User Tools
docu:tutos:misc:gen_own_trusted_ca
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | Last revision Both sides next revision | ||
|
docu:tutos:misc:gen_own_trusted_ca [2020/02/08 22:32] admin |
docu:tutos:misc:gen_own_trusted_ca [2020/02/08 22:48] admin |
||
|---|---|---|---|
| Line 52: | Line 52: | ||
| subjectAltName = DNS: *.yourdomain.com, | subjectAltName = DNS: *.yourdomain.com, | ||
| </ | </ | ||
| + | |||
| + | Now create a **CSR (signing request)** from the san.cnf config file created | ||
| + | <code bash> | ||
| + | openssl req -new -config yourdomain.com.san.cnf -nodes -key yourdomain.com.key -out | ||
| + | yourdomain.com.csr | ||
| + | </ | ||
| + | |||
| + | \\ | ||
| + | ==== Sign your CSR with your CAcert key ===== | ||
| + | \\ | ||
| + | Given the **csr generated by the issuer** (us), **sign the certificate** to generate a crt file | ||
| + | <code bash> | ||
| + | # Expiration time | ||
| + | # paranoid: 1 year max | ||
| + | # normal: 2-3 years | ||
| + | # stupid: 10 years | ||
| + | openssl x509 -req -in yourdomain.com.csr -CA AGUAKTECH.pem -CAkey AGUAKTECH.key -CAcreateserial | ||
| + | -out yourdomain.com.crt -days 365 -sha256 | ||
| + | </ | ||
| + | |||
| + | \\ | ||
| + | ==== Install the generated certificate ===== | ||
| + | \\ | ||
| + | **Certificate installation** steps on firefox: | ||
| + | - Upload the **yourdomain.com.crt** file on some http server (optional) | ||
| + | - **Browse** the http resource or do it locally using the **< | ||
| + | - **Check both** trust CA for internet and email. **Enjoy!** | ||
| **Certificate installation** steps on a Debian-based Linux system (Optional) | **Certificate installation** steps on a Debian-based Linux system (Optional) | ||
docu/tutos/misc/gen_own_trusted_ca.txt · Last modified: 2020/02/08 22:54 by admin
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
