Creating a CA and certificates

From WilliamsNet Wiki
Revision as of 01:21, 20 June 2021 by DrEdWilliams (talk | contribs)
Jump to navigation Jump to search

Create the CA Key and Certificate: 

openssl genrsa -out WilliamsNetCA.key 2048
openssl req -x509 -new -nodes -key WilliamsNetCA.key -sha256 -days 1825 -out WilliamsNetCA.pem

Create a key for the new cert: 

openssl genrsa -out kibana.key 2048

Create the Certificate Signing Request: 

openssl req -new -key kibana.key -out kibana.csr

Create the file to support the certificate generation (kibana.cnf): 

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = 10.0.0.61
DNS.2 = compute1.williams.localnet
DNS.3 = compute1

Create the certificate: 

openssl x509 -req -in kibana.csr -CA WilliamsNetCA.pem -CAkey WilliamsNetCA.key -CAcreateserial -out kibana.crt -days 9999 -sha256 -extfile kibana.cnf

VAlidating that a key/crt is correct: 

openssl pkey -in privateKey.key -pubout -outform pem | sha256sum
openssl x509 -in certificate.crt -pubkey -noout -outform pem | sha256sum
openssl req -in CSR.csr -pubkey -noout -outform pem | sha256sum
Retrieved from "http://wiki.williams-net.org/index.php?title=Creating_a_CA_and_certificates&oldid=480"