initial commit

author: Jakob Odersky <jodersky@gmail.com> 2015-04-22 15:06:49 +0200
committer: Jakob Odersky <jodersky@gmail.com> 2015-04-22 15:24:00 +0200
commit: f79ee0e3999dfd04af306aced213f20b7f8e0904 (patch)
tree: ff9be23960cce44544a90bee37124d0cdcd2f60d /ssl/manual-procedure.txt
download: security-f79ee0e3999dfd04af306aced213f20b7f8e0904.tar.gz
security-f79ee0e3999dfd04af306aced213f20b7f8e0904.tar.bz2
security-f79ee0e3999dfd04af306aced213f20b7f8e0904.zip
1 files changed, 25 insertions, 0 deletions
diff --git a/ssl/manual-procedure.txt b/ssl/manual-procedure.txt
new file mode 100644
index 0000000..a0d0c55
--- /dev/null
+++ b/ssl/manual-procedure.txt
@@ -0,0 +1,25 @@
+Root certificate
+================
+
+1) generate private key
+openssl genpkey -algorithm RSA -out root.key.pem -pkeyopt rsa_keygen_bits:4096 -aes-256-cbc
+
+2) create root certificate signing request
+openssl req -new -key root.key.pem -out root.req.pem
+
+3) self-sign root certificate request
+openssl x509 -req -in root.req.pem -extfile openssl.cnf -extensions v3_ca -days 3650 -signkey root.key.pem -out root.cert.pem
+        
+
+Server certificate
+==================
+
+1) generate private key, same procedure as root
+
+2) create certificate signing request
+openssl req -new -key server.key.pem -out server.req.pem
+
+3) sign certificate
+openssl x509 -req -in server.req.pem -extfile openssl.cnf -extensions v3_usr -CA root.cert.pem -CAkey root.key.pem -CAcreateserial
+
+
author	Jakob Odersky <jodersky@gmail.com>	2015-04-22 15:06:49 +0200
committer	Jakob Odersky <jodersky@gmail.com>	2015-04-22 15:24:00 +0200
commit	f79ee0e3999dfd04af306aced213f20b7f8e0904 (patch)
tree	ff9be23960cce44544a90bee37124d0cdcd2f60d /ssl/manual-procedure.txt
download	security-f79ee0e3999dfd04af306aced213f20b7f8e0904.tar.gz security-f79ee0e3999dfd04af306aced213f20b7f8e0904.tar.bz2 security-f79ee0e3999dfd04af306aced213f20b7f8e0904.zip