| Back | Main view
Generating self-signed certificate for IMiS ARChive servers using OpenSSL
Product: | IMiS/ARChive |
Release: | All |
Date: | 05/21/2020 |
Case:
When server is accessed trough TLS (Transport Layer Security), server needs its own certificate to represent itself during TLS handshake. One way to achieve this is generation of self-signed certificate using OpenSSL.
Description:
Next bash script represents one way to generate self-signed certificate using OpenSSL:
#!/bin/bash
#
# Certificate subject
#
CERTIFICATE_SUBJECT="/CN=server-name.example.com/OU=Servers/O=IMiS\/ARChive Storage Servers/C=US"
#
# Certificate key output
#
CERTIFICATE_KEYOUT="/opt/IS/imisarc/cert.key"
#
# Certificate output
#
CERTIFICATE_OUT="/opt/IS/imisarc/cert.crt"
#
# Example of openssl.cnf:
#
# [req]
# req_extensions = v3_req
# distinguished_name = req_distinguished_name
#
# [req_distinguished_name]
#
# [ v3_req ]
# # Extensions to add to a certificate request
# basicConstraints = CA:FALSE
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
#
# # SAN extension
# [SAN]
# subjectAltName=DNS:server-name.example.com,DNS:server-name,DNS:example.com,IP:127.0.0.1,IP:192.168.1.10,IP:::1
#
#
# Path to openssl.cnf
#
OPENSSL_CONF="/tmp/openssl.cnf"
#
# Creates 2k RSA key with sha256 hash, SAN extension and 10 year validity
#
openssl req -subj "$CERTIFICATE_SUBJECT" -new -newkey rsa:2048 -sha256 -days 3653 -nodes -x509 -keyout "$CERTIFICATE_KEYOUT" -out "$CERTIFICATE_OUT" -reqexts SAN -extensions SAN -config "$OPENSSL_CONF"
Related Documents:
https://www.openssl.org/docs/faq.html
https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl
| Back | Main view