Pages

openssl komande

Komande za generisanje zahteva i potpisivanje

1. Generisanje privatnog RSA ključa:

openssl genrsa -out nazivservera.key.pem 2048

2. Generisanje zahteva na osnovu privatnog ključa:

openssl req -new -config openssl.cnf -key nazivservera.key.pem -out nazivservera.csr

3. Potpisivanje certifikata:

openssl ca -config openssl.cnf -extensions server_cert -days 356 -in nazivservera.csr -out nazivservera.cer

------------------------------------------------------------------------------------

Komande za proveru certifikata, zahteva i ključa

Provera CSR zahteva

openssl req -text -noout -verify -in CSR.csr

Provera privatnog ključa

openssl rsa -in privateKey.key -check

Provera certifikata

openssl x509 -in certificate.crt -text -noout

Provera PKCS#12 (.pfx or .p12)

openssl pkcs12 -info -in keyStore.p12

---------------------------------------------------------------------------------

Kreiranje Root CA 

1. Generisasnje ROOT kljuca

openssl genrsa -aes256 -out private/ca.key.pem 4096

2. Generisanje ROOT sertifikata:

openssl req -new -x509 -days 10000 -sha256 -extensions v3_ca -config openssl.cnf -key private/ca.key.pem -out certs/ca.cert.pem
-----------------------------------------------------------------------------------
Obustava izdatih certifikata
Pregled izdatih certifikata:
cat newcerts/serial

Komanda za povlačenje certifikata:
openssl ca -config openssl.cnf -revoke /newcerts/1013.pem
------------------------------------------------------------------------------
Konvertovanje iz cer u crt
openssl x509 -inform PEM -in <filepath>/certificate.cer -out certificate.crt
------------------------------------------------------------------------------
Generisanje CSR zahteva i ključa jednom komandom

openssl req -new -sha256 -nodes -out nazivservera.csr -newkey rsa:2048 -keyout nazivservera.key -config <(
cat <<-EOF
[req]
default_bits = 2048
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn

[ dn ]
C=RS
ST=Serbia
L=Belgrade
O=Firma
emailAddress=email@domen.com
CN = nazivservera.com

[ req_ext ]
subjectAltName = @alt_names

[ alt_names ]
DNS.1 = nazivservera.com
DNS.2 = nazivservera.rs
EOF
)
----------------------------------------------------------------------


Nema komentara:

Objavi komentar

Pretplati se na: Objavi komentare (Atom)