TLS Einfacher per Skript: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(Die Seite wurde neu angelegt: „<pre> #!/bin/bash COMMONNAME=$1 openssl genrsa -out $COMMONNAME.key 4096 openssl req -new -key $COMMONNAME.key -out $COMMONNAME.csr cat<<HERE > /tmp/ext.cnf […“) |
|||
| Zeile 1: | Zeile 1: | ||
<pre> | <pre> | ||
| − | #!/bin/bash | + | #!/bin/bash |
| − | + | CN=$1 | |
| − | openssl genrsa -out $ | + | openssl genrsa -out $CN.key 4096 |
| − | openssl req -new -key $ | + | openssl req -new -key $CN.key -out $CN.csr |
cat<<HERE > /tmp/ext.cnf | cat<<HERE > /tmp/ext.cnf | ||
[ v3_req ] | [ v3_req ] | ||
| Zeile 11: | Zeile 11: | ||
[alt_names] | [alt_names] | ||
| − | DNS.1 = $ | + | DNS.1 = $CN |
HERE | HERE | ||
| − | openssl x509 -req -days 730 -in $ | + | openssl x509 -req -days 730 -in $CN.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out $CN.crt -extensions v3_req -extfile /tmp/ext.cnf |
| − | openssl x509 -noout -text -in ${ | + | openssl x509 -noout -text -in ${CN}.crt |
| − | |||
</pre> | </pre> | ||
Aktuelle Version vom 29. Juni 2021, 16:05 Uhr
#!/bin/bash
CN=$1
openssl genrsa -out $CN.key 4096
openssl req -new -key $CN.key -out $CN.csr
cat<<HERE > /tmp/ext.cnf
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = $CN
HERE
openssl x509 -req -days 730 -in $CN.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out $CN.crt -extensions v3_req -extfile /tmp/ext.cnf
openssl x509 -noout -text -in ${CN}.crt