Inferencium/website
1
0
Fork 0
Code Issues Activity

Update webpage "Documentation - OpenSSL Self-signed Certificate Chain" from version "5.0.0-beta.1" to "5.0.1-beta.1"

Browse Source
This commit is contained in:
inference 2024-03-18 02:51:37 +00:00
parent c2e6de397e
commit 4d05132b2a
Signed by: inference
SSH Key Fingerprint: SHA256:FtEVfx1CmTKMy40VwZvF4k+3TC+QhCWy+EmPRg50Nnc
1 changed files with 146 additions and 127 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

273
documentation/openssl_selfsigned_certificate_chain.xhtml
View File

@ -1,137 +1,156 @@
<!DOCTYPE html> <!DOCTYPE html>
<!-- Inferencium - Website - Documentation - OpenSSL Self-signed Certificate Chain --> <!-- Inferencium - Website - Documentation - OpenSSL Self-signed Certificate Chain -->
<!-- Version: 5.0.0-beta.1 --> <!-- Version: 5.0.1-beta.1 -->
<!-- Copyright 2023 Jake Winters --> <!-- Copyright 2023 Jake Winters -->
<!-- SPDX-License-Identifier: BSD-3-Clause --> <!-- SPDX-License-Identifier: BSD-3-Clause -->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head> <head>
<meta charset="utf-8"/> <meta charset="utf-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1"/> <meta name="viewport" content="width=device-width, initial-scale=1"/>
<link rel="stylesheet" href="../main.css"/> <link rel="stylesheet" href="../main.css"/>
<link rel="icon shortcut" href="../asset/img/logo/inferencium-notext.png"/> <link rel="icon shortcut" href="../asset/img/logo/inferencium-notext.png"/>
<title>Inferencium - Documentation - OpenSSL Self-signed Certificate Chain</title> <title>Inferencium - Documentation - OpenSSL Self-signed Certificate Chain</title>
</head> </head>
<body> <body>
<nav class="navbar"> <nav class="navbar">
<div class="logo"><a href="../index.xhtml"><img src="../asset/img/logo/inferencium-notext.png" alt="Inferencium logo"/></a></div> <div class="logo"><a href="../index.xhtml"><img src="../asset/img/logo/inferencium-notext.png" alt="Inferencium logo"/></a></div>
<div class="title"><a href="../index.xhtml">Inferencium</a></div> <div class="title"><a href="../index.xhtml">Inferencium</a></div>
<div><a href="../about.xhtml">About</a></div> <div><a href="../about.xhtml">About</a></div>
<div><a href="../news.xhtml">News</a></div> <div><a href="../news.xhtml">News</a></div>
<div><a href="../documentation.xhtml">Documentation</a></div> <div><a href="../documentation.xhtml">Documentation</a></div>
<div><a href="../source.xhtml">Source</a></div> <div><a href="../source.xhtml">Source</a></div>
<div><a href="../changelog.xhtml">Changelog</a></div> <div><a href="../changelog.xhtml">Changelog</a></div>
<div><a href="../blog.xhtml">Blog</a></div> <div><a href="../blog.xhtml">Blog</a></div>
<div><a href="../contact.xhtml">Contact</a></div> <div><a href="../contact.xhtml">Contact</a></div>
<div><a href="../directory.xhtml">Directory</a></div> <div><a href="../directory.xhtml">Directory</a></div>
<div><a href="../key.xhtml">Key</a></div> <div><a href="../key.xhtml">Key</a></div>
<div class="sitemap"><a href="../sitemap.xhtml">Sitemap</a></div> <div class="sitemap"><a href="../sitemap.xhtml">Sitemap</a></div>
</nav> </nav>
<h1 id="openssl_selfsigned_certificate_chain"><a href="#openssl_selfsigned_certificate_chain">Documentation - OpenSSL Self-signed Certificate Chain</a></h1> <h1 id="openssl_selfsigned_certificate_chain"><a href="#openssl_selfsigned_certificate_chain">Documentation - OpenSSL Self-signed Certificate Chain</a></h1>
<section id="introduction"> <section id="introduction">
<p>This documentation contains the complete set of commands to create a new OpenSSL <p>This documentation contains the complete set of commands to create a new OpenSSL self-signed
self-signed certificate chain with V3 subjectAltName (SAN) extensions enabled. Multiple certificate chain with V3 subjectAltName (SAN) extensions enabled. Multiple SANs can be included in a
SANs can be included in a certificate by adding each domain as a comma-delimited string. certificate by adding each domain as a comma-delimited string. Each key can be encrypted or unencrypted,
Each key can be encrypted or unencrypted, with multiple encryption options; AES with multiple encryption options; AES (<code>aes128</code> or <code>aes256</code>) is recommended.
