Script per crear certificats de forma simple en OpenSSL

Per generar certificats autogenerats amb SSL de forma simple.

SITE=host.domain.tld
DAYS=3650
rm -rf *.pem

#CA
openssl genrsa 4096  > $SITE-cky.pem
openssl req -sha256 -new -x509 -nodes -days $DAYS -key $SITE-cky.pem -subj "/C=CA/ST=Catalunya/L=Barcelona/O=org/OU=sysadmin/CN=admin" > $SITE-car.pem

#CERT
openssl req -sha256 -newkey rsa:4096 -days $DAYS -nodes -keyout $SITE-key.pem -subj "/C=CA/ST=Catalunya/L=Barcelona/O=org/OU=sysadmin/CN=$SITE" > $SITE-req.pem
openssl rsa -in $SITE-key.pem -out $SITE-key.pem
openssl x509 -sha256 -req -in $SITE-req.pem -days $DAYS -CA $SITE-car.pem -CAkey $SITE-cky.pem -set_serial 01 > $SITE-crt.pem
openssl dhparam -out $SITE-dh4096.pem 4096

#OUTPUT
openssl x509 -in $SITE-car.pem -noout -text
openssl x509 -in $SITE-crt.pem -noout -text

Generar un certificats amb sola línia de codi:

#One line SHA256 with RSA 2048 encryption
openssl req -new -newkey rsa:2048 -sha256 -days 3650 -nodes -x509 -subj "/C=CA/ST=Catalunya/L=Barcelona/O=org/OU=sysadmin/CN=admin" -keyout server.key -out server.crt

Per veure el certificat un cop instal·lat

echo | openssl s_client -showcerts -servername gnupg.org -connect ip.addr.es:443 2>/dev/null | openssl x509 -inform pem -noout -text

Convertir certificats amb OpenSSL

https://www.sslshopper.com/article-most-common-openssl-commands.html

  • Convertir a DER (.crt .cer .der) a PEM
openssl x509 -inform der -in certificate.cer -out certificate.pem
  • Convertir un PEM a DER
openssl x509 -outform der -in certificate.pem -out certificate.der
  • Convertir un PKCS#12 file (.pfx .p12) que contenen una private key i certificats a PEM
openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes
  • Convertir un PEM i la private key a PKCS#12 (.pfx .p12)
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt
«
»

    Deixa un comentari

    L'adreça electrònica no es publicarà. Els camps necessaris estan marcats amb *

    fifteen + 13 =