Guest User

Commandes

a guest
Dec 23rd, 2015
248
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Creation des fichiers index, CRL, et serial
  2. -------------------------------------------
  3. touch certindex
  4. echo 000a > certserial
  5. echo 000a > crlnumber
  6.  
  7.  
  8. -----------
  9. -----CA----
  10. -----------
  11.  
  12. Creation de la CA auto-sign
  13. -----------------------------------
  14. openssl req -config ./openssl.cnf -newkey rsa:2048 -nodes -keyform PEM -keyout ca.key -x509 -days 365 -extensions certauth -outform PEM -out ca.cer
  15.  
  16.  
  17. ---------------
  18. ---SERVEUR-----
  19. ---------------
  20.  
  21.  
  22. Creation de la key du certificat serveur
  23. ----------------------------------------------------
  24. openssl genrsa -out server.key 2048
  25.  
  26.  
  27. Creation de la requete de signature du certificat serveur
  28. ----------------------------------------------------------
  29. openssl req -config ./openssl.cnf -new -key server.key -out server.req
  30.  
  31.  
  32. Signature du certificat server par la CA
  33. ---------------------------------
  34. openssl x509 -req -in server.req -CA ca.cer -CAkey ca.key -set_serial 100 -extfile openssl.cnf -extensions server -days 365 -outform PEM -out server.pem
  35.  
  36.  
  37. ---------------
  38. ---CLIENTS-----
  39. ---------------
  40.  
  41. Creation de la key du certificat client
  42. ----------------------------------------------------
  43. openssl genrsa -out client.key 2048
  44.  
  45.  
  46. Creation de la requete de signature du certificat client
  47. ----------------------------------------------------------
  48. openssl req -config ./openssl.cnf -new -key client.key -out client.req
  49.  
  50.  
  51. Signature du certificat client par la CA
  52. -----------------------------------------
  53. openssl x509 -req -in client.req -CA ca.cer -CAkey ca.key -set_serial 101 -extfile openssl.cnf -extensions client -days 365 -outform PEM -out client.cer
  54.  
  55.  
  56. Conversion certificat client
  57. ----------------------------
  58. openssl pkcs12 -export -inkey client.key -in client.cer -out client.p12
  59.  
  60.  
  61. Creation de la CRL vide
  62. ------------------------
  63. openssl ca -config ./openssl.cnf -gencrl -keyfile ca.key -cert ca.cer -out revoke.crl
  64.  
  65.  
  66. --------------------------------------------
  67. Verification & lecture contenu du certificat
  68. --------------------------------------------
  69. openssl x509 -text -noout < client.cer
  70.  
  71.  
  72. ------------------------------
  73. ------------------------------
  74. Revocation certificat clients
  75. ------------------------------
  76. ------------------------------
  77. openssl ca -config ./openssl.cnf -revoke client.cer -keyfile ca.key -cert ca.cer
  78. openssl ca -config ./openssl.cnf -gencrl -keyfile ca.key -cert ca.cer -out revoke.crl
RAW Paste Data