cordis/server-test/ssl/create.txt

40 lines
1.2 KiB
Plaintext

--
-- NOTE: Make sure to answer 'localhost' as the FQDN
-- (or the proper FQDN)
-- Otherwise, socket.io will reject the connection
--
Option 1:
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout server.key -out server.crt
Option 2:
openssl genrsa -out key.pem
openssl req -new -key key.pem -out csr.pem
openssl x509 -req -days 9999 -in csr.pem -signkey key.pem -out cert.pem
rm csr.pem
Option 3: With Certificate Authorities
Gen Root CA Key
openssl genrsa -out root-ca.key 4096 -nodes
Gen Root CA Certificate (self-signed)
openssl req -x509 -new -nodes -key root-ca.key -sha256 -days 1024 -out root-ca.crt
Gen Server Certificate Key
openssl genrsa -out server.key 2048 -nodes
Gen Server CSR (signing request)
openssl req -new -key server.key -out server.csr
(optional) Verify CSR Content
openssl req -in server.csr -noout -text
Sign the Server CSR to make Server Certificate
openssl x509 -req -in server.csr -CA root-ca.crt -CAkey root-ca.key -CAcreateserial -out server.crt -days 365 -sha256
Verify Server Certificate Content
openssl x509 -in server.crt -text -noout
Note: Using -nodes means no des -> no password protection on keys