Last active 3 hours ago

Revision 5aaf33b12877a8854d8347028b96040a6bc37377

openssl_tricks.md Raw

Request, create and verify new certificates

Prerequisite: Have a collection of openssl.conf files named as their hostname, eg

  • gw1.conf
  • gw2.conf
  • lb1.conf

Create new passwords for every conf:

for i in *.conf; do openssl rand -base64 32 > ${i%.conf}.pass; done

Create new key files with passwords from file:

for i in *.conf; do openssl genrsa -aes256 -passout file:${%i.conf}.pass -out ${i%.conf}.key 2048; done

Create CSRs:

for i in *.conf; do openssl req -new -key ${i%.conf}.key -passin file:${i%.conf}.pass -out ${i%.conf}.csr -config $i; done

Then with with the CER (created/received):

Create PEM from CER+KEY:

for i in *.cer; do cat $i ${i%.cer}.key > ${i%.cer}.pem; done

Verify each PEM against CA:

for i in *.pem; do openssl verify -verbose -x509_strict -CAfile ca.pem $i; done