https://tech.uvoo.io/index.php?action=history&feed=atom&title=Pki_openssl
Pki openssl - Revision history
2026-04-20T21:45:03Z
Revision history for this page on the wiki
MediaWiki 1.35.2
https://tech.uvoo.io/index.php?title=Pki_openssl&diff=4591&oldid=prev
Busk: Created page with "https://stackoverflow.com/questions/26759550/how-to-create-own-self-signed-root-certificate-and-intermediate-ca-to-be-importe root-internmediate-ca.sh ``` #!/bin/bash -x set..."
2023-10-13T17:17:59Z
<p>Created page with "https://stackoverflow.com/questions/26759550/how-to-create-own-self-signed-root-certificate-and-intermediate-ca-to-be-importe root-internmediate-ca.sh ``` #!/bin/bash -x set..."</p>
<p><b>New page</b></p><div>https://stackoverflow.com/questions/26759550/how-to-create-own-self-signed-root-certificate-and-intermediate-ca-to-be-importe<br />
<br />
root-internmediate-ca.sh<br />
```<br />
#!/bin/bash -x<br />
<br />
set -e<br />
<br />
for C in `echo root-ca intermediate`; do<br />
<br />
mkdir $C<br />
cd $C<br />
mkdir certs crl newcerts private<br />
cd ..<br />
<br />
echo 1000 > $C/serial<br />
touch $C/index.txt $C/index.txt.attr<br />
<br />
echo '<br />
[ ca ]<br />
default_ca = CA_default<br />
[ CA_default ]<br />
dir = '$C' # Where everything is kept<br />
certs = $dir/certs # Where the issued certs are kept<br />
crl_dir = $dir/crl # Where the issued crl are kept<br />
database = $dir/index.txt # database index file.<br />
new_certs_dir = $dir/newcerts # default place for new certs.<br />
certificate = $dir/cacert.pem # The CA certificate<br />
serial = $dir/serial # The current serial number<br />
crl = $dir/crl.pem # The current CRL<br />
private_key = $dir/private/ca.key.pem # The private key<br />
RANDFILE = $dir/.rnd # private random number file<br />
nameopt = default_ca<br />
certopt = default_ca<br />
policy = policy_match<br />
default_days = 365<br />
default_md = sha256<br />
<br />
[ policy_match ]<br />
countryName = optional<br />
stateOrProvinceName = optional<br />
organizationName = optional<br />
organizationalUnitName = optional<br />
commonName = supplied<br />
emailAddress = optional<br />
<br />
[req]<br />
req_extensions = v3_req<br />
distinguished_name = req_distinguished_name<br />
<br />
[req_distinguished_name]<br />
<br />
[v3_req]<br />
basicConstraints = CA:TRUE<br />
' > $C/openssl.conf<br />
done<br />
<br />
openssl genrsa -out root-ca/private/ca.key 2048<br />
openssl req -config root-ca/openssl.conf -new -x509 -days 3650 -key root-ca/private/ca.key -sha256 -extensions v3_req -out root-ca/certs/ca.crt -subj '/CN=Root-ca'<br />
<br />
openssl genrsa -out intermediate/private/intermediate.key 2048<br />
openssl req -config intermediate/openssl.conf -sha256 -new -key intermediate/private/intermediate.key -out intermediate/certs/intermediate.csr -subj '/CN=Interm.'<br />
openssl ca -batch -config root-ca/openssl.conf -keyfile root-ca/private/ca.key -cert root-ca/certs/ca.crt -extensions v3_req -notext -md sha256 -in intermediate/certs/intermediate.csr -out intermediate/certs/intermediate.crt<br />
<br />
mkdir out<br />
<br />
for I in `seq 1 3` ; do<br />
openssl req -new -keyout out/$I.key -out out/$I.request -days 365 -nodes -subj "/CN=$I.example.com" -newkey rsa:2048<br />
openssl ca -batch -config root-ca/openssl.conf -keyfile intermediate/private/intermediate.key -cert intermediate/certs/intermediate.crt -out out/$I.crt -infiles out/$I.request<br />
done<br />
```</div>
Busk