On 4 mrt. 2013, at 08:47, ashish2881 <ashish2...@gmail.com> wrote:
> Hi ,
> I want to create a certificate chain ( self signed root ca
> cert+intermediate cert + server-cert).
> Please let me know openssl commands and the configuration required to create
> root-ca ,intermediate cert signed by root-ca and server cert signed by
> intermediate cert .
Try below.
Dw.
# SHA512 testcase -- all 3 layers.
#
LEN=${LEN:-2048}
# create a root.
openssl req -new -x509 -nodes -out ca.crt -keyout ca.key -subj /CN=DaRoot
-newkey rsa:$LEN -sha512 || exit 1
# create an intermediate & sign
openssl req -new -nodes -out ca-int.req -keyout ca-int.key -subj
/CN=Zintermediate -newkey rsa:$LEN -sha512 || exit 1
openssl x509 -req -in ca-int.req -CAkey ca.key -CA ca.crt -days 20 -set_serial
$RANDOM -sha512 -out ca-int.crt || exit 1
# chain
#
cat ca.crt ca-int.crt > ca-all.crt
for who in alice bob charlie eve dave fred
do
# create a request
openssl req -new -out $who.req -keyout $who.key -nodes -newkey rsa:$LEN
-subj /CN=$who/emailAddress=$who-not-a-dog...@theinternet.com || exit 1
# sign the request
openssl x509 -req -in $who.req -CAkey ca-int.key -CA ca-int.crt -days
10 -set_serial $RANDOM -sha512 -out $who.crt || exit 1
# create some convenience formats
#
openssl x509 -in $who.crt -out $who.der -outform DER || exit 1
openssl pkcs12 -export -out $who.p12 -in $who.crt -inkey $who.key
-chain -CAfile ca-all.crt -password pass:$PASS || exit 1
done
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
