openssl_tricks.md
· 867 B · Markdown
Raw
## Request, create and verify new certificates
**Prerequisite**:
Have a collection of `openssl.conf` files named as their hostname, eg
- gw1.conf
- gw2.conf
- lb1.conf
Create new passwords for every conf:
```sh
for i in *.conf; do openssl rand -base64 32 > ${i%.conf}.pass; done
```
Create new key files with passwords from file:
```sh
for i in *.conf; do openssl genrsa -aes256 -passout file:${%i.conf}.pass -out ${i%.conf}.key 2048; done
```
Create CSRs:
```sh
for i in *.conf; do openssl req -new -key ${i%.conf}.key -passin file:${i%.conf}.pass -out ${i%.conf}.csr -config $i; done
```
### Then with with the CER (created/received):
Create PEM from CER+KEY:
```sh
for i in *.cer; do cat $i ${i%.cer}.key > ${i%.cer}.pem; done
```
Verify each PEM against CA:
```sh
for i in *.pem; do openssl verify -verbose -x509_strict -CAfile ca.pem $i; done
```
Request, create and verify new certificates
Prerequisite:
Have a collection of openssl.conf files named as their hostname, eg
- gw1.conf
- gw2.conf
- lb1.conf
Create new passwords for every conf:
for i in *.conf; do openssl rand -base64 32 > ${i%.conf}.pass; done
Create new key files with passwords from file:
for i in *.conf; do openssl genrsa -aes256 -passout file:${%i.conf}.pass -out ${i%.conf}.key 2048; done
Create CSRs:
for i in *.conf; do openssl req -new -key ${i%.conf}.key -passin file:${i%.conf}.pass -out ${i%.conf}.csr -config $i; done
Then with with the CER (created/received):
Create PEM from CER+KEY:
for i in *.cer; do cat $i ${i%.cer}.key > ${i%.cer}.pem; done
Verify each PEM against CA:
for i in *.pem; do openssl verify -verbose -x509_strict -CAfile ca.pem $i; done