(<code>aes128</code> or <code>aes256</code>) is recommended. Optional verification can Optional verification can also be performed between multiple levels of certificates to ensure the chain
also be performed between multiple levels of certificates to ensure the chain of trust of trust is valid.</p>
is valid.</p> <p>This documentation is also available in portable AsciiDoc format in my
<p>This documentation is also available in portable AsciiDoc format in my <a href="https://src.inferencium.net/Inferencium/doc/src/branch/stable/security/openssl_selfsigned_certificate_chain.adoc">documentation source code repository</a>.</p>
<a href="https://src.inferencium.net/Inferencium/doc/src/branch/stable/security/openssl_selfsigned_certificate_chain.adoc">documentation source code repository</a>.</p> </section>
</section> <nav id="toc">
<nav id="toc"> <h2><a href="#toc">Table of Contents</a></h2>
<h2><a href="#toc">Table of Contents</a></h2> <ul>
<ul> <li><a href="#create_certificate_authority_key">Create Certificate Authority Key</a></li>
<li><a href="#create_certificate_authority_key">Create Certificate Authority Key</a></li> <li><a href="#verify_certificate_authority_key">Verify Certificate Authority Key</a></li>
<li><a href="#verify_certificate_authority_key">Verify Certificate Authority Key</a></li> <li><a href="#create_certificate_authority_certificate">Create Certificate Authority Certificate</a></li>
<li><a href="#create_certificate_authority_certificate">Create Certificate Authority Certificate</a></li> <li><a href="#convert_certificate_to_pem_format">Convert Certificate to PEM Format</a></li>
<li><a href="#convert_certificate_to_pem_format">Convert Certificate to PEM Format</a></li> <li><a href="#verify_certificate_authority_certificate">Verify Certificate Authority Certificate</a></li>
<li><a href="#verify_certificate_authority_certificate">Verify Certificate Authority Certificate</a></li> <li><a href="#create_intermediate_certificate_authority_key">Create Intermediate Certificate Authority Key</a></li>
<li><a href="#create_intermediate_certificate_authority_key">Create Intermediate Certificate Authority Key</a></li> <li><a href="#verify_intermediate_certificate_authority_key">Verify Intermediate Certificate Authority Key</a></li>
<li><a href="#verify_intermediate_certificate_authority_key">Verify Intermediate Certificate Authority Key</a></li> <li><a href="#create_intermediate_certificate_authority_signing_request">Create Intermediate Certificate Signing Request</a></li>
<li><a href="#create_intermediate_certificate_authority_signing_request">Create Intermediate Certificate Signing Request</a></li> <li><a href="#create_intermediate_certificate_authority_certificate">Create Intermediate Certificate Authority Certificate</a></li>
<li><a href="#create_intermediate_certificate_authority_certificate">Create Intermediate Certificate Authority Certificate</a></li> <li><a href="#verify_intermediate_certificate_authority_certificate">Verify Intermediate Certificate Authority Certificate</a></li>
<li><a href="#verify_intermediate_certificate_authority_certificate">Verify Intermediate Certificate Authority Certificate</a></li> <li><a href="#verify_chain_of_trust-ca_to_intermediate">Verify Chain of Trust (CA to Intermediate)</a></li>
<li><a href="#verify_chain_of_trust-ca_to_intermediate">Verify Chain of Trust (CA to Intermediate)</a></li> <li><a href="#create_server_key">Create Server Key</a></li>
<li><a href="#create_server_key">Create Server Key</a></li> <li><a href="#verify_server_key">Verify Server Key</a></li>
<li><a href="#verify_server_key">Verify Server Key</a></li> <li><a href="#create_server_certificate_signing_request">Create Server Cerificate Signing Request</a></li>
<li><a href="#create_server_certificate_signing_request">Create Server Cerificate Signing Request</a></li> <li><a href="#create_server_certificate">Create Server Certificate</a></li>
<li><a href="#create_server_certificate">Create Server Certificate</a></li> <li><a href="#verify_server_certificate">Verify Server Certificate</a></li>
