Backup pki files for openssl:

cp -r etc/pki/ ~/Documents/Backup/

For Testing:

Configure default days to "36500"

gedit /etc/pki/tls/openssl.cnf

default_days = 36500

Steps:

  1. cd pki/tls/
  2. ./CA -newca --opensuse directory

For Server key

  1. openssl req -new -nodes -keyout server_key.pem -out server_req.pem -days 36500 -config ./openssl.cnf
  2. Check "server_key.pem" and "server_req.pem" was created.

  3. openssl ca -config ./openssl.cnf -policy policy_anything -out server_cert.pem -infiles ./server_req.pem

  4. Check "server_cert.pem" was created

  5. Check began and end sign "gedit server_cert.pem"

For Client Key

  1. openssl req -new -keyout client_key.pem -out client_req.pem -days 730 -config ./openssl.cnf

  2. Check "client_key.pem" and "client_req.pem"

  3. Import: empty "index.txt" path: /etc/pki/CA/index.txt

  4. openssl ca -config ./openssl.cnf -policy policy_anything -out client_cert.pem -infiles ./client_req.pem

  5. Check "client_cert.pem"

For Files

  1. openssl pkcs12 -export -in client_cert.pem -inkey client_key.pem -out client_cert.p12 -clcerts

  2. Check ""client_cert.p12"

  3. openssl dhparam -check -text -5 512 -out dh

  4. Check DH

  5. dd if=/dev/urandom of=random count=2

  6. Check Random

Reference : my github

https://github.com/englam/system\_debug/blob/master/ssl/CA/guide

results matching ""

    No results matching ""