Differences

This shows you the differences between two versions of the page.

--- docu:tutos:misc:gen_own_trusted_ca [2020/02/08 22:32]
admin
+++ docu:tutos:misc:gen_own_trusted_ca [2020/02/08 22:54] (current)
admin
@@ Line 52: / Line 52: @@
 subjectAltName = DNS: *.yourdomain.com, DNS: yourdomain.com
 </file>
+Now create a **CSR (signing request)** from the san.cnf config file created
+<code bash>
+openssl req -new -config yourdomain.com.san.cnf -nodes -key yourdomain.com.key -out
+yourdomain.com.csr
+</code>
+\\
+==== Sign your CSR with your CAcert key =====
+\\
+Given the **csr generated by the issuer** (us), **sign the certificate** to generate a crt file
+<code bash>
+# Expiration time
+# paranoid: 1 year max
+# normal: 2-3 years
+# stupid: 10 years
+openssl x509 -req -in yourdomain.com.csr -CA AGUAKTECH.pem -CAkey AGUAKTECH.key -CAcreateserial
+-out yourdomain.com.crt -days 365 -sha256
+</code>
+\\
+==== Install the generated certificate =====
+\\
+**Certificate installation** steps on firefox:
+    - Upload the **yourdomain.com.crt** file on some http server (optional)
+    - **Browse** the http resource or do it locally using the **<nowiki>file:///path/to/yourdomain.com.crt</nowiki>**
+    - **Check both** trust CA for internet and email. **Enjoy!**
 **Certificate installation** steps on a Debian-based Linux system (Optional)
@@ Line 60: / Line 87: @@
 update-ca-certificates
 </code>
+\\
+==== Things to consider on Reverse Proxies =====
+    * **Nginx and Apache** let you specify both the **.crt and the .key** file in **different directives**.\\
+    * **HAProxy** uses a packed .pem file which **contains the .crt and .key** file all in one (**cat yourdomain.com.crt yourdomain.com.key > yourdomain.com.pem**)

NoBIGTech Wiki Técnico

User Tools

Site Tools

Differences

Page Tools