Difference between revisions of "TLS"

From Vague Hope Wiki
Jump to: navigation, search
(Created page with "== Examine == <pre> openssl x509 -text -in client.pem openssl rsa -text -in client.pem openssl crl -text -in cacrl.pem </pre>")
 
Line 4: Line 4:
 
openssl rsa -text -in client.pem
 
openssl rsa -text -in client.pem
 
openssl crl -text -in cacrl.pem
 
openssl crl -text -in cacrl.pem
 +
</pre>
 +
 +
== demoCA ==
 +
<pre>
 +
/usr/lib/ssl/misc/CA.sh -newca
 +
/usr/lib/ssl/misc/CA.sh -newreq
 +
/usr/lib/ssl/misc/CA.sh -sign
 +
openssl pkcs12 -export -in ca/cacert.pem -inkey ca/private/cakey.pem -out file.p12 -name "Client Certificate"
 +
echo 01 > demoCA/crlnumber
 +
openssl ca -revoke client.pem -keyfile demoCA/private/cakey.pem -cert demoCA/cacert.pem
 +
openssl ca -gencrl -keyfile demoCA/private/cakey.pem -cert demoCA/cacert.pem -out cacrl.pem -crldays 30
 
</pre>
 
</pre>

Revision as of 11:32, 24 April 2012

Examine

openssl x509 -text -in client.pem
openssl rsa -text -in client.pem
openssl crl -text -in cacrl.pem

demoCA

/usr/lib/ssl/misc/CA.sh -newca
/usr/lib/ssl/misc/CA.sh -newreq
/usr/lib/ssl/misc/CA.sh -sign
openssl pkcs12 -export -in ca/cacert.pem -inkey ca/private/cakey.pem -out file.p12 -name "Client Certificate"
echo 01 > demoCA/crlnumber
openssl ca -revoke client.pem -keyfile demoCA/private/cakey.pem -cert demoCA/cacert.pem
openssl ca -gencrl -keyfile demoCA/private/cakey.pem -cert demoCA/cacert.pem -out cacrl.pem -crldays 30