<li><a href="#verify_server_certificate">Verify Server Certificate</a></li> <li><a href="#verify_chain_of_trust-intermediate_to_server">Verify Chain of Trust (Intermediate to Server)</a></li>
<li><a href="#verify_chain_of_trust-intermediate_to_server">Verify Chain of Trust (Intermediate to Server)</a></li> </ul>
</ul> </nav>
</nav> <section id="create_certificate_authority_key">
<section id="create_certificate_authority_key"> <h2><a href="#create_certificate_authority_key">Create Certificate Authority Key</a></h2>
<h2><a href="#create_certificate_authority_key">Create Certificate Authority Key</a></h2> <p><code>openssl genrsa <var>&lt;encryption type&gt;</var> -out <var>&lt;CA key name&gt;</var>.pem
<p><code>openssl genrsa <var>&lt;encryption type&gt;</var> -out <var>&lt;CA key name&gt;</var>.pem <var>&lt;key size&gt;</var></code></p> <var>&lt;key size&gt;</var></code></p>
</section> </section>
<section id="verify_certificate_authority_key"> <section id="verify_certificate_authority_key">
<h2><a href="#verify_certificate_authority_key">Verify Certificate Authority Key</a></h2> <h2><a href="#verify_certificate_authority_key">Verify Certificate Authority Key</a></h2>
<p><code>openssl rsa -noout -text -in <var>&lt;CA key name&gt;</var>.pem</code></p> <p><code>openssl rsa -noout -text -in <var>&lt;CA key name&gt;</var>.pem</code></p>
</section> </section>
<section id="create_certificate_authority_certificate"> <section id="create_certificate_authority_certificate">
<h2><a href="#create_certificate_authority_certificate">Create Certificate Authority Certificate</a></h2> <h2><a href="#create_certificate_authority_certificate">Create Certificate Authority Certificate</a></h2>
<p><code>openssl req -new -x509 -days <var>&lt;days of validity&gt;</var> -extensions v3_ca -key <var>&lt;CA key name&gt;</var>.pem -out <var>&lt;CA certificate name&gt;</var>.pem</code></p> <p><code>openssl req -new -x509 -days <var>&lt;days of validity&gt;</var> -extensions v3_ca -key
</section> <var>&lt;CA key name&gt;</var>.pem -out <var>&lt;CA certificate name&gt;</var>.pem</code></p>
<section id="convert_certificate_to_pem_format"> </section>
<h2><a href="#convert_certificate_to_pem_format">Convert Certificate to PEM Format</a></h2> <section id="convert_certificate_to_pem_format">
<p><code>openssl x509 -in <var>&lt;CA certificate name&gt;</var>.pem -out <var>&lt;CA certificate name&gt;</var>.pem -outform PEM</code></p> <h2><a href="#convert_certificate_to_pem_format">Convert Certificate to PEM Format</a></h2>
</section> <p><code>openssl x509 -in <var>&lt;CA certificate name&gt;</var>.pem -out
<section id="verify_certificate_authority_certificate"> <var>&lt;CA certificate name&gt;</var>.pem -outform PEM</code></p>
<h2><a href="#verify_certificate_authority_certificate">Verify Certificate Authority Certificate</a></h2> </section>
<p><code>openssl x509 -noout -text -in <var>&lt;CA certificate name&gt;</var>.pem</code></p> <section id="verify_certificate_authority_certificate">
</section> <h2><a href="#verify_certificate_authority_certificate">Verify Certificate Authority Certificate</a></h2>
<section id="create_intermediate_certificate_authority_key"> <p><code>openssl x509 -noout -text -in <var>&lt;CA certificate name&gt;</var>.pem</code></p>
<h2><a href="#create_intermediate_certificate_authority_key">Create Intermediate Certificate Authority Key</a></h2> </section>
<p><code>openssl genrsa <var>&lt;encryption type&gt;</var> -out <var>&lt;intermediate CA key name&gt;</var>.pem <var>&lt;key size&gt;</var></code></p> <section id="create_intermediate_certificate_authority_key">
</section> <h2><a href="#create_intermediate_certificate_authority_key">Create Intermediate Certificate Authority Key</a></h2>
<section id="verify_intermediate_certificate_authority_key"> <p><code>openssl genrsa <var>&lt;encryption type&gt;</var> -out
<h2><a href="#verify_intermediate_certificate_authority_key">Verify Intermediate Certificate Authority Key</a></h2> <var>&lt;intermediate CA key name&gt;</var>.pem <var>&lt;key size&gt;</var></code></p>
