen_bits: | openssl genpkey -algorithm RSA --outform PEM --des3 --out DailyDataCA.key --pkeyopt rsa_keygen_bits: | ||
| Line 67: | Line 60: | ||
| <code conf openssl.cnf> | <code conf openssl.cnf> | ||
| + | RANDFILE = ./.rnd # Used as a seed for random number generation for key files | ||
| # this section is for requests | # this section is for requests | ||
| [ req ] | [ req ] | ||
| Line 72: | Line 66: | ||
| default_md | default_md | ||
| prompt | prompt | ||
| + | # override with -reqexts command line switch | ||
| + | req_extensions | ||
| + | man x509v3_config | ||
| + | |||
| + | # override with the -extensions command line switch | ||
| distinguished_name | distinguished_name | ||
software/openssl/createca.1760908141.txt.gz · Last modified: 2025/10/19 16:09 by rodolico