Per generar certificats autogenerats amb SSL de forma simple.
SITE=host.domain.tld
DAYS=3650
rm -rf *.pem
#CA
openssl genrsa 4096 > $SITE-cky.pem
openssl req -sha256 -new -x509 -nodes -days $DAYS -key $SITE-cky.pem -subj "/C=CA/ST=Catalunya/L=Barcelona/O=org/OU=sysadmin/CN=admin" > $SITE-car.pem
#CERT
openssl req -sha256 -newkey rsa:4096 -days $DAYS -nodes -keyout $SITE-key.pem -subj "/C=CA/ST=Catalunya/L=Barcelona/O=org/OU=sysadmin/CN=$SITE" > $SITE-req.pem
openssl rsa -in $SITE-key.pem -out $SITE-key.pem
openssl x509 -sha256 -req -in $SITE-req.pem -days $DAYS -CA $SITE-car.pem -CAkey $SITE-cky.pem -set_serial 01 > $SITE-crt.pem
openssl dhparam -out $SITE-dh4096.pem 4096
#OUTPUT
openssl x509 -in $SITE-car.pem -noout -text
openssl x509 -in $SITE-crt.pem -noout -textGenerar un certificats amb sola línia de codi:
#One line SHA256 with RSA 2048 encryption
openssl req -new -newkey rsa:2048 -sha256 -days 3650 -nodes -x509 -subj "/C=CA/ST=Catalunya/L=Barcelona/O=org/OU=sysadmin/CN=admin" -keyout server.key -out server.crtPer veure el certificat un cop instal·lat
echo | openssl s_client -showcerts -servername gnupg.org -connect ip.addr.es:443 2>/dev/null | openssl x509 -inform pem -noout -text
Convertir certificats amb OpenSSL
https://www.sslshopper.com/article-most-common-openssl-commands.html
- Convertir a DER (.crt .cer .der) a PEM
openssl x509 -inform der -in certificate.cer -out certificate.pem- Convertir un PEM a DER
openssl x509 -outform der -in certificate.pem -out certificate.der- Convertir un PKCS#12 file (.pfx .p12) que contenen una private key i certificats a PEM
openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes- Convertir un PEM i la private key a PKCS#12 (.pfx .p12)
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crtRenovar certificat caducat
openssl x509 -x509toreq -in current.crt -signkey current.key -out new.csr -days 3650