Openssl Operations: Difference between revisions
Jump to navigation
Jump to search
Line 13: | Line 13: | ||
This is the procedure to generate a [[Public_Key_Security#Key_Pair|public/private key pair]]. The keys can be further used to generate [[Public_Key_Security#Certificate|digitally signed certificates]], or even to configure ssh, though ssh has [[Ssh_Configure_Public/Private_Key_Authentication#Create_the_OpenSSH_Private.2FPublic_Key_Pair|its own procedure to generate key pairs]]. | This is the procedure to generate a [[Public_Key_Security#Key_Pair|public/private key pair]]. The keys can be further used to generate [[Public_Key_Security#Certificate|digitally signed certificates]], or even to configure ssh, though ssh has [[Ssh_Configure_Public/Private_Key_Authentication#Create_the_OpenSSH_Private.2FPublic_Key_Pair|its own procedure to generate key pairs]]. | ||
openssl genrsa|gendsa -out <''keyfile-name''>. | openssl genrsa|gendsa -out <''keyfile-name''>.pem <''key-lenght''> | ||
openssl genrsa -out test. | openssl genrsa -out test-pk.pem 2048 | ||
The command generates a RSA/DSA key of specified length, by default in [[Public_Key_Security#PEM|PEM]] format. | The command generates a RSA/DSA key of specified length, by default in [[Public_Key_Security#PEM|PEM]] format. |
Revision as of 02:30, 8 April 2018
External
Internal
Generate a Self-Signed Certificate
TODO: https://home.feodorov.com:9443/wiki/Wiki.jsp?page=GenerationOfASelfSignedCertificateWithOpenssl
Generate a Public/Private Key Pair
This is the procedure to generate a public/private key pair. The keys can be further used to generate digitally signed certificates, or even to configure ssh, though ssh has its own procedure to generate key pairs.
openssl genrsa|gendsa -out <keyfile-name>.pem <key-lenght>
openssl genrsa -out test-pk.pem 2048
The command generates a RSA/DSA key of specified length, by default in PEM format.
Obtain a Server Certificate
openssl s_client -connect nexus-cicd.apps.openshift.novaordis.io:443
The response includes the server's certificate:
[...] Certificate chain 0 s:/CN=*.apps.openshift.novaordis.io [...] --- Server certificate -----BEGIN CERTIFICATE----- MIIDRTCCAi2gAwIBAgIBEjANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu [...] 65vqsz8NTtde1vJ5qW31Af0pO9YehiSRfA== -----END CERTIFICATE----- subject=/CN=*.apps.openshift.novaordis.io [...]