SHARE
TWEET

Commandes

a guest Dec 23rd, 2015 143 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Creation des fichiers index, CRL, et serial
  2. -------------------------------------------
  3. touch certindex
  4. echo 000a > certserial
  5. echo 000a > crlnumber
  6.  
  7.  
  8. -----------
  9. -----CA----
  10. -----------
  11.  
  12. Creation de la CA auto-sign
  13. -----------------------------------
  14. openssl req -config ./openssl.cnf -newkey rsa:2048 -nodes -keyform PEM -keyout ca.key -x509 -days 365 -extensions certauth -outform PEM -out ca.cer
  15.  
  16.  
  17. ---------------
  18. ---SERVEUR-----
  19. ---------------
  20.  
  21.  
  22. Creation de la key du certificat serveur
  23. ----------------------------------------------------
  24. openssl genrsa -out server.key 2048
  25.  
  26.  
  27. Creation de la requete de signature du certificat serveur
  28. ----------------------------------------------------------
  29. openssl req -config ./openssl.cnf -new -key server.key -out server.req
  30.  
  31.  
  32. Signature du certificat server par la CA
  33. ---------------------------------
  34. openssl x509 -req -in server.req -CA ca.cer -CAkey ca.key -set_serial 100 -extfile openssl.cnf -extensions server -days 365 -outform PEM -out server.pem
  35.  
  36.  
  37. ---------------
  38. ---CLIENTS-----
  39. ---------------
  40.  
  41. Creation de la key du certificat client
  42. ----------------------------------------------------
  43. openssl genrsa -out client.key 2048
  44.  
  45.  
  46. Creation de la requete de signature du certificat client
  47. ----------------------------------------------------------
  48. openssl req -config ./openssl.cnf -new -key client.key -out client.req
  49.  
  50.  
  51. Signature du certificat client par la CA
  52. -----------------------------------------
  53. openssl x509 -req -in client.req -CA ca.cer -CAkey ca.key -set_serial 101 -extfile openssl.cnf -extensions client -days 365 -outform PEM -out client.cer
  54.  
  55.  
  56. Conversion certificat client
  57. ----------------------------
  58. openssl pkcs12 -export -inkey client.key -in client.cer -out client.p12
  59.  
  60.  
  61. Creation de la CRL vide
  62. ------------------------
  63. openssl ca -config ./openssl.cnf -gencrl -keyfile ca.key -cert ca.cer -out revoke.crl
  64.  
  65.  
  66. --------------------------------------------
  67. Verification & lecture contenu du certificat
  68. --------------------------------------------
  69. openssl x509 -text -noout < client.cer
  70.  
  71.  
  72. ------------------------------
  73. ------------------------------
  74. Revocation certificat clients
  75. ------------------------------
  76. ------------------------------
  77. openssl ca -config ./openssl.cnf -revoke client.cer -keyfile ca.key -cert ca.cer
  78. openssl ca -config ./openssl.cnf -gencrl -keyfile ca.key -cert ca.cer -out revoke.crl
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top