Openssl Operations: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 17: Line 17:
  openssl genrsa -out test-pk.pem 2048
  openssl genrsa -out test-pk.pem 2048


The command generates a RSA/DSA key of specified length, by default in [[Public_Key_Security#PEM|PEM]] format, which is preferred.
The command generates a RSA/DSA key of specified length in [[Public_Key_Security#PEM|PEM]] format.


=Obtain a Server Certificate=
=Obtain a Server Certificate=

Revision as of 02:37, 8 April 2018

External

Internal

Generate a Self-Signed Certificate

TODO: https://home.feodorov.com:9443/wiki/Wiki.jsp?page=GenerationOfASelfSignedCertificateWithOpenssl

Generate a Public/Private Key Pair

This is the procedure to generate a public/private key pair. The keys can be further used to generate digitally signed certificates, or even to configure ssh, though ssh has its own procedure to generate key pairs. 

openssl genrsa|gendsa -out <keyfile-name>.pem <key-lenght>

openssl genrsa -out test-pk.pem 2048

The command generates a RSA/DSA key of specified length in PEM format.

Obtain a Server Certificate

openssl s_client -connect nexus-cicd.apps.openshift.novaordis.io:443

The response includes the server's certificate: 

[...]
Certificate chain
 0 s:/CN=*.apps.openshift.novaordis.io
[...]
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDRTCCAi2gAwIBAgIBEjANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu
[...]
65vqsz8NTtde1vJ5qW31Af0pO9YehiSRfA==
-----END CERTIFICATE-----
subject=/CN=*.apps.openshift.novaordis.io
[...]
Retrieved from "https://kb.novaordis.com/index.php?title=Openssl_Operations&oldid=40337"