equal
deleted
inserted
replaced
13 openssl genrsa -des3 -out my.key -passout pass:123456 2048 |
13 openssl genrsa -des3 -out my.key -passout pass:123456 2048 |
14 |
14 |
15 Generate DSA key:: |
15 Generate DSA key:: |
16 |
16 |
17 openssl gendsa -out my.key -passout pass:123456 <(openssl dsaparam 512) |
17 openssl gendsa -out my.key -passout pass:123456 <(openssl dsaparam 512) |
|
18 |
|
19 Select DSA curve:: |
|
20 |
|
21 openssl ecparam -list_curves |
18 |
22 |
19 Generate a self-signed certificate |
23 Generate a self-signed certificate |
20 ================================== |
24 ================================== |
21 |
25 |
22 ``openssl`` allows to generate self-signed certificate by a single command (``-newkey`` |
26 ``openssl`` allows to generate self-signed certificate by a single command (``-newkey`` |
77 -storetype pkcs12 -keyalg RSA -keysize 2048 -validity 3650 \ |
81 -storetype pkcs12 -keyalg RSA -keysize 2048 -validity 3650 \ |
78 -storepass 123456 \ |
82 -storepass 123456 \ |
79 -dname "CN=localhost,O=home,C=US" \ |
83 -dname "CN=localhost,O=home,C=US" \ |
80 -ext 'san=dns:localhost,dns:web.internal,email:me@mail.internal' |
84 -ext 'san=dns:localhost,dns:web.internal,email:me@mail.internal' |
81 |
85 |
|
86 View the keystore:: |
|
87 |
|
88 keytool -list -v -keystore my.p12 -storepass 123456 |
|
89 |
82 To export the self-signed certificate:: |
90 To export the self-signed certificate:: |
83 |
91 |
84 keytool -exportcert -keystore my.p12 -file my.crt \ |
92 keytool -exportcert -keystore my.p12 -file my.crt \ |
85 -alias master -rfc -storepass 123456 |
93 -alias master -rfc -storepass 123456 |
86 |
94 |
111 |
119 |
112 PKCS#12 store keeps private keys and certificates, to combine a private key and certificates into the store:: |
120 PKCS#12 store keeps private keys and certificates, to combine a private key and certificates into the store:: |
113 |
121 |
114 openssl pkcs12 -export -in my.crt -inkey my.key -certfile other.crt -out my.p12 -name master |
122 openssl pkcs12 -export -in my.crt -inkey my.key -certfile other.crt -out my.p12 -name master |
115 |
123 |
|
124 Show info about PKCS#12 store:: |
|
125 |
|
126 openssl pkcs12 -info -in certtool-srv.p12 -passin pass:123456 -nodes |
|
127 keytool -list -v -keystore my.p12 -storepass 123456 |
|
128 |
116 To export a private key to PKCS#8 format (has header ``BEGIN PRIVATE KEY`` or ``BEGIN ENCRYPTED |
129 To export a private key to PKCS#8 format (has header ``BEGIN PRIVATE KEY`` or ``BEGIN ENCRYPTED |
117 PRIVATE KEY``):: |
130 PRIVATE KEY``):: |
118 |
131 |
119 openssl pkcs12 -info -nocerts -in my.p12 -passin pass:123456 -nodes |
132 openssl pkcs12 -info -nocerts -in my.p12 -passin pass:123456 -nodes |
120 |
133 |
125 |
138 |
126 To show private key info:: |
139 To show private key info:: |
127 |
140 |
128 openssl pkcs12 -info -nocerts -in my.p12 -passin pass:123456 -nodes | openssl rsa -text -noout |
141 openssl pkcs12 -info -nocerts -in my.p12 -passin pass:123456 -nodes | openssl rsa -text -noout |
129 |
142 |
130 To show certificat info:: |
143 To show certificate info:: |
131 |
144 |
132 openssl pkcs12 -info -nokeys -in my.p12 -passin pass:123456 |
145 openssl pkcs12 -info -nokeys -in my.p12 -passin pass:123456 |
133 openssl pkcs12 -info -nokeys -in my.p12 -passin pass:123456 | openssl x509 -text -noout |
146 openssl pkcs12 -info -nokeys -in my.p12 -passin pass:123456 | openssl x509 -text -noout |
134 |
147 |