Generar un certificado SSL PEM autofirmado (incluyendo generar el CA)
(NOTA: esto es para generar un certificado autofirmnado, si se quiere uno firmado por uiharu, seguir el howto http://3.0.1.46:8000/HowTo/383)Con Información de aquí.
En uiharu, como root:
cd /src/debian8_i386 ./go.sh.root cd /tmp /usr/lib/ssl/misc/CA.sh -newca /usr/lib/ssl/misc/CA.sh -newreq /usr/lib/ssl/misc/CA.sh -sign
Con eso, deja un certificado en los siguiente ficheros:
uiharu:/src/debian8_i386/tmp/newkey.pem uiharu:/src/debian8_i386/tmp/newcert.pem
Y lo que se ha ido rellenando es lo siguiente:
metro@uiharu:/usr/lib/ssl/misc$ cd /tmp/
metro@uiharu:/tmp$ rm -rf demoCA/
metro@uiharu:/tmp$ /usr/lib/ssl/misc/CA.sh -newca
CA certificate filename (or enter to create)
Making CA certificate ...
Generating a 2048 bit RSA private key
....+++
...........+++
writing new private key to './demoCA/private/./cakey.pem'
Enter PEM pass phrase:pass
Verifying - Enter PEM pass phrase:pass
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:ES
State or Province Name (full name) [Some-State]:Madrid
Locality Name (eg, city) []:Madrid
Organization Name (eg, company) [Internet Widgits Pty Ltd]:SICOSOFT
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:servvent.metro.local
Email Address []:dariorodriguez@sicosoft.es
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /usr/lib/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/./cakey.pem:
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number:
e8:9f:51:8a:7d:ca:92:f2
Validity
Not Before: Feb 16 10:35:47 2022 GMT
Not After : Feb 15 10:35:47 2025 GMT
Subject:
countryName = ES
stateOrProvinceName = Madrid
organizationName = SICOSOFT
organizationalUnitName = IT
commonName = servvent.metro.local
emailAddress = dariorodriguez@sicosoft.es
X509v3 extensions:
X509v3 Subject Key Identifier:
10:0B:08:53:F9:A9:27:93:4F:40:C4:2B:47:F4:64:72:0C:34:1D:B6
X509v3 Authority Key Identifier:
keyid:10:0B:08:53:F9:A9:27:93:4F:40:C4:2B:47:F4:64:72:0C:34:1D:B6
X509v3 Basic Constraints:
CA:TRUE
Certificate is to be certified until Feb 15 10:35:47 2025 GMT (1095 days)
Write out database with 1 new entries
Data Base Updated
metro@uiharu:/tmp$ /usr/lib/ssl/misc/CA.sh -newreq
Generating a 2048 bit RSA private key
....................................................................................................................................................................................................+++
..................................................................+++
writing new private key to 'newkey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:pass
