Last active 2 hours ago

mag37 revised this gist 2 hours ago. Go to revision

No changes

mag37 revised this gist 2 hours ago. Go to revision

1 file changed, 30 insertions

openssl_tricks.md(file created)

@@ -0,0 +1,30 @@
1 + ## Request, create and verify new certificates
2 + **Prerequisite**:
3 + Have a collection of `openssl.conf` files named as their hostname, eg
4 + - gw1.conf
5 + - gw2.conf
6 + - lb1.conf
7 +
8 + Create new passwords for every conf:
9 + ```sh
10 + for i in *.conf; do openssl rand -base64 32 > ${i%.conf}.pass; done
11 + ```
12 + Create new key files with passwords from file:
13 + ```sh
14 + for i in *.conf; do openssl genrsa -aes256 -passout file:${%i.conf}.pass -out ${i%.conf}.key 2048; done
15 + ```
16 + Create CSRs:
17 + ```sh
18 + for i in *.conf; do openssl req -new -key ${i%.conf}.key -passin file:${i%.conf}.pass -out ${i%.conf}.csr -config $i; done
19 + ```
20 +
21 + ### Then with with the CER (created/received):
22 +
23 + Create PEM from CER+KEY:
24 + ```sh
25 + for i in *.cer; do cat $i ${i%.cer}.key > ${i%.cer}.pem; done
26 + ```
27 + Verify each PEM against CA:
28 + ```sh
29 + for i in *.pem; do openssl verify -verbose -x509_strict -CAfile ca.pem $i; done
30 + ```
Newer Older