Generating SSL

De wiki-fabmstic
Révision datée du 1 mai 2017 à 19:01 par Germain (discussion | contributions) (Page créée avec « =Generate root certificate authority= Create a script genRootCA.sh and run it <pre> #!/bin/bash openssl genrsa -out rootCA.key 2048 # Change O field by your organisation... »)
(diff) ← Version précédente | Voir la version actuelle (diff) | Version suivante → (diff)
Aller à la navigation Aller à la recherche

Generate root certificate authority

Create a script genRootCA.sh and run it 

#!/bin/bash

openssl genrsa -out rootCA.key 2048
# Change O field by your organisation
# OU and CN by your Organizational unit
# emailAddress by your email
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.crt \
 -subj '/C=FR/ST=Is\xC3\x83\xC2\xA8re/L=Grenoble/O=LIG/OU=FabMSTIC/CN=FabMSTIC/emailAddress=fabmstic.lig@gmail.com'
sudo rootCA.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates

Generate site certificate

Create a script genSiteCertificate.sh and run it with the FQDN as argument 

#!/bin/bash

openssl genrsa -out device.key 2048
# Change O field by your organisation
# OU and CN by your Organizational unit
# emailAddress by your email
openssl req -new -key device.key -out device.csr -subj '/C=FR/ST=Is\xC3\x83\xC2\xA8re/L=Grenoble/O=LIG/OU=FabMSTIC/CN='"$1"'/emailAddress=fabmstic.lig@gmail.com'
openssl x509 -req -in device.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out device.crt -days 500 -sha256
Récupérée de « https://wiki-fabmstic.imag.fr/index.php?title=Generating_SSL&oldid=39 »