Creating a CA and certificates: Difference between revisions

Revision as of 18:13, 20 June 2021

from:

https://deliciousbrains.com/ssl-certificate-authority-for-local-https-development/

Create the CA Key and Certificate:

openssl genrsa -out WilliamsNetCA.key 2048
openssl req -x509 -new -nodes -key WilliamsNetCA.key -sha256 -days 1825 -out WilliamsNetCA.pem

Create a key for the new cert:

openssl genrsa -out kibana.key 2048

Create the Certificate Signing Request:

openssl req -new -key kibana.key -out kibana.csr

Create the file to support the certificate generation (kibana.cnf):

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = 10.0.0.61
DNS.2 = compute1.williams.localnet
DNS.3 = compute1

Create the certificate:

openssl x509 -req -in kibana.csr -CA WilliamsNetCA.pem -CAkey WilliamsNetCA.key -CAcreateserial -out kibana.crt -days 9999 -sha256 -extfile kibana.cnf

Create a PKCS8 format key if needed:

openssl pkcs8 -inform PEM -outform PEM -in node-1-admin.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out node-1-admin-key.pem

VAlidating that a key/crt is correct:

openssl pkey -in privateKey.key -pubout -outform pem | sha256sum
openssl x509 -in certificate.crt -pubkey -noout -outform pem | sha256sum
openssl req -in CSR.csr -pubkey -noout -outform pem | sha256sum

@@ Line 28: / Line 28: @@
 Create the certificate:
   openssl x509 -req -in kibana.csr -CA WilliamsNetCA.pem -CAkey WilliamsNetCA.key -CAcreateserial -out kibana.crt -days 9999 -sha256 -extfile kibana.cnf
+Create a PKCS8 format key if needed:
+ openssl pkcs8 -inform PEM -outform PEM -in node-1-admin.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out node-1-admin-key.pem
 VAlidating that a key/crt is correct:

Creating a CA and certificates: Difference between revisions

Revision as of 18:13, 20 June 2021

Navigation menu