CA
From Whitespace (Hackerspace Gent)
(Difference between revisions)
(→0x20 CA) |
(→Create a CA) |
||
| Line 16: | Line 16: | ||
== Create a CA == | == Create a CA == | ||
* based on http://www.freebsdmadeeasy.com/tutorials/freebsd/create-a-ca-with-openssl.php | * based on http://www.freebsdmadeeasy.com/tutorials/freebsd/create-a-ca-with-openssl.php | ||
| − | + | <pre> | |
| + | $ openssl req -new -x509 -days 5475 -newkey rsa:4096 -extensions v3_ca -keyout \ | ||
| + | private/ca-0x20-key.pem -out ca-0x20-cert.pem -config ./openssl.cnf | ||
| + | </pre> | ||
Revision as of 02:58, 6 November 2011
0x20 CA
- CA with OpenSSL
- all flat files in 1 directory
- can easily be transported on an encrypted filesystem
- Used for OpenVPN authentication
openssl.cnf
Check the openssl.cnf file with the 0x20 specific values:
- root ca is valid for 15 years
- certificates are valid for 5 years
- DN: C=BE, ST=Ghent, L=Whitespace, O=0x20, CN=0x20 root ca
- nsCaRevocationUrl = http://www.0x20.be/ca-0x20-crl.pem
- extendedKeyUsage=serverAuth (server certs)
- extendedKeyUsage=clientAuth (client certs)
Create a CA
$ openssl req -new -x509 -days 5475 -newkey rsa:4096 -extensions v3_ca -keyout \ private/ca-0x20-key.pem -out ca-0x20-cert.pem -config ./openssl.cnf
