Zuletzt angesehen:
Sie befinden sich hier: start » linux » ssl

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen RevisionVorhergehende Überarbeitung
Nächste Überarbeitung		Vorhergehende Überarbeitung
linux:ssl [2014/01/13 08:15] swordfishlinux:ssl [2025/01/25 16:56] (aktuell) – Externe Bearbeitung 127.0.0.1
Zeile 1: Zeile 1:
-Standard:+Standard CSR mit neuen Key:
 <code bash> <code bash>
-openssl genrsa -des3 -out ssl.key 4096 +openssl req -out server.csr -new -sha512 -newkey rsa:4096 -nodes -keyout server.key 
-openssl req -new -key ssl.key -out ssl.csr +</code> 
-openssl rsa -in ssl.key -out ssl.key +Standard CSR mit alten Key; 
-openssl x509 -in ssl.csr -out ssl.crt  -req -signkey ssl.key -days 365+<code bash> 
 +openssl req -out server.csr -new -sha512 -key server.key 
 +</code> 
 + 
 +Self-signed Certificate: 
 +<code bash> 
 +openssl req -x509 -sha512 -nodes -days 365 -newkey rsa:4096 -keyout server.key -out server.crt
 </code> </code>
  
 Certificate Authority (CA) Certificate: Certificate Authority (CA) Certificate:
 <code bash> <code bash>
-openssl genrsa -des3 -out ca.key 4096 +openssl genrsa -aes256 -out ca.key 4096 
-openssl req -new -key ca.key -out ca.csr +openssl req -new -sha512 -key ca.key -out ca.csr 
-openssl x509 -req -days 1825 -in ca.csr -signkey ca.key -out ca.crt+openssl x509 -sha512 -req -days 1825 -in ca.csr -signkey ca.key -out ca.crt 
 +openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 365
 </code> </code>
  
 Client Certificate: Client Certificate:
 <code bash> <code bash>
-openssl req -new -keyout client-req.csr -out client-req.csr -days 365 +openssl genrsa -aes256 -out client.key 4096 
-openssl ca -policy policy_anything -config /etc/ssl/openssl.cnf -out client-cert.pem -infiles client-req.csr +openssl req -nodes -new -sha512 -key client.key -out client.csr 
-openssl pkcs12 -export -in client-cert.pem -inkey client-cert.csr -out client-cert.p12 -name "Client Certificate"+openssl ca -cert ca.crt -keyfile ca.key -out client.crt -in client.csr 
 +openssl pkcs12 -export -inkey client.key -name "Client" -in client.crt -certfile ca.crt -out client.p12
 </code> </code>
  
 VPN Server Certificate: VPN Server Certificate:
 <code bash> <code bash>
-openssl genrsa -des3 -out server.key 4096 +openssl genrsa -aes256 -out server.key 4096 
-openssl req -new -key server.key -out server.csr +openssl req -nodes -new -key server.key -out server.csr 
-openssl x509 -req -days 730 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt -extfile vpn.conf+openssl x509 -sha512 -req -days 730 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt -extfile vpn.conf
 </code> </code>
  
Zeile 32: Zeile 40:
 extendedKeyUsage = serverAuth, 1.3.6.1.5.5.8.2.2 extendedKeyUsage = serverAuth, 1.3.6.1.5.5.8.2.2
 subjectAltName = DNS:vpn.doebl.eu subjectAltName = DNS:vpn.doebl.eu
 +</code>
 +
 +SAN Server Certificate:
 +<code bash>
 +openssl genrsa -aes256 -out server.key 4096
 +openssl req -nodes -new -sha512 -key server.key -out server.csr -config server.conf
 +</code>
 +
 +san.conf:
 +<code txt>
 +[req]
 +distinguished_name = req_distinguished_name
 +req_extensions = v3_req
 +prompt = no
 +[req_distinguished_name]
 +C = EU
 +ST =  
 +L = 
 +O = Doebl
 +OU = WIKI
 +CN = wiki.doebl.eu
 +[v3_req]
 +keyUsage = keyEncipherment, dataEncipherment
 +extendedKeyUsage = serverAuth
 +subjectAltName = @alt_names
 +[alt_names]
 +DNS.1 = wiki.doebl.eu
 +DNS.2 = wiki2.doebl.eu
 </code> </code>
linux/ssl.1389600918.txt.gz · Zuletzt geändert: 2025/01/25 16:55 (Externe Bearbeitung)
Nach oben
CC Attribution-Noncommercial-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0