================
Openssl commands
================

# ID hash for key
openssl x509 -noOUT -hash -in certs/cacert.pem

# verify cert
openssl verify /tmp/ldapsvr.olearycomputers.com.crt

# ID specific info from cert
openssl x509 -noout -in /tmp/cert.pem -issuer -subject -dates

# create new key for caauth:
openssl req -days 365 -new -x509 -extensions v3_ca -keyout \
    /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem

# generate a self signed, null passphrased key for use w/a private CA
openssl req -x509 -newkey rsa:2048 -keyout ./${server}_private.pem \
   -nodes -out ${server}.crt -days 365

# generate a self signed cert for use w/a web server:

    *   Generate private key: ::

            openssl genrsa -days 365 -out ${host}_private.pem 2048

    *   Generate sign request: ::

            openssl req -new -key ./${host}_private.pem -out ${host}.csr

    *   Sign it: ::

            openssl x509 -req -days 1095 -in ./${host}.csr \
            -signkey ./${host}_private.pem \
            -out ./${host}.crt