{"id":52,"date":"2015-01-16T19:49:36","date_gmt":"2015-01-16T18:49:36","guid":{"rendered":"http:\/\/xv6.de\/?page_id=52"},"modified":"2019-10-17T09:36:07","modified_gmt":"2019-10-17T08:36:07","slug":"openssl-configuration","status":"publish","type":"page","link":"http:\/\/xv6.de\/?page_id=52","title":{"rendered":"OpenSSL Configuration"},"content":{"rendered":"

A configuration file is required to define the basic operation of OpenSSL. It is possible to use the system config file or a configuration file may be specified on the command line while working with OpenSSL commands. The later approach was chosen. Next step is the creation of a basic OpenSSL configuration file that will be used to create the certificates.<\/p>\n

    \n
  1. Create a file openssl.cnf
    \n$ touch openssl.cnf<\/code><\/li>\n
  2. Edit the created configuration file and add some content
    \nHOME = \/srv\/pki<\/p>\n

    [ ca ]
    \ndefault_ca = CA-default<\/p>\n

    [ CA-default ]
    \ndir = $HOME\/CA-root
    \nRANDFILE = $HOME\/.rand
    \ndatabase = $dir\/index.txt
    \nserial = $dir\/serial
    \nprivate_key=$dir\/ca.key
    \ncertificate = $dir\/ca.crt
    \nnew_certs_dir = $dir\/new_certs
    \ncerts = $dir\/certs
    \npolicy = policy_match_root
    \nx509_extensions = extension_root_cert<\/p>\n

    [ policy_match_root ]
    \ncountryName = optional
    \nstateOrProvinceName = optional
    \norganizationName = optional
    \norganizationalUnitName = optional
    \ncommonName = supplied
    \nemailAddress = optional<\/p>\n

    [ extension_root_cert ]
    \nbasicConstraints = CA:true
    \nsubjectKeyIdentifier = hash
    \nauthorityKeyIdentifier = keyid,issuer:always<\/p>\n

    <\/code><\/code><\/li>\n

  3. Create a rand file .rnd<\/em>
    \n$ openssl rand -out .rnd -base64 2048
    \n<\/code><\/li>\n
  4. Create Diffie hellman parameter file dh2048<\/em>
    \n$ openssl dhparam -out dh2048.pem 2048
    \n<\/code><\/li>\n
  5. Create private key and selfsigned certificate for the Root CA
    \n$ openssl req -new -x509 -config openssl.cnf -days 3650 -set_serial 0 -newkey rsa:2048 -out CA-root\/ca.crt -keyout CA-root\/ca.key
    \n<\/code><\/li>\n
  6. View the Root CA certificate created in the previous step
    \n$ openssl x509 -in CA-root\/ca.crt -noout -text
    \n<\/code><\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"

    A configuration file is required to define the basic operation of OpenSSL. It is possible to use the system config file or a configuration file may be specified on the command line while working with OpenSSL commands. The later approach was chosen. Next step is the creation of a basic OpenSSL configuration file that will … Continue reading OpenSSL Configuration<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":19,"menu_order":0,"comment_status":"closed","ping_status":"open","template":"","meta":{"footnotes":""},"class_list":["post-52","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"http:\/\/xv6.de\/index.php?rest_route=\/wp\/v2\/pages\/52","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/xv6.de\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"http:\/\/xv6.de\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"http:\/\/xv6.de\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/xv6.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=52"}],"version-history":[{"count":8,"href":"http:\/\/xv6.de\/index.php?rest_route=\/wp\/v2\/pages\/52\/revisions"}],"predecessor-version":[{"id":144,"href":"http:\/\/xv6.de\/index.php?rest_route=\/wp\/v2\/pages\/52\/revisions\/144"}],"up":[{"embeddable":true,"href":"http:\/\/xv6.de\/index.php?rest_route=\/wp\/v2\/pages\/19"}],"wp:attachment":[{"href":"http:\/\/xv6.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=52"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}