Creating a CA and certificates: Difference between revisions
Jump to navigation
Jump to search
DrEdWilliams (talk | contribs) mNo edit summary |
DrEdWilliams (talk | contribs) mNo edit summary |
||
| Line 1: | Line 1: | ||
from: | |||
https://deliciousbrains.com/ssl-certificate-authority-for-local-https-development/ | |||
Create the CA Key and Certificate: | Create the CA Key and Certificate: | ||
Revision as of 12:49, 20 June 2021
from:
https://deliciousbrains.com/ssl-certificate-authority-for-local-https-development/
Create the CA Key and Certificate:
openssl genrsa -out WilliamsNetCA.key 2048 openssl req -x509 -new -nodes -key WilliamsNetCA.key -sha256 -days 1825 -out WilliamsNetCA.pem
Create a key for the new cert:
openssl genrsa -out kibana.key 2048
Create the Certificate Signing Request:
openssl req -new -key kibana.key -out kibana.csr
Create the file to support the certificate generation (kibana.cnf):
authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment subjectAltName = @alt_names [alt_names] DNS.1 = 10.0.0.61 DNS.2 = compute1.williams.localnet DNS.3 = compute1
Create the certificate:
openssl x509 -req -in kibana.csr -CA WilliamsNetCA.pem -CAkey WilliamsNetCA.key -CAcreateserial -out kibana.crt -days 9999 -sha256 -extfile kibana.cnf
VAlidating that a key/crt is correct:
openssl pkey -in privateKey.key -pubout -outform pem | sha256sum openssl x509 -in certificate.crt -pubkey -noout -outform pem | sha256sum openssl req -in CSR.csr -pubkey -noout -outform pem | sha256sum