Openssl Operations: Difference between revisions
Jump to navigation
Jump to search
Line 6: | Line 6: | ||
=Generate a Public/Private Key Pair= | =Generate a Public/Private Key Pair= | ||
==Generate the Private Key== | |||
This is the procedure to generate a [[Public_Key_Security#Key_Pair|public/private key pair]]. The keys can be further used to generate [[Public_Key_Security#Certificate|digitally signed certificates]], or even to configure ssh, though ssh has [[Ssh_Configure_Public/Private_Key_Authentication#Create_the_OpenSSH_Private.2FPublic_Key_Pair|its own procedure to generate key pairs]], which produces equivalent keys in the same [[Public_Key_Security#PEM|PEM]] format. | This is the procedure to generate a [[Public_Key_Security#Key_Pair|public/private key pair]]. The keys can be further used to generate [[Public_Key_Security#Certificate|digitally signed certificates]], or even to configure ssh, though ssh has [[Ssh_Configure_Public/Private_Key_Authentication#Create_the_OpenSSH_Private.2FPublic_Key_Pair|its own procedure to generate key pairs]], which produces equivalent keys in the same [[Public_Key_Security#PEM|PEM]] format. | ||
Line 14: | Line 16: | ||
The command generates a RSA/DSA key of specified length in [[Public_Key_Security#PEM|PEM]] format. | The command generates a RSA/DSA key of specified length in [[Public_Key_Security#PEM|PEM]] format. | ||
==Generate the Matching Public Key== | |||
=Generate a Self-Signed Certificate= | =Generate a Self-Signed Certificate= |
Revision as of 03:10, 8 April 2018
External
Internal
Generate a Public/Private Key Pair
Generate the Private Key
This is the procedure to generate a public/private key pair. The keys can be further used to generate digitally signed certificates, or even to configure ssh, though ssh has its own procedure to generate key pairs, which produces equivalent keys in the same PEM format.
openssl genrsa|gendsa -out <keyfile-name>.pem <key-lenght>
openssl genrsa -out test-pk.pem 2048
The command generates a RSA/DSA key of specified length in PEM format.
Generate the Matching Public Key
Generate a Self-Signed Certificate
Create a Certificate Signing Request (CSR)
Obtain a Server Certificate
openssl s_client -connect nexus-cicd.apps.openshift.novaordis.io:443
The response includes the server's certificate:
[...] Certificate chain 0 s:/CN=*.apps.openshift.novaordis.io [...] --- Server certificate -----BEGIN CERTIFICATE----- MIIDRTCCAi2gAwIBAgIBEjANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu [...] 65vqsz8NTtde1vJ5qW31Af0pO9YehiSRfA== -----END CERTIFICATE----- subject=/CN=*.apps.openshift.novaordis.io [...]