ealmr's wiki

User Tools

Site Tools

Trace:
openssl

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
openssl [2024/04/15 06:05] A User Not Logged inopenssl [2025/04/08 12:41] (current) – [Trust self signed certs] ealmr
Line 1: Line 1:
 +====== Trust self signed certs ======
 +
 +Debian based:
 +
 +  cp $DOMAIN_CRT /usr/local/share/ca-certificates/
 +  update-ca-certificates
 +
 +Arch Linux:
 +
 +  trust anchor $DOMAIN_CRT
 +  #to trust non CA cert, see https://github.com/harvester/harvester/issues/4134#issuecomment-1888918283
 +  sed -i 's/certificate-category: other-entry/certificate-category: authority/g' $P11_KIT
 +  update-ca-trust
 +
 +Alpine:
 +
 +  cp $DOMAIN_CRT /usr/local/share/ca-certificates/
 +  update-ca-certificates
 +  ls -la /etc/ssl/certs/ | grep $DOMAIN_CRT
 +  
 ====== General commands ====== ====== General commands ======
  
Line 33: Line 53:
 creating root CSR from existing root cert: creating root CSR from existing root cert:
  
-  openssl x509 -x509toreq -in root.crt -out root.csr -signkey root.key -copy_extensions copyall+  openssl x509 -x509toreq -in "$ROOT_CRT" -out root.csr -signkey root.key -copy_extensions copyall
      
 generate new root cert: generate new root cert:
  
-  openssl x509 -req -in root.csr -out new-root.crt -signkey root.key -days 3650 -copy_extensions copyall+  openssl x509 -req -in root.csr -out root.crt -signkey root.key -days 3650 -copy_extensions copyall
      
 creating CSRs from existing intermediate cert: creating CSRs from existing intermediate cert:
  
-  openssl x509 -x509toreq -in intermediate.crt -out intermediate.csr -signkey intermediate.key -copy_extensions copyall+  openssl x509 -x509toreq -in "$INTER_CRT" -out intermediate.csr -signkey intermediate.key -copy_extensions copyall
  
 resign intermediate certificate from CSR with root CA: resign intermediate certificate from CSR with root CA:
      
-  openssl x509 -req -in intermediate.csr -CA new-root.crt -CAkey root.key -CAcreateserial -out new-intermediate.crt -copy_extensions copyall -days 3650+  openssl x509 -req -in intermediate.csr -CA root.crt -CAkey root.key -CAcreateserial -out intermediate.crt -copy_extensions copyall -days 3650
      
 creating CSRs from existing domain cert: creating CSRs from existing domain cert:
  
-  openssl x509 -x509toreq -in domain.crt -out domain.csr -signkey domain.key -copy_extensions copyall+  openssl x509 -x509toreq -in "$DOMAIN_CRT" -out domain.csr -signkey domain.key -copy_extensions copyall
  
 resign domain certificate from CSR with intermediate CA: resign domain certificate from CSR with intermediate CA:
      
-  openssl x509 -req -in domain.csr -CA new-intermediate.crt -CAkey intermediate.key -CAcreateserial -out new-domain.crt -copy_extensions copyall -days 3650+  openssl x509 -req -in domain.csr -CA intermediate.crt -CAkey intermediate.key -CAcreateserial -out domain.crt -copy_extensions copyall -days 3650 
 + 
 +resign domain certificate from CSR directly with key: 
 + 
 +  openssl x509 -req -in domain.csr -key domain.key -out domain.crt -copy_extensions copyall -days 3650
      
 ====== Create cert for IP ====== ====== Create cert for IP ======
openssl.1713161147.txt.gz · Last modified: by A User Not Logged in
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki