From 1fc4e41d05ccccdddd802ef36a5d87fe86448c58 Mon Sep 17 00:00:00 2001 From: inference Date: Thu, 1 Jun 2023 16:54:20 +0100 Subject: [PATCH] Update OpenSSL Self-signed Certificate Chain documentation from version 0.0.2.11 to 0.0.3.12. --- .../openssl_selfsigned_certificate_chain.adoc | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/security/openssl_selfsigned_certificate_chain.adoc b/security/openssl_selfsigned_certificate_chain.adoc index 8f3688c..514ecd3 100644 --- a/security/openssl_selfsigned_certificate_chain.adoc +++ b/security/openssl_selfsigned_certificate_chain.adoc @@ -1,6 +1,6 @@ = OpenSSL Self-signed Certificate Chain -Version: 0.0.2.11 +Version: 0.0.3.12 This documentation contains the complete set of commands to create a new OpenSSL self-signed @@ -12,52 +12,69 @@ chain of trust is valid. == Create Certificate Authority Key + `openssl genrsa -aes256 -out ca-key.pem 4096` == Verify Certificate Authority Key + `openssl rsa -noout -text -in ca-key.pem` == Create Certificate Authority Certificate + `openssl req -new -x509 -days 3653 -extensions v3_ca -key ca-key.pem -out ca-crt.pem` == Convert Certificate to PEM Format + `openssl x509 -in ca-crt.pem -out ca-crt.pem -outform PEM` == Verify Certificate Authority Certificate + `openssl x509 -noout -text -in ca-crt.pem` == Create Intermediate Certificate Authority Key + `openssl genrsa -aes256 -out intermediate-key.pem 4096` == Verify Intermediate Certificate Authority Key + `openssl rsa -noout -text -in intermediate-key.pem` == Create Intermediate Certificate Signing Request + `openssl req -new -sha256 -key intermediate-key.pem -out intermediate-csr.pem` == Create Intermediate Certificate Authority Certificate + `openssl ca -config intermediate.conf -extensions v3_intermediate_ca -days 1096 -notext -md sha256 -in intermediate-csr.pem -out intermediate-crt.pem` == Verify Intermediate Certificate Authority Certificate + `openssl x509 -noout -text -in intermediate-crt.pem` == Verify Chain of Trust (CA to Intermediate) + `openssl verify -CAfile ca-crt.pem intermediate-crt.pem` == Create Server Key + `openssl genrsa -aes256 -out server-key.pem 2048` == Verify Server Key + `openssl rsa -noout -text -in server-key.pem` == Create Server Cerificate Signing Request + `openssl req -new -sha256 -subj "/C=/ST=/L=/O=/CN=" -addext "subjectAltName = DNS.1:" -key server-key.pem -out server-csr.pem` == Create Server Certificate + `openssl x509 -sha256 -req -days 365 -in server-csr.pem -CA intermediate-crt.pem -CAkey intermediate-key.pem -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS.1:")) -out server-crt.pem` == Verify Server Certificate + `openssl x509 -noout -text -in server-crt.pem` == Verify Chain of Trust (Intermediate to Server) + `openssl verify -CAfile intermediate-crt.pem server-crt.pem`