![]() X509_extensions = ca_extensions # The extensions to add to the certĮmail_in_dn = no # Don't concat the email in the DNĬopy_extensions = copy # Required to copy SANs from CSR to certĭistinguished_name = ca_distinguished_nameĬountryName = Country Name (2 letter code) And both assume you have a an OpenSSL configuration file already setup for both CAs and Server (end entity) certificates.įirst, create a basic configuration file: $ touch openssl-ca.cnfĭefault_ca = CA_default # The default ca sectionĭefault_days = 365 # How long to certify forĭefault_crl_days = 30 # How long before next CRLĭefault_md = sha256 # Use public key default MD ![]() Both of the two commands elide the two steps into one. First you set up your CA, and then you sign an end entity certificate (a.k.a server or user). You are missing the prelude to those commands.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |