Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Example scripts to create certificate chain with OpenSSL
- I developed some examples of scripts to create certificates and keys by OpenSSL. It was tested on OpenSSL 1.1.0.
- Important: the self-signed certificates must be used only for internal and development purposes.
- Below you can find scripts to create:
- CA certificate
- Intermediary CA Certificate
- Server Certificate (signed by CA)
- Server Certificate (signed by Intermediary CA)
- Client Certificate (signed by CA)
- Client Certificate (signed by Intermediary CA)
- Script Openssl Certificate
- #Generate CA Certificate
- #Generate private Key
- openssl genrsa -out CA.key 2048
- #Generate CA CSR
- openssl req -new -sha256 -key CA.key -out CA.csr -subj "/C=BR/ST=SAO PAULO/L=SAO PAULO/O=AXWAY/CN=CA CERTIFICATE"
- #Generate CA Certificate (10 years)
- openssl x509 -signkey CA.key -in CA.csr -req -days 3650 -out CA.pem
- #--------------------------------------------------------------------------------------
- #Generate Intermediary CA Certificate
- #Generate private Key
- openssl genrsa -out CA_Intermediary.key 2048
- #Create Intermediary CA CSR
- openssl req -new -sha256 -key CA_Intermediary.key -out CA_Intermediary.csr -subj "/C=BR/ST=SAO PAULO/L=SAO PAULO/O=AXWAY/CN=CA INTERMEDIARY CERTIFICATE"
- #Generate Server Certificate (10 years)
- openssl x509 -req -in CA_Intermediary.csr -CA CA.pem -CAkey CA.key -CAcreateserial -out CA_Intermediary.crt -days 3650 -sha256
- #--------------------------------------------------------------------------------------
- #Generate Server Certificate signed by CA
- #Generate private Key
- openssl genrsa -out ServerCert_signedByCA.key 2048
- #Create Server CSR
- openssl req -new -sha256 -key ServerCert_signedByCA.key -out ServerCert_signedByCA.csr -subj "/C=BR/ST=SAO PAULO/L=SAO PAULO/O=AXWAY/CN=axway.lab/subjectAltName=DNS.1=axway.lab,DNS.2=your-alt-name"
- #Generate Server Certificate
- openssl x509 -req -in ServerCert_signedByCA.csr -CA CA.pem -CAkey CA.key -CAcreateserial -out ServerCert_signedByCA.crt -days 3650 -sha256
- #View Certificate
- openssl x509 -text -noout -in ServerCert_signedByCA.crt
- #--------------------------------------------------------------------------------------
- #Generate Server Certificate signed by Intermediary CA
- #Generate private Key
- openssl genrsa -out ServerCert_signedByCAIntermediary.key 2048
- #Create Server CSR
- openssl req -new -sha256 -key ServerCert_signedByCAIntermediary.key -out ServerCert_signedByCAIntermediary.csr -subj "/C=BR/ST=SAO PAULO/L=SAO PAULO/O=AXWAY/CN=localhost/subjectAltName=DNS.1=axway.lab,DNS.2=your-alt-name"
- #Generate Server Certificate
- openssl x509 -req -in ServerCert_signedByCAIntermediary.csr -CA CA.pem -CAkey CA.key -CAcreateserial -out ServerCert_signedByCAIntermediary.crt -days 3650 -sha256
- #View Certificate
- openssl x509 -text -noout -in ServerCert_signedByCAIntermediary.crt
- #--------------------------------------------------------------------------------------
- #Generate Client Certificate signed by CA
- #Generate private Key
- openssl genrsa -out ClientCert_signedByCA.key 2048
- #Create Client CSR
- openssl req -new -sha256 -key ClientCert_signedByCA.key -out ClientCert_signedByCA.csr -subj "/C=BR/ST=SAO PAULO/L=SAO PAULO/O=AXWAY/CN=client"
- #Generate Client Certificate
- openssl x509 -req -in ClientCert_signedByCA.csr -CA CA.pem -CAkey CA.key -CAcreateserial -out ClientCert_signedByCA.crt -days 3650 -sha256
- #View Certificate
- openssl x509 -text -noout -in ClientCert_signedByCA.crt
- #--------------------------------------------------------------------------------------
- #Generate Client Certificate signed by Intermediary CA
- #Generate private Key
- openssl genrsa -out ClientCert_signedByCAIntermediary.key 2048
- #Create Client CSR
- openssl req -new -sha256 -key ClientCert_signedByCAIntermediary.key -out ClientCert_signedByCAIntermediary.csr -subj "/C=BR/ST=SAO PAULO/L=SAO PAULO/O=AXWAY/CN=clientCA_Intermediary"
- #Generate Client Certificate
- openssl x509 -req -in ClientCert_signedByCAIntermediary.csr -CA CA_Intermediary.crt -CAkey CA_Intermediary.key -CAcreateserial -out ClientCert_signedByCAIntermediary.crt -days 3650 -sha256
- #View Certificate
- openssl x509 -text -noout -in ClientCert_signedByCAIntermediary.crt
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement