danielliang / hellomycert Goto Github PK
View Code? Open in Web Editor NEWJust some scripts that use 'openssl' to request/sign certificates with fewer options and more suitable configuration.
hellomycert's Introduction
Hello My Cert
-------------
Just some scripts that use 'openssl' to request/sign certificates
with fewer options and more suitable configuration.
When to use?
------------
* Just need a certificate which will be signed by a CA or is self-signed.
* Sign/revoke certificates as a CA administrator.
Requirements
------------
* openssl
* The scripts, "req.cnf", "ca.cnf.template" should be in the same directory,
and scripts should be run in the directory.
Just need a certificate
-----------------------
Only use 'req.sh'.
What it does is:
1. To generate a private key first or use an exist key.
2. Then to generate a cetificate request or a self-signed certificate,
depending on the options.
Example:
* Generate a server ceriticate request:
$ ./req.sh -server
* Generate a self-signed CA ceriticate (used for a Root CA):
$ ./req.sh -ca -selfsign
Running 'req.sh' without arguments will show its all options.
As a CA administrator
---------------------
Must use 'ca-initdir' first to create an initial database
in a directory which all related files exclude the scripts should be in,
for signing/revoking certificates.
Example:
* Create a initial database in /tmp/myca:
$ ./ca-initdir.sh /tmp/myca
and then the structure of /tmp/myca looks like:
/tmp/myca
|-- ca.cnf
|-- crlnumber
|-- index.txt
|-- newcerts/
|-- private/
`-- serial
Then copy the CA's key and certificate to
/tmp/myca/private/ca.key and /tmp/myca/ca.crt
(or other paths matching the "private_key" and "certificate" fileds
in /tmp/myca/ca.cnf if /tmp/myca/ca.cnf is customized) for
other scripts to work with them.
* Use the CA in /tmp/myca to sign a server certificate request:
$ ./ca-signcert.sh /tmp/myca ~/alice.csr -server
The new certificate will be in /tmp/myca/newcerts/ if /tmp/myca/ca.cnf keeps default.
* Use the CA in /tmp/myca to sign a CA certificate request and certify it for 10 years:
$ ./ca-signcert.sh /tmp/myca ~/subca.csr -ca 3650
* Revoke a certificate signed by the CA in /tmp/myca:
$ ./ca-revoke.sh /tmp/myca /etc/ssl/certs/old.crt
* Generate a CRL based on information in /tmp/myca/index.txt
$ ./ca-gencrl.sh /tmp/myca
Running them without arguments will show their all options.
References
----------
Manpages:
* req(1)
* ca(1)
* x509v3_config(5)
hellomycert's People
Contributors
Watchers
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.