Differences

This shows you the differences between two versions of the page.

--- openssl:ca [2023/10/13 10:25] – created olaf
+++ openssl:ca [2023/10/13 20:14] (current) – olaf
@@ Line 35: / Line 35: @@
 == Windows ==
-Open (double click) the certificate and install it into "Trusted Root Certificate Authorities"
+Open (double click) the certificate and install it for the local machine into "Trusted Root Certificate Authorities"
+==== Create certificates for devices ====
+=== Create a config file ===
+<code>
+[req]
+default_bits       = 2048
+distinguished_name = req_distinguished_name
+req_extensions     = req_ext
+[req_distinguished_name]
+countryName                = Country Name (2 letter code)
+stateOrProvinceName        = State or Province Name (full name)
+localityName               = Locality Name (eg, city)
+organizationName           = Organization Name (eg, company)
+organizationalUnitName     = Organizational Unit Name (eg, section)
+commonName                 = Common Name (eg, your name or your server's hostname)
+[req_ext]
+keyUsage       = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+subjectAltName = @alt_names
+[alt_names]
+DNS.1   = <dnsname1.mydomain.com>
+DNS.2   = <dnsname2.mydomain.com>
+IP.1    = <aaa.bbb.ccc.ddd.eee>
+</code>
+Save it as <device_name>.<domain>.cfg
+=== Create a key and the Certificate Signing Request ===
+<code>
+openssl req -new -nodes -out <device_name>.<domain>.csr -newkey rsa:2048 -keyout <device_name>.<domain>.key -config <device_name>.<domain>.cfg
+</code>
+This creates two files: one with the key and one with the CSR.
+=== Create the certificate ===
+<code>
+openssl x509 -req -sha256 -CA <path_and_file_name_Root_CA_cert> -CAkey <path_and_file_name_Root_CA_key> -in <device_name>.<domain>.csr -out <device_name>.<domain>.crt -days 2920 -CAcreateserial -extensions req_ext -extfile <device_name>.<domain>.cfg
+</code>

OOKB - Olaf's Own Knowledge Base

User Tools

Site Tools

Differences

Page Tools