Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
| Beide Seiten der vorigen RevisionVorhergehende ÜberarbeitungNächste Überarbeitung | Vorhergehende Überarbeitung | ||
| linux:ssl [2015/06/29 13:35] – swordfish | linux:ssl [2025/01/25 16:56] (aktuell) – Externe Bearbeitung 127.0.0.1 | ||
|---|---|---|---|
| Zeile 1: | Zeile 1: | ||
| - | Standard: | + | Standard |
| <code bash> | <code bash> | ||
| - | openssl | + | openssl |
| - | openssl req -new -sha512 -key server.key -out server.csr | + | </ |
| - | openssl rsa -in server.key | + | Standard CSR mit alten Key; |
| - | openssl x509 -in server.csr | + | <code bash> |
| + | openssl req -out server.csr -new -sha512 -key server.key | ||
| + | </ | ||
| + | |||
| + | Self-signed Certificate: | ||
| + | <code bash> | ||
| + | openssl | ||
| </ | </ | ||
| Certificate Authority (CA) Certificate: | Certificate Authority (CA) Certificate: | ||
| <code bash> | <code bash> | ||
| - | openssl genrsa -des3 -out ca.key 4096 | + | openssl genrsa -aes256 |
| openssl req -new -sha512 -key ca.key -out ca.csr | openssl req -new -sha512 -key ca.key -out ca.csr | ||
| - | openssl x509 -req -days 1825 -in ca.csr -signkey ca.key -out ca.crt | + | openssl x509 -sha512 |
| + | openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 365 | ||
| </ | </ | ||
| Client Certificate: | Client Certificate: | ||
| <code bash> | <code bash> | ||
| - | openssl genrsa -des3 -out client.key 4096 | + | openssl genrsa -aes256 |
| - | openssl req -new -sha512 -key client.key -out client.csr | + | openssl req -nodes |
| openssl ca -cert ca.crt -keyfile ca.key -out client.crt -in client.csr | openssl ca -cert ca.crt -keyfile ca.key -out client.crt -in client.csr | ||
| openssl pkcs12 -export -inkey client.key -name " | openssl pkcs12 -export -inkey client.key -name " | ||
| Zeile 24: | Zeile 31: | ||
| VPN Server Certificate: | VPN Server Certificate: | ||
| <code bash> | <code bash> | ||
| - | openssl genrsa -des3 -out server.key 4096 | + | openssl genrsa -aes256 |
| - | openssl req -new -key server.key -out server.csr | + | openssl req -nodes |
| - | openssl x509 -req -days 730 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt -extfile vpn.conf | + | openssl x509 -sha512 |
| </ | </ | ||
| Zeile 37: | Zeile 44: | ||
| SAN Server Certificate: | SAN Server Certificate: | ||
| <code bash> | <code bash> | ||
| - | openssl genrsa -des3 -out server.key 4096 | + | openssl genrsa -aes256 |
| - | openssl req -new -key server.key -out server.csr | + | openssl req -nodes |
| - | openssl | + | |
| </ | </ | ||
| Zeile 46: | Zeile 52: | ||
| [req] | [req] | ||
| distinguished_name = req_distinguished_name | distinguished_name = req_distinguished_name | ||
| - | x509_extensions | + | req_extensions |
| prompt = no | prompt = no | ||
| [req_distinguished_name] | [req_distinguished_name] | ||
| Zeile 53: | Zeile 59: | ||
| L = | L = | ||
| O = Doebl | O = Doebl | ||
| - | OU = VPN | + | OU = WIKI |
| - | CN = vpn.doebl.eu | + | CN = wiki.doebl.eu |
| [v3_req] | [v3_req] | ||
| keyUsage = keyEncipherment, | keyUsage = keyEncipherment, | ||
| Zeile 60: | Zeile 66: | ||
| subjectAltName = @alt_names | subjectAltName = @alt_names | ||
| [alt_names] | [alt_names] | ||
| - | DNS.1 = vpn.doebl.eu | + | DNS.1 = wiki.doebl.eu |
| - | DNS.2 = vpn2.doebl.eu | + | DNS.2 = wiki2.doebl.eu |
| </ | </ | ||