<p><code>openssl rsa -noout -text -in <var>&lt;intermediate CA key name&gt;</var>.pem</code></p> </section>
</section> <section id="verify_intermediate_certificate_authority_key">
<section id="create_intermediate_certificate_authority_signing_request"> <h2><a href="#verify_intermediate_certificate_authority_key">Verify Intermediate Certificate Authority Key</a></h2>
<h2><a href="#create_intermediate_certificate_authority_signing_request">Create Intermediate Certificate Authority Signing Request</a></h2> <p><code>openssl rsa -noout -text -in <var>&lt;intermediate CA key name&gt;</var>.pem</code></p>
<p><code>openssl req -new -sha256 -key <var>&lt;intermediate CA key name&gt;</var>.pem -out <var>&lt;intermediate CA certificate signing request name&gt;</var>.pem</code></p> </section>
</section> <section id="create_intermediate_certificate_authority_signing_request">
<section id="create_intermediate_certificate_authority_certificate"> <h2><a href="#create_intermediate_certificate_authority_signing_request">Create Intermediate Certificate Authority Signing Request</a></h2>
<h2><a href="#create_intermediate_certificate_authority_certificate">Create Intermediate Certificate Authority Certificate</a></h2> <p><code>openssl req -new -sha256 -key <var>&lt;intermediate CA key name&gt;</var>.pem -out
<p><code>openssl ca -config <var>&lt;intermediate CA configuration file&gt;</var> -extensions v3_intermediate_ca -days <var>&lt;days of validity&gt;</var> -notext -md sha256 -in <var>&lt;intermediate CA signing request name&gt;</var>.pem -out <var>&lt;intermediate CA certificate name&gt;</var>.pem</code></p> <var>&lt;intermediate CA certificate signing request name&gt;</var>.pem</code></p>
</section> </section>
<section id="verify_intermediate_certificate_authority_certificate"> <section id="create_intermediate_certificate_authority_certificate">
<h2><a href="#verify_intermediate_certificate_authority_certificate">Verify Intermediate Certificate Authority Certificate</a></h2> <h2><a href="#create_intermediate_certificate_authority_certificate">Create Intermediate Certificate Authority Certificate</a></h2>
<p><code>openssl x509 -noout -text -in <var>&lt;intermediate CA certificate name&gt;</var>.pem</code></p> <p><code>openssl ca -config <var>&lt;intermediate CA configuration file&gt;</var> -extensions
</section> v3_intermediate_ca -days <var>&lt;days of validity&gt;</var> -notext -md sha256 -in
<section id="verify_chain_of_trust-ca_to_intermediate"> <var>&lt;intermediate CA signing request name&gt;</var>.pem -out
<h2><a href="#verify_chain_of_trust-ca_to_intermediate">Verify Chain of Trust (CA to Intermediate)</a></h2> <var>&lt;intermediate CA certificate name&gt;</var>.pem</code></p>
<p><code>openssl verify -CAfile <var>&lt;CA certificate name&gt;</var>.pem <var>&lt;intermediate CA certificate name&gt;</var>.pem</code></p> </section>
</section> <section id="verify_intermediate_certificate_authority_certificate">
<section id="create_server_key"> <h2><a href="#verify_intermediate_certificate_authority_certificate">Verify Intermediate Certificate Authority Certificate</a></h2>
<h2><a href="#create_server_key">Create Server Key</a></h2> <p><code>openssl x509 -noout -text -in
<p><code>openssl genrsa <var>&lt;encryption type&gt;</var> -out <var>&lt;server key name&gt;</var>.pem <var>&lt;key size&gt;</var></code></p> <var>&lt;intermediate CA certificate name&gt;</var>.pem</code></p>
</section> </section>
<section id="verify_server_key"> <section id="verify_chain_of_trust-ca_to_intermediate">
<h2><a href="#verify_server_key">Verify Server Key</a></h2> <h2><a href="#verify_chain_of_trust-ca_to_intermediate">Verify Chain of Trust (CA to Intermediate)</a></h2>
<p><code>openssl rsa -noout -text -in <var>&lt;server key name&gt;</var>.pem</code></p> <p><code>openssl verify -CAfile <var>&lt;CA certificate name&gt;</var>.pem
</section> <var>&lt;intermediate CA certificate name&gt;</var>.pem</code></p>
