Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- cert-tool --create-ca=root-ca --signing-ca=self --combined
- cert-tool --create-ca=mid-ca --signing-ca=root-ca.pem --signing-key=root-ca.pem --combined
- cert-tool --create-ca=mid-ca --signing-ca=root-ca.pem --signing-key=root-ca.pem --combined
- cert-tool --create-cert=end --signing-ca=mid-ca.pem --signing-key=mid-ca.pem --combined
- ############################################################################################
- # create the root-ca
- ./cert-tool --create-ca=root-ca --signing-ca=self --combined
- /usr/bin/openssl genrsa -rand /usr/local/cert-tool/etc/cert-tool.rand \
- -out root-ca.key.pem 1024
- /usr/bin/openssl req -config openssl.conf -new -x509 -days 730 \
- -key root-ca.key.pem -set_serial 0x0 -out root-ca.cert.pem
- #or
- /usr/bin/openssl req -config openssl.conf -new -x509 -days 730 \
- -key root-ca.key.pem -set_serial 0x0 -out root-ca.cert.pem
- ############################################################################################
- # create a mid-ca
- ./cert-tool --create-ca=mid-ca --signing-ca=root-ca.pem --signing-key=root-ca.pem --combined
- /usr/bin/openssl req -config openssl.conf -new -key mid-ca.key.pem -out mid-ca.csr
- /usr/bin/openssl ca -batch -config openssl.conf -extensions cert_tool_x509_ca_ext \
- -policy cert_tool_ca_policy -cert root-ca.pem -keyfile root-ca.pem \
- -in mid-ca.csr -out mid-ca.cert.pem
- ############################################################################################
- # create a cert and sign with mid-ca
- ./cert-tool --create-cert=end --signing-ca=mid-ca.pem --signing-key=mid-ca.pem --combined
- /usr/bin/openssl genrsa -rand /usr/local/cert-tool/etc/cert-tool.rand -out end.key.pem 1024
- /usr/bin/openssl req -config /usr/local/cert-tool/etc/cert-tool.conf -new \
- -key end.key.pem -out end.csr
- /usr/bin/openssl ca -batch -config /usr/local/cert-tool/etc/cert-tool.conf \
- -cert mid-ca.pem -keyfile mid-ca.pem -out end.cert.pem -in end.csr
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement