A service of Daily Data, Inc.
Contact Form

User Tools

Site Tools


software:openssl:internalca:overview

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
software:openssl:internalca:overview [2025/10/25 03:07] – ↷ Page moved from software:openssl:overview to software:openssl:internalca:overview rodolicosoftware:openssl:internalca:overview [2025/10/25 03:25] (current) rodolico
Line 5: Line 5:
 ===== Flow ===== ===== Flow =====
  
-  - Generate private key for Certificate of Authority (CA), encrypted (-des3) +  - [[software:openssl:internalca:createca|]] 
-  - Generate Public Certificate for CA using //openssl req -x509//. Use long -days parameter (like 10 years) +    - Generate private key for Certificate of Authority (CA), encrypted (-des3) 
-  - Copy/import public portion (.crt) of the CA to all consumers of the server certificates, mainly workstations. +    - Generate Public Certificate for CA using //openssl req -x509//. Use long -days parameter (like 10 years) 
-  - for each server/service+  - [[software:openssl:internalca:installca|]] 
 +  - for each server/service, [[software:openssl:internalca:createconfig|]]
     - Generate new private key, if needed     - Generate new private key, if needed
     - Generate Certficate Signing Request (csr) using -days somewhere between 30 and 365 days     - Generate Certficate Signing Request (csr) using -days somewhere between 30 and 365 days
     - Generate Server Certificate combining private key, CSR and signing with CA     - Generate Server Certificate combining private key, CSR and signing with CA
     - Combine .key and .crt files into .pem     - Combine .key and .crt files into .pem
-    - Copy .key, .crt and .pem to server and configure/restart services+    - Copy .key, .crt and .pem to server and configure/restart services, see [[software:openssl:internalca:deploy|]]
   - Test   - Test
   - Prior to Server Certificate expiry   - Prior to Server Certificate expiry
software/openssl/internalca/overview.1761379625.txt.gz · Last modified: 2025/10/25 03:07 by rodolico