Rework ssl since it stopped working again
This commit is contained in:
parent
abc8967339
commit
7766c253ff
4 changed files with 11 additions and 50 deletions
|
|
@ -1,16 +0,0 @@
|
||||||
[ req ]
|
|
||||||
prompt = no
|
|
||||||
distinguished_name = req_distinguished_name
|
|
||||||
x509_extensions = v3_ca
|
|
||||||
|
|
||||||
[ req_distinguished_name ]
|
|
||||||
C = ${CA_COUNTRYCODE}
|
|
||||||
ST = ${CA_STATEORTERRITORY}
|
|
||||||
L = ${CA_LOCATION}
|
|
||||||
O = ${CA_ORGNAME}
|
|
||||||
|
|
||||||
[v3_ca]
|
|
||||||
subjectKeyIdentifier = hash
|
|
||||||
basicConstraints = critical,CA:TRUE
|
|
||||||
keyUsage = cRLSign, keyCertSign
|
|
||||||
nameConstraints = permitted;DNS:272254864.xyz
|
|
||||||
|
|
@ -1,17 +1,11 @@
|
||||||
#!/usr/bin/fish
|
#!/usr/bin/fish
|
||||||
|
|
||||||
# setup vars
|
set dist_name "/C=US/ST=No/L=No/O=self-cert/CN=self-cert"
|
||||||
envsubst <CA.cnf.base >CA.cnf
|
envsubst <local_cert.cnf.base >local_cert.cnf
|
||||||
|
|
||||||
# gen CA Root
|
openssl req -x509 -nodes -newkey RSA:2048 -keyout self_ca.key -days 999 -out self_ca.crt -subj $dist_name
|
||||||
openssl genpkey -algorithm RSA -out self_ca.key -pkeyopt rsa_keygen_bits:4096
|
|
||||||
openssl req -new -key self_ca.key -out ca.csr -extensions v3_ca -config CA.cnf
|
|
||||||
openssl x509 -req -sha256 -days 365 -in ca.csr -signkey self_ca.key -extfile CA.cnf -out self_ca.crt -extensions v3_ca
|
|
||||||
|
|
||||||
# gen cert
|
openssl req -nodes -newkey RSA:2048 -keyout local.key -out local.csr -subj $dist_name
|
||||||
openssl genpkey -algorithm RSA -out local.key -pkeyopt rsa_keygen_bits:2048
|
openssl x509 -req -CA self_ca.crt -CAkey self_ca.key -in local.csr -out local.crt -days 999 -CAcreateserial -extfile local_cert.cnf
|
||||||
openssl req -new -key local.key -extensions v3_ca -out local.csr -config local_cert.cnf
|
|
||||||
openssl x509 -req -sha256 -days 365 -in local.csr -CAkey self_ca.key -CA self_ca.crt -out local.crt -extfile local_cert.cnf -extensions v3_ca
|
|
||||||
|
|
||||||
# cleanup
|
rm local.csr local_cert.cnf self_ca.key self_ca.srl
|
||||||
rm self_ca.key ca.csr local.csr CA.cnf
|
|
||||||
|
|
|
||||||
|
|
@ -1,22 +0,0 @@
|
||||||
[ req ]
|
|
||||||
default_bits = 2048
|
|
||||||
|
|
||||||
prompt = no
|
|
||||||
distinguished_name = req_distinguished_name
|
|
||||||
req_extensions = v3_req
|
|
||||||
|
|
||||||
[req_distinguished_name]
|
|
||||||
countryName = PK
|
|
||||||
stateOrProvinceName = Sindh
|
|
||||||
localityName = Karachi
|
|
||||||
commonName = 272254864.xyz
|
|
||||||
|
|
||||||
[v3_req]
|
|
||||||
basicConstraints = CA:true
|
|
||||||
subjectKeyIdentifier = hash
|
|
||||||
keyUsage = digitalSignature, keyEncipherment
|
|
||||||
extendedKeyUsage = serverAuth, clientAuth
|
|
||||||
subjectAltName = @alt_names
|
|
||||||
|
|
||||||
[alt_names]
|
|
||||||
DNS.1 = *.272254864.xyz
|
|
||||||
5
basic_configs/ssl/local_cert.cnf.base
Normal file
5
basic_configs/ssl/local_cert.cnf.base
Normal file
|
|
@ -0,0 +1,5 @@
|
||||||
|
subjectAltName = DNS:*.$DOMAIN, DNS:$DOMAIN
|
||||||
|
authorityKeyIdentifier = keyid, issuer
|
||||||
|
basicConstraints = CA:FALSE
|
||||||
|
keyUsage = digitalSignature, keyEncipherment
|
||||||
|
extendedKeyUsage = serverAuth
|
||||||
Loading…
Reference in a new issue