Creating a CA and certificates: Difference between revisions
Jump to navigation
Jump to search
DrEdWilliams (talk | contribs) (Created page with "Create the CA Key and Certificate: openssl genrsa -out WilliamsNetCA.key 2048 openssl req -x509 -new -nodes -key WilliamsNetCA.key -sha256 -days 1825 -out WilliamsNetCA.pem...") |
DrEdWilliams (talk | contribs) mNo edit summary |
||
| Line 3: | Line 3: | ||
openssl genrsa -out WilliamsNetCA.key 2048 | openssl genrsa -out WilliamsNetCA.key 2048 | ||
openssl req -x509 -new -nodes -key WilliamsNetCA.key -sha256 -days 1825 -out WilliamsNetCA.pem | openssl req -x509 -new -nodes -key WilliamsNetCA.key -sha256 -days 1825 -out WilliamsNetCA.pem | ||
Create a key for the new cert: | |||
openssl genrsa -out kibana.key 2048 | |||
Create the Certificate Signing Request: | Create the Certificate Signing Request: | ||
Revision as of 01:21, 20 June 2021
Create the CA Key and Certificate:
openssl genrsa -out WilliamsNetCA.key 2048 openssl req -x509 -new -nodes -key WilliamsNetCA.key -sha256 -days 1825 -out WilliamsNetCA.pem
Create a key for the new cert:
openssl genrsa -out kibana.key 2048
Create the Certificate Signing Request:
openssl req -new -key kibana.key -out kibana.csr
Create the file to support the certificate generation (kibana.cnf):
authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment subjectAltName = @alt_names [alt_names] DNS.1 = 10.0.0.61 DNS.2 = compute1.williams.localnet DNS.3 = compute1
Create the certificate:
openssl x509 -req -in kibana.csr -CA WilliamsNetCA.pem -CAkey WilliamsNetCA.key -CAcreateserial -out kibana.crt -days 9999 -sha256 -extfile kibana.cnf
VAlidating that a key/crt is correct:
openssl pkey -in privateKey.key -pubout -outform pem | sha256sum openssl x509 -in certificate.crt -pubkey -noout -outform pem | sha256sum openssl req -in CSR.csr -pubkey -noout -outform pem | sha256sum