Openssl x509 -req -days 11499 -in localhost.csr -signkey localhost.key -out localhost.crt -extensions v3_ca -extfile openssl. Signature Algorithm: sha256WithRSAEncryption Openssl req -in localhost.csr -text -noout Certificate Request: Openssl req -new -out localhost.csr -key localhost.key -config openssl.cnf Openssl req -x509 -new -out localhost.crt -key localhost.key -config openssl.cnf -days 11499 -nodes -extensions v3_ca -sha256 Thankfully OpenSSL provides a config parameter, so the generation of a certificate without password prompts can be done easier and in a more readable and reliable way: Personally I don't like the top answer by providing loads of parameters, it's hard to read. Using the -subj flag you can specify the subject (example is above). See PASS PHRASE ARGUMENTS in the openssl(1) man page for how to format the arg. You could also use the -passout arg flag. The -nodes flag signals to not encrypt the key, thus you do not need a password. Specifically addressing your questions and to be more explicit about exactly which options are in effect: Export a PKCS12 file with data from a certificate PEM file and from a. out All of the openssl subcommands have their own man page. Create a PKCS12 file from a PEM file that may contain a key and certificates: openssl pkcs12 -export -in file.pem -out file.p12 -name 'My PSE' Include some extra certificates: openssl pkcs12 -export -in file.pem -out file.p12 -name 'My PSE' \ -certfile othercerts.pem. subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=\ One step self-signed password-less certificate generation: You can supply all of that information on the command line. Edit: This is by far my most popular answer, and it's been a few years on now so I've added an ECDSA variant.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |