![]() Please enter the following 'extra' attributes Openssl req -new -key ia.key -out ia.csr You are about to be asked to enter information that will be incorporatedĬommon Name (eg, your name or your server's hostname) :Didier Stevens IA Then, request a certificate for this subordinate CA: ![]() ![]() Openssl genrsa -out ia.key 4096 Generating RSA private key, 4096 bit long modulus Next step: create our subordinate CA that will be used for the actual signing. 1826 days gives us a cert valid for 5 years. The -x509 option is used for a self-signed certificate. Organizational Unit Name (eg, section) :Ĭommon Name (eg, your name or your server's hostname) :Didier Stevens CA Organization Name (eg, company) :Didier Stevens State or Province Name (full name) :Brussels If you enter '.', the field will be left blank. There are quite a few fields but you can leave some blankįor some fields there will be a default value, What you are about to enter is what is called a Distinguished Name or a DN. Openssl req -new -x509 -days 1826 -key ca.key -out ca.crt You are about to be asked to enter information that will be incorporated ![]() Next, we create our self-signed root CA certificate ca.crt you’ll need to provide an identity for your root CA: If you want to password-protect this key, add option -des3. Openssl genrsa -out ca.key 4096 Generating RSA private key, 4096 bit long modulus But creating a CRL file requires more steps, that’s why I needed this howto. The start of this howto is the same as my previous howto.įirst we generate a 4096-bit long RSA key for our root CA and store it in file ca.key: I used instructions from this post.Īdding a CRL extension to a certificate is not difficult, you just need to include a configuration file with one line. This time, I needed a signing cert with a Certificate Revocation List (CRL) extension and an (empty) CRL. Here is a variant to my “Howto: Make Your Own Cert With OpenSSL” method. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |