Openssl commandsΒΆ
# ID hash for key openssl x509 -noOUT -hash -in certs/cacert.pem
# verify cert openssl verify /tmp/ldapsvr.olearycomputers.com.crt
# ID specific info from cert openssl x509 -noout -in /tmp/cert.pem -issuer -subject -dates
# create new key for caauth: openssl req -days 365 -new -x509 -extensions v3_ca -keyout
/etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem
# generate a self signed, null passphrased key for use w/a private CA openssl req -x509 -newkey rsa:2048 -keyout ./${server}_private.pem
-nodes -out ${server}.crt -days 365
# generate a self signed cert for use w/a web server:
Generate private key:
openssl genrsa -days 365 -out ${host}_private.pem 2048Generate sign request:
openssl req -new -key ./${host}_private.pem -out ${host}.csrSign it:
openssl x509 -req -days 1095 -in ./${host}.csr \ -signkey ./${host}_private.pem \ -out ./${host}.crt