Convert into Root CA -> server pems so that firefox doesn't complain
This commit is contained in:
parent
7dd52bb14e
commit
17a4f5a8c9
3 changed files with 34 additions and 21 deletions
16
basic_configs/ssl/CA.cnf
Normal file
16
basic_configs/ssl/CA.cnf
Normal file
|
|
@ -0,0 +1,16 @@
|
||||||
|
[ req ]
|
||||||
|
prompt = no
|
||||||
|
distinguished_name = req_distinguished_name
|
||||||
|
x509_extensions = v3_ca
|
||||||
|
|
||||||
|
[ req_distinguished_name ]
|
||||||
|
C = PK
|
||||||
|
ST = Sindh
|
||||||
|
L = Karachi
|
||||||
|
O = mahmad
|
||||||
|
|
||||||
|
[v3_ca]
|
||||||
|
subjectKeyIdentifier = hash
|
||||||
|
basicConstraints = critical,CA:TRUE
|
||||||
|
keyUsage = cRLSign, keyCertSign
|
||||||
|
nameConstraints = permitted;DNS:272254864.xyz
|
||||||
|
|
@ -1,9 +1,14 @@
|
||||||
#!/usr/bin/fish
|
#!/usr/bin/fish
|
||||||
|
|
||||||
openssl genrsa -out key.pem 2048
|
# gen CA Root
|
||||||
|
openssl genpkey -algorithm RSA -out self_ca.key -pkeyopt rsa_keygen_bits:4096
|
||||||
|
openssl req -new -key self_ca.key -out ca.csr -extensions v3_ca -config CA.cnf
|
||||||
|
openssl x509 -req -sha256 -days 365 -in ca.csr -signkey self_ca.key -extfile CA.cnf -out self_ca.crt -extensions v3_ca
|
||||||
|
|
||||||
openssl req -new -out server.csr -key key.pem -config local_cert.cnf
|
# gen cert
|
||||||
|
openssl genpkey -algorithm RSA -out jormungandr.key -pkeyopt rsa_keygen_bits:2048
|
||||||
|
openssl req -new -key jormungandr.key -extensions v3_ca -out jormungandr.csr -config local_cert.cnf
|
||||||
|
openssl x509 -req -sha256 -days 365 -in jormungandr.csr -CAkey self_ca.key -CA self_ca.crt -out jormungandr.crt -extfile local_cert.cnf -extensions v3_ca
|
||||||
|
|
||||||
openssl x509 -req -days 9999 -in server.csr -signkey key.pem -out cert.pem -extensions v3_req -extfile local_cert.cnf
|
# cleanup
|
||||||
|
rm self_ca.key ca.csr jormungandr.csr
|
||||||
rm server.csr
|
|
||||||
|
|
|
||||||
|
|
@ -1,22 +1,14 @@
|
||||||
[ req ]
|
[ req ]
|
||||||
default_bits = 2048
|
|
||||||
|
|
||||||
prompt = no
|
|
||||||
distinguished_name = req_distinguished_name
|
distinguished_name = req_distinguished_name
|
||||||
req_extensions = v3_req
|
x509_extensions = v3_ca
|
||||||
|
prompt = no
|
||||||
|
|
||||||
[req_distinguished_name]
|
[req_distinguished_name]
|
||||||
countryName = PK
|
CN = 272254864.xyz
|
||||||
stateOrProvinceName = Sindh
|
|
||||||
localityName = Karachi
|
|
||||||
commonName = 272254864.xyz
|
|
||||||
|
|
||||||
[v3_req]
|
|
||||||
basicConstraints = CA:true
|
|
||||||
subjectKeyIdentifier = hash
|
|
||||||
keyUsage = digitalSignature, keyEncipherment
|
|
||||||
extendedKeyUsage = serverAuth, clientAuth
|
|
||||||
subjectAltName = @alt_names
|
|
||||||
|
|
||||||
[alt_names]
|
[v3_ca]
|
||||||
DNS.1 = *.272254864.xyz
|
basicConstraints = CA:FALSE
|
||||||
|
subjectAltName = DNS:*.272254864.xyz
|
||||||
|
extendedKeyUsage = serverAuth
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue