mirror of
https://github.com/ryan4yin/nix-config.git
synced 2026-01-11 20:40:24 +01:00
20 lines
990 B
Bash
20 lines
990 B
Bash
# 1. generate the private key for the CA root certificate
|
|
openssl ecparam -genkey -name secp384r1 -out ecc-ca.key
|
|
# 2. generate the CA root certificate with the private key
|
|
# with the validity period of 10 years
|
|
openssl req -x509 -new -SHA512 -key ecc-ca.key -subj "/CN=Ryan4Yin's Root CA 1" -days 3650 -out ecc-ca.crt
|
|
|
|
# 3. generate the private key for the server certificate
|
|
openssl ecparam -genkey -name secp384r1 -out ecc-server.key
|
|
# 4. generate the certificate signing request (CSR) for the server certificate
|
|
# using the private key and the configuration file ecc-csr.conf
|
|
openssl req -new -SHA512 -key ecc-server.key -out ecc-server.csr -config ecc-csr.conf
|
|
# 5. sign the server certificate with the CA root certificate
|
|
openssl x509 -req -SHA512 -in ecc-server.csr -CA ecc-ca.crt -CAkey ecc-ca.key \
|
|
-CAcreateserial -out ecc-server.crt -days 3650 \
|
|
-extensions v3_ext -extfile ecc-csr.conf
|
|
|
|
openssl x509 -noout -text -in ecc-ca.crt
|
|
openssl x509 -noout -text -in ecc-server.crt
|
|
|