Generate private key requiring a passphrase with the command below
sudo openssl genrsa -aes128 -out private.key 2048
# Note the -aes128 enables password for the private key.
Generate private key without a passphrase use the command below
uelekezo@Linux_Essentials > cd /tmp uelekezo@Linux_Essentials > sudo openssl genrsa -out private.key 2048 [sudo] password for lab: uelekezo@Linux_Essentials > ls private.key private.key uelekezo@Linux_Essentials > file private.key private.key: regular file, no read permission uelekezo@Linux_Essentials > sudo !! sudo file private.key private.key: ASCII text uelekezo@Linux_Essentials >
To re-enable the password for the private key you can use the following command
sudo openssl rsa -aes128 -in path_to_private_key.key -out password_protected_private_key.key
Generate Certificate Authority (CA) Request form
uelekezo@Linux_Essentials > sudo openssl req -new -days 365 -key /tmp/private.key -out request.csr Ignoring -days without -x509; not generating a certificate You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []: Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: uelekezo@Linux_Essentials > uelekezo@Linux_Essentials > ls request.csr request.csr uelekezo@Linux_Essentials > file request.csr request.csr: PEM certificate request uelekezo@Linux_Essentials >
Generate the final signed certificate
uelekezo@Linux_Essentials > ls private.key request.csr private.key request.csr uelekezo@Linux_Essentials > file private.key request.csr private.key: regular file, no read permission request.csr: PEM certificate request uelekezo@Linux_Essentials > sudo openssl x509 -in request.csr -out certificate.crt -req -signkey private.key -days 365 Certificate request self-signature ok subject=C = AU, ST = Some-State, O = Internet Widgits Pty Ltd uelekezo@Linux_Essentials > ls certificate.crt certificate.crt uelekezo@Linux_Essentials > file certificate.crt certificate.crt: PEM certificate uelekezo@Linux_Essentials > sudo file private.key request.csr certificate.crt private.key: ASCII text request.csr: PEM certificate request certificate.crt: PEM certificate uelekezo@Linux_Essentials >
Note: Asciinema recordings of the above commands are shown below.
Generating Key with Passphrase Summary
 |
| Generating an encrypted private key |
 |
| Generating an Unencrypted Private Key |
 |
| Generating a PEM Certificate Request |
 |
| Generating a PEM Certificate |
No comments:
Post a Comment