http://www.madboa.com/geek/openssl/
#
openssl genrsa -out foo_cakey.pem 2048 // generate an RSA private key
#
openssl req -sha1 -x509 -days 1825 -new -batch -config opensslCA.cfg -key foo_cakey.pem -out foo_cacert.pem //PKCS#10 X.509 Certificate Signing Request (CSR) Management.
-x509
this option outputs a self signed certificate instead of a certificate request.
-sha1
this specifies the message digest to sign the request with (such as -md5, -sha1)
#
openssl crl2pkcs7 -nocrl -certfile foo_cacert.pem -out foo_cacert.p7b
crl2pkcs7 : Create a PKCS#7 structure from a CRL and certificates.
-nocrl
normally a CRL is included in the output file. With this option no CRL is included in the output file and a CRL is not read from the input file.
-certfile filename
specifies a filename containing one or more certificates in PEM format. All certificates in the file will be added to the PKCS#7 structure. This option can be used more than once to read certificates form multiple files.
#
openssl x509 -sha1 -days 1825 -req -in foo_req.pem -CA foo_cacert.pem -CAkey foo_cakey.pem -extfile opensslServer.cfg -extensions x509 -CAserial foo_cacert.srl -CAcreateserial -out foo_cert.pem
--------------------------------------------
#
openssl genrsa -out foo_key.pem 2048 //generate an RSA private key
#
openssl req -new -batch -config opensslServer.cfg -key foo_key.pem -out foo_req.pem
#
openssl pkcs12 -export -in foo_cert.pem -inkey foo_key.pem -name
make sure you change the -name argument on that last command to your SRM server's FQDN or IP address.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.