Created
July 11, 2013 15:26
-
-
Save hilbix/5976455 to your computer and use it in GitHub Desktop.
Root CA certificate which can be imported into Firefox
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # see http://www.identityblog.com/?p=645 | |
| dir = . | |
| [ ca ] | |
| default_ca = CA_default | |
| [ CA_default ] | |
| serial = $dir/serial | |
| database = $dir/certindex.txt | |
| new_certs_dir = $dir/certs | |
| certificate = $dir/cacert.pem | |
| private_key = $dir/private/cakey.pem | |
| default_days = 1000 | |
| default_md = md5 | |
| preserve = no | |
| email_in_dn = no | |
| nameopt = default_ca | |
| certopt = default_ca | |
| policy = policy_match | |
| x509_extensions = v3_ca | |
| [ policy_match ] | |
| countryName = match | |
| stateOrProvinceName = match | |
| organizationName = match | |
| organizationalUnitName = optional | |
| commonName = supplied | |
| emailAddress = optional | |
| [ req ] | |
| default_bits = 1024 | |
| default_keyfile = key.pem | |
| default_md = md5 | |
| string_mask = nombstr | |
| distinguished_name = req_DN | |
| x509_extensions = v3_ca | |
| req_extensions = v3_req | |
| [ v3_ca ] | |
| basicConstraints = CA:TRUE | |
| subjectKeyIdentifier = hash | |
| authorityKeyIdentifier = keyid,issuer:always | |
| [ v3_req ] | |
| basicConstraints = CA:TRUE | |
| subjectKeyIdentifier = hash | |
| [ req_DN ] | |
| organizationName = Organization Name (company) | |
| organizationalUnitName = Organizational Unit Name (department, division) | |
| localityName = Locality Name (city, district) | |
| stateOrProvinceName = State or Province Name (full name) | |
| countryName = Country Name (2 letter code) | |
| countryName_min = 2 | |
| countryName_max = 2 | |
| commonName = hostname (no http://) | |
| commonName_max = 64 | |
| # Here enter your defaults: | |
| organizationName_default = | |
| organizationalUnitName_default = | |
| localityName_default = | |
| stateOrProvinceName_default = | |
| countryName_default = | |
| commonName_default = My lonely private root CA | |
| emailAddress_default = |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| subjectAltName=IP:0.0.0.0,DNS:example.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # see http://www.synology-wiki.de/index.php/Generierung_eines_eigenen_SSL-Zertifikats | |
| openssl genrsa -out ca.key 1024 | |
| openssl req -config ca.config -new -key ca.key -out ca.csr | |
| openssl x509 -days 3650 -signkey ca.key -in ca.csr -req -out ca.crt | |
| openssl genrsa -out server.key 1024 | |
| openssl req -config server.config -new -key server.key -out server.csr | |
| #openssl x509 -days 3650 -CA ca.crt -CAkey ca.key -set_serial 01 -in server.csr -req -extfile extfile.cnf -out server.crt | |
| openssl x509 -days 3650 -CA ca.crt -CAkey ca.key -set_serial 01 -in server.csr -req -out server.crt | |
| # Copy ca.crt to some webpage | |
| # Open the URL (ending on .crt) | |
| # FF is able to imports the Cert this way |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # see http://www.identityblog.com/?p=645 | |
| dir = . | |
| [ ca ] | |
| default_ca = CA_default | |
| [ CA_default ] | |
| serial = $dir/serial | |
| database = $dir/certindex.txt | |
| new_certs_dir = $dir/certs | |
| certificate = $dir/cacert.pem | |
| private_key = $dir/private/cakey.pem | |
| default_days = 365 | |
| default_md = md5 | |
| preserve = no | |
| email_in_dn = no | |
| nameopt = default_ca | |
| certopt = default_ca | |
| policy = policy_match | |
| x509_extensions = v3_ca | |
| [ policy_match ] | |
| countryName = match | |
| stateOrProvinceName = match | |
| organizationName = match | |
| organizationalUnitName = optional | |
| commonName = supplied | |
| emailAddress = optional | |
| [ req ] | |
| default_bits = 1024 | |
| default_keyfile = key.pem | |
| default_md = md5 | |
| string_mask = nombstr | |
| distinguished_name = req_DN | |
| x509_extensions = v3_ca | |
| req_extensions = v3_req | |
| [ v3_ca ] | |
| basicConstraints = CA:FALSE | |
| subjectKeyIdentifier = hash | |
| authorityKeyIdentifier = keyid,issuer:always | |
| keyUsage = digitalSignature, keyEncipherment | |
| extendedKeyUsage = serverAuth, clientAuth | |
| [ v3_req ] | |
| basicConstraints = CA:FALSE | |
| subjectKeyIdentifier = hash | |
| [ req_DN ] | |
| 0.organizationName = Organization Name (company) | |
| organizationalUnitName = Organizational Unit Name (department, division) | |
| localityName = Locality Name (city, district) | |
| stateOrProvinceName = State or Province Name (full name) | |
| countryName = Country Name (2 letter code) | |
| countryName_min = 2 | |
| countryName_max = 2 | |
| commonName = hostname (no http://) | |
| commonName_max = 64 | |
| # Here enter your defaults: | |
| 0.organizationName_default = | |
| organizationalUnitName_default = | |
| localityName_default = | |
| stateOrProvinceName_default = | |
| countryName_default = | |
| commonName_default = *.example.com | |
| emailAddress_default = |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Easier method see http://permalink.de/tino/easy-rsa