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:ES
State or Province Name (full name) [Some-State]:Madrid
Locality Name (eg, city) []:Madrid
Organization Name (eg, company) [Internet Widgits Pty Ltd]:SICOSOFT
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:servvent.metro.local
Email Address []:dariorodriguez@sicosoft.es
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:pass
An optional company name []:pass
Request is in newreq.pem, private key is in newkey.pem
metro@uiharu:/tmp$ /usr/lib/ssl/misc/CA.sh -sign
Using configuration from /usr/lib/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem:
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number:
e8:9f:51:8a:7d:ca:92:f3
Validity
Not Before: Feb 16 10:39:23 2022 GMT
Not After : Feb 16 10:39:23 2023 GMT
Subject:
countryName = ES
stateOrProvinceName = Madrid
localityName = Madrid
organizationName = SICOSOFT
organizationalUnitName = IT
commonName = servvent.metro.local
emailAddress = dariorodriguez@sicosoft.es
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
B1:4D:38:8C:B1:0C:7A:C6:EB:16:1B:B9:D0:A2:00:FE:D2:42:00:22
X509v3 Authority Key Identifier:
keyid:10:0B:08:53:F9:A9:27:93:4F:40:C4:2B:47:F4:64:72:0C:34:1D:B6
Certificate is to be certified until Feb 16 10:39:23 2023 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
e8:9f:51:8a:7d:ca:92:f3
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=ES, ST=Madrid, O=SICOSOFT, OU=IT, CN=servvent.metro.local/emailAddress=dariorodriguez@sicosoft.es
Validity
Not Before: Feb 16 10:39:23 2022 GMT
Not After : Feb 16 10:39:23 2023 GMT
Subject: C=ES, ST=Madrid, L=Madrid, O=SICOSOFT, OU=IT, CN=servvent.metro.local/emailAddress=dariorodriguez@sicosoft.es
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:95:c9:29:98:01:69:15:2f:7a:3e:7a:a5:af:25:
7d:6a:63:e6:31:fc:f2:e0:7a:4d:c3:ec:b7:2d:fe:
8f:b3:b1:f6:c7:1a:17:91:14:54:5e:48:dd:67:cf:
93:b4:1c:0e:12:cb:de:f4:8c:c0:80:52:dd:5a:96:
40:98:e9:f4:49:fd:39:ff:a6:e0:ef:95:62:65:96:
2b:91:62:c7:3b:31:2a:fc:ac:36:73:50:81:7d:ad:
61:17:f6:0e:9e:9d:dc:d7:4f:ab:f5:dd:14:7e:91:
54:8b:1b:d7:a2:91:cc:e6:78:c3:99:94:c7:20:27:
01:ce:99:7d:f1:80:f3:cf:80:0f:dd:ba:1e:ee:45:
e7:c4:6a:f1:a2:32:03:91:1b:26:71:8c:1b:9b:ea:
5b:a7:bc:d5:7b:0c:ff:fc:95:0b:13:f4:30:f0:2c:
92:2e:9b:a1:90:68:19:56:77:7b:06:d5:b8:2c:ce:
26:ab:87:34:99:9a:20:91:b5:73:d4:2d:32:fc:59:
cc:f2:c2:d0:dc:31:75:fe:d2:53:78:bb:61:50:e2:
e2:f3:4e:8f:0f:ac:3e:4f:97:87:06:5c:0f:6c:93:
ef:4e:8b:f7:58:9e:0d:a4:91:3a:bc:98:8c:af:fa:
a7:09:58:ef:4c:bd:04:12:b9:20:51:af:a0:c0:a0:
09:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
