openssl req -noout -text -in server.csr
openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr
openssl req -noout -text -in server.csr
openssl x509 -in client.crt -noout -text
openssl verify -CAfile /etc/pki/tls/certs/ca-bundle.crt ./file.crt ./file.crt: OU = Go to https://www.thawte.com/repository/index.html, OU = Thawte SSL123 certificate, OU = Domain Validated, CN = domain.de error 20 at 0 depth lookup:unable to get local issuer certificate
openssl verify -CAfile /etc/pki/tls/certs/ca-bundle.crt -untrusted ./domain_ca.crt ./file.crt ./file.crt: OK
openssl x509 -noout -modulus -in diskette.debian-hell.org.crt | openssl md5 baa75012877490f93f114130c0a01547
openssl rsa -noout -modulus -in diskette.debian-hell.org.key | openssl md5 baa75012877490f93f114130c0a01547
user@box:~$ openssl s_client -connect home.debian-hell.org:443 | openssl x509 -noout -enddate depth=1 /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA verify error:num=20:unable to get local issuer certificate verify return:0 notAfter=Mar 21 10:41:36 2014 GMT
Anlegen der CA:
# -des3 versieht den Key mit einem Passwort openssl genrsa -des3 -out ca.key 4096 # 10 Jahre Laufzeit (3650 Tage) openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
CSR erstellen:
# -des3 versieht den Key mit einem Passwort openssl genrsa -des3 -out fu.debian-hell.org.key 4096 openssl req -new -key fu.debian-hell.org.key -out fu.debian-hell.org.csr
Zertifikat mit der CA signieren:
openssl x509 -req -days 3650 -in fu.debian-hell.org.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out fu.debian-hell.org.crt