<section id="create_server_certificate_signing_request"> </section>
<h2><a href="#create_server_certificate_signing_request">Create Server Certificate Signing Request</a></h2> <section id="create_server_key">
<p><code>openssl req -new -sha256 -subj "/C=<var>&lt;country&gt;</var>/ST=<var>&lt;state/province&gt;</var>/L=<var>&lt;locality&gt;</var>/O=<var>&lt;organization&gt;</var>/CN=<var>&lt;common name&gt;</var>" -addext "subjectAltName = DNS.1:<var>&lt;alternative DNS entry&gt;</var>" -key <var>&lt;server key name&gt;</var>.pem -out <var>&lt;server certificate signing request name&gt;</var>.pem</code></p> <h2><a href="#create_server_key">Create Server Key</a></h2>
</section> <p><code>openssl genrsa <var>&lt;encryption type&gt;</var> -out
<section id="create_server_certificate"> <var>&lt;server key name&gt;</var>.pem <var>&lt;key size&gt;</var></code></p>
<h2><a href="#create_server_certificate">Create Server Certificate</a></h2> </section>
<p><code>openssl x509 -sha256 -req -days <var>&lt;days of validity&gt;</var> -in <var>&lt;server certificate signing request name&gt;</var>.pem -CA <var>&lt;intermediate CA certificate name&gt;</var>.pem -CAkey <var>&lt;intermediate CA key name&gt;</var>.pem -extensions SAN -extfile &lt;(cat /etc/ssl/openssl.cnf &lt;(printf "\n[SAN]\nsubjectAltName=DNS.1:")) -out <var>&lt;server certificate name&gt;</var>.pem</code></p> <section id="verify_server_key">
</section> <h2><a href="#verify_server_key">Verify Server Key</a></h2>
<section id="verify_server_certificate"> <p><code>openssl rsa -noout -text -in <var>&lt;server key name&gt;</var>.pem</code></p>
<h2><a href="#verify_server_certificate">Verify Server Certificate</a></h2> </section>
<p><code>openssl x509 -noout -text -in <var>&lt;server certificate name&gt;</var>.pem</code></p> <section id="create_server_certificate_signing_request">
</section> <h2><a href="#create_server_certificate_signing_request">Create Server Certificate Signing Request</a></h2>
<section id="verify_chain_of_trust-intermediate_to_server"> <p><code>openssl req -new -sha256 -subj "/C=<var>&lt;country&gt;</var>/ST=<var>&lt;state/province&gt;</var>/L=<var>&lt;locality&gt;</var>/O=<var>&lt;organization&gt;</var>/CN=<var>&lt;common name&gt;</var>"
<h2><a href="#verify_chain_of_trust-intermediate_to_server">Verify Chain of Trust (Intermediate to Server)</a></h2> -addext "subjectAltName = DNS.1:<var>&lt;alternative DNS entry&gt;</var>" -key
<p><code>openssl verify -CAfile <var>&lt;intermediate CA certificate name&gt;</var>.pem <var>&lt;server certificate&gt;</var>.pem</code></p> <var>&lt;server key name&gt;</var>.pem -out
</section> <var>&lt;server certificate signing request name&gt;</var>.pem</code></p>
<div class="sitemap-small"><a href="../sitemap.xhtml">Sitemap</a></div> </section>
</body> <section id="create_server_certificate">
<h2><a href="#create_server_certificate">Create Server Certificate</a></h2>
<p><code>openssl x509 -sha256 -req -days <var>&lt;days of validity&gt;</var> -in
<var>&lt;server certificate signing request name&gt;</var>.pem -CA
<var>&lt;intermediate CA certificate name&gt;</var>.pem -CAkey
<var>&lt;intermediate CA key name&gt;</var>.pem -extensions SAN -extfile &lt;(cat
/etc/ssl/openssl.cnf &lt;(printf "\n[SAN]\nsubjectAltName=DNS.1:")) -out
<var>&lt;server certificate name&gt;</var>.pem</code></p>
</section>
<section id="verify_server_certificate">
<h2><a href="#verify_server_certificate">Verify Server Certificate</a></h2>
<p><code>openssl x509 -noout -text -in <var>&lt;server certificate name&gt;</var>.pem</code></p>
</section>
<section id="verify_chain_of_trust-intermediate_to_server">
<h2><a href="#verify_chain_of_trust-intermediate_to_server">Verify Chain of Trust (Intermediate to Server)</a></h2>
<p><code>openssl verify -CAfile <var>&lt;intermediate CA certificate name&gt;</var>.pem
<var>&lt;server certificate&gt;</var>.pem</code></p>
</section>
<div class="sitemap-small"><a href="../sitemap.xhtml">Sitemap</a></div>
</body>
</html> </html>