B1:4D:38:8C:B1:0C:7A:C6:EB:16:1B:B9:D0:A2:00:FE:D2:42:00:22
X509v3 Authority Key Identifier:
keyid:10:0B:08:53:F9:A9:27:93:4F:40:C4:2B:47:F4:64:72:0C:34:1D:B6
Signature Algorithm: sha256WithRSAEncryption
28:20:36:12:68:2a:63:a8:09:d6:e5:4c:64:df:1c:c4:ca:a5:
9c:c1:85:53:07:a7:8d:db:d3:3f:0a:85:a7:f4:92:13:60:60:
07:9b:cf:1d:ff:fb:5b:58:87:eb:91:96:8d:58:43:37:c8:91:
05:cb:d8:2e:46:f9:b1:64:57:f4:2e:08:8d:71:6a:08:4c:2b:
3c:88:46:5c:1d:2f:65:90:ae:2a:be:fd:7b:e2:f2:5a:8f:40:
04:92:8a:97:7b:bd:25:25:f9:86:fc:1f:00:06:87:10:b7:88:
2d:3b:f7:bf:4f:1e:2f:ab:d4:a8:79:59:a3:b5:46:19:d1:3f:
0e:e3:e0:e6:65:96:9d:d4:a4:ae:14:e8:84:88:fe:65:e8:93:
c1:df:f4:dd:8c:2f:db:86:72:4f:be:4e:40:56:a0:f7:d3:3b:
ef:46:21:25:d7:01:2d:fe:e9:e4:89:b5:92:cb:0f:2a:74:b4:
14:2b:b0:88:a6:80:2e:05:6e:2a:01:52:3d:be:c9:09:99:a1:
9e:0c:f1:7c:93:82:73:6d:8c:de:9e:2b:08:00:9f:93:9e:70:
78:bc:75:a6:7c:7c:d2:91:ca:4e:de:79:5b:8f:b1:b6:a4:b8:
f8:b3:ff:87:8d:44:1c:1b:77:44:9f:3b:27:89:9a:1e:23:d6:
8a:31:95:56
-----BEGIN CERTIFICATE-----
MIIEITCCAwmgAwIBAgIJAOifUYp9ypLzMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYD
VQQGEwJFUzEPMA0GA1UECAwGTWFkcmlkMREwDwYDVQQKDAhTSUNPU09GVDELMAkG
A1UECwwCSVQxHTAbBgNVBAMMFHNlcnZ2ZW50Lm1ldHJvLmxvY2FsMSkwJwYJKoZI
hvcNAQkBFhpkYXJpb3JvZHJpZ3VlekBzaWNvc29mdC5lczAeFw0yMjAyMTYxMDM5
MjNaFw0yMzAyMTYxMDM5MjNaMIGZMQswCQYDVQQGEwJFUzEPMA0GA1UECAwGTWFk
cmlkMQ8wDQYDVQQHDAZNYWRyaWQxETAPBgNVBAoMCFNJQ09TT0ZUMQswCQYDVQQL
DAJJVDEdMBsGA1UEAwwUc2VydnZlbnQubWV0cm8ubG9jYWwxKTAnBgkqhkiG9w0B
CQEWGmRhcmlvcm9kcmlndWV6QHNpY29zb2Z0LmVzMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAlckpmAFpFS96PnqlryV9amPmMfzy4HpNw+y3Lf6Ps7H2
xxoXkRRUXkjdZ8+TtBwOEsve9IzAgFLdWpZAmOn0Sf05/6bg75ViZZYrkWLHOzEq
/Kw2c1CBfa1hF/YOnp3c10+r9d0UfpFUixvXopHM5njDmZTHICcBzpl98YDzz4AP
3boe7kXnxGrxojIDkRsmcYwbm+pbp7zVewz//JULE/Qw8CySLpuhkGgZVnd7BtW4
LM4mq4c0mZogkbVz1C0y/FnM8sLQ3DF1/tJTeLthUOLi806PD6w+T5eHBlwPbJPv
Tov3WJ4NpJE6vJiMr/qnCVjvTL0EErkgUa+gwKAJwwIDAQABo3sweTAJBgNVHRME
AjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0
ZTAdBgNVHQ4EFgQUsU04jLEMesbrFhu50KIA/tJCACIwHwYDVR0jBBgwFoAUEAsI
U/mpJ5NPQMQrR/Rkcgw0HbYwDQYJKoZIhvcNAQELBQADggEBACggNhJoKmOoCdbl
TGTfHMTKpZzBhVMHp43b0z8Khaf0khNgYAebzx3/+1tYh+uRlo1YQzfIkQXL2C5G
+bFkV/QuCI1xaghMKzyIRlwdL2WQriq+/Xvi8lqPQASSipd7vSUl+Yb8HwAGhxC3
iC07979PHi+r1Kh5WaO1RhnRPw7j4OZllp3UpK4U6ISI/mXok8Hf9N2ML9uGck++
TkBWoPfTO+9GISXXAS3+6eSJtZLLDyp0tBQrsIimgC4FbioBUj2+yQmZoZ4M8XyT
gnNtjN6eKwgAn5OecHi8daZ8fNKRyk7eeVuPsbakuPiz/4eNRBwbd0SfOyeJmh4j
1ooxlVY=
-----END CERTIFICATE-----
Signed certificate is in newcert.pem
metro@uiharu:/tmp$