Generating SSL

De wiki-fabmstic
Aller à la navigation Aller à la recherche

Generate root certificate authority

Create a script genRootCA.sh and run it 

#!/bin/bash

openssl genrsa -out rootCA.key 2048
# Change O field by your organisation
# OU and CN by your Organizational unit
# emailAddress by your email
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.crt \
 -subj '/C=FR/ST=Is\xC3\x83\xC2\xA8re/L=Grenoble/O=LIG/OU=FabMSTIC/CN=FabMSTIC/emailAddress=fabmstic.lig@gmail.com'
sudo rootCA.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates

Generate site certificate

Create a script genSiteCertificate.sh and run it with the FQDN as argument 

#!/bin/bash

openssl genrsa -out device.key 2048
# Change O field by your organisation
# OU and CN by your Organizational unit
# emailAddress by your email
openssl req -new -key device.key -out device.csr -subj '/C=FR/ST=Is\xC3\x83\xC2\xA8re/L=Grenoble/O=LIG/OU=FabMSTIC/CN='"$1"'/emailAddress=fabmstic.lig@gmail.com'
openssl x509 -req -in device.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out device.crt -days 500 -sha256
Récupérée de « https://wiki-fabmstic.imag.fr/index.php?title=Generating_SSL&oldid=39 »