public inbox for [email protected]
help / color / mirror / Atom feedFrom: Tatsuo Ishii <[email protected]>
To: [email protected]
Subject: Creating Certificates
Date: Sat, 06 Oct 2018 08:17:04 +0900 (JST)
Message-ID: <[email protected]> (raw)
In "18.9.3. Creating Certificates",
------------------------------------------------------------------
To create a server certificate whose identity can be validated by
clients, first create a certificate signing request (CSR) and a
public/private key file:
openssl req -new -nodes -text -out root.csr \
-keyout root.key -subj "/CN=root.yourdomain.com"
chmod og-rwx root.key
Then, sign the request with the key to create a root certificate
authority (using the default OpenSSL configuration file location on
Linux):
openssl x509 -req -in root.csr -text -days 3650 \
-extfile /etc/ssl/openssl.cnf -extensions v3_ca \
-signkey root.key -out root.crt
------------------------------------------------------------------
For me it seesm the two-step procedure can be replaced with following
one command:
openssl req -new -x509 -nodes -text -days 3650 \
-config /etc/ssl/openssl.cnf -extensions v3_ca \
-out root.crt -keyout root.key -subj "/CN=root.yourdomain.com"
Is there any reaon why our doc recommend the two-step procedure?
Best regards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp
view thread (9+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected]
Subject: Re: Creating Certificates
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox