mag37 revised this gist 2 hours ago. Go to revision
No changes
mag37 revised this gist 2 hours ago. Go to revision
1 file changed, 30 insertions
openssl_tricks.md(file created)
| @@ -0,0 +1,30 @@ | |||
| 1 | + | ## Request, create and verify new certificates | |
| 2 | + | **Prerequisite**: | |
| 3 | + | Have a collection of `openssl.conf` files named as their hostname, eg | |
| 4 | + | - gw1.conf | |
| 5 | + | - gw2.conf | |
| 6 | + | - lb1.conf | |
| 7 | + | ||
| 8 | + | Create new passwords for every conf: | |
| 9 | + | ```sh | |
| 10 | + | for i in *.conf; do openssl rand -base64 32 > ${i%.conf}.pass; done | |
| 11 | + | ``` | |
| 12 | + | Create new key files with passwords from file: | |
| 13 | + | ```sh | |
| 14 | + | for i in *.conf; do openssl genrsa -aes256 -passout file:${%i.conf}.pass -out ${i%.conf}.key 2048; done | |
| 15 | + | ``` | |
| 16 | + | Create CSRs: | |
| 17 | + | ```sh | |
| 18 | + | for i in *.conf; do openssl req -new -key ${i%.conf}.key -passin file:${i%.conf}.pass -out ${i%.conf}.csr -config $i; done | |
| 19 | + | ``` | |
| 20 | + | ||
| 21 | + | ### Then with with the CER (created/received): | |
| 22 | + | ||
| 23 | + | Create PEM from CER+KEY: | |
| 24 | + | ```sh | |
| 25 | + | for i in *.cer; do cat $i ${i%.cer}.key > ${i%.cer}.pem; done | |
| 26 | + | ``` | |
| 27 | + | Verify each PEM against CA: | |
| 28 | + | ```sh | |
| 29 | + | for i in *.pem; do openssl verify -verbose -x509_strict -CAfile ca.pem $i; done | |
| 30 | + | ``` | |
Newer
Older