Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Creation des fichiers index, CRL, et serial
- -------------------------------------------
- touch certindex
- echo 000a > certserial
- echo 000a > crlnumber
- -----------
- -----CA----
- -----------
- Creation de la CA auto-sign
- -----------------------------------
- openssl req -config ./openssl.cnf -newkey rsa:2048 -nodes -keyform PEM -keyout ca.key -x509 -days 365 -extensions certauth -outform PEM -out ca.cer
- ---------------
- ---SERVEUR-----
- ---------------
- Creation de la key du certificat serveur
- ----------------------------------------------------
- openssl genrsa -out server.key 2048
- Creation de la requete de signature du certificat serveur
- ----------------------------------------------------------
- openssl req -config ./openssl.cnf -new -key server.key -out server.req
- Signature du certificat server par la CA
- ---------------------------------
- openssl x509 -req -in server.req -CA ca.cer -CAkey ca.key -set_serial 100 -extfile openssl.cnf -extensions server -days 365 -outform PEM -out server.pem
- ---------------
- ---CLIENTS-----
- ---------------
- Creation de la key du certificat client
- ----------------------------------------------------
- openssl genrsa -out client.key 2048
- Creation de la requete de signature du certificat client
- ----------------------------------------------------------
- openssl req -config ./openssl.cnf -new -key client.key -out client.req
- Signature du certificat client par la CA
- -----------------------------------------
- openssl x509 -req -in client.req -CA ca.cer -CAkey ca.key -set_serial 101 -extfile openssl.cnf -extensions client -days 365 -outform PEM -out client.cer
- Conversion certificat client
- ----------------------------
- openssl pkcs12 -export -inkey client.key -in client.cer -out client.p12
- Creation de la CRL vide
- ------------------------
- openssl ca -config ./openssl.cnf -gencrl -keyfile ca.key -cert ca.cer -out revoke.crl
- --------------------------------------------
- Verification & lecture contenu du certificat
- --------------------------------------------
- openssl x509 -text -noout < client.cer
- ------------------------------
- ------------------------------
- Revocation certificat clients
- ------------------------------
- ------------------------------
- openssl ca -config ./openssl.cnf -revoke client.cer -keyfile ca.key -cert ca.cer
- openssl ca -config ./openssl.cnf -gencrl -keyfile ca.key -cert ca.cer -out revoke.crl
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement