brandon/oam
1
0
Fork 0
mirror of https://gitea.com/mcereda/oam.git synced 2026-02-09 13:44:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: imported knowledge from the private kb

Browse Source
This commit is contained in:
Michele Cereda
2023-04-22 14:19:57 +02:00
parent bf940d9a46
commit a6f4cdd825
1 changed files with 69 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
knowledge base/openssl.md
View File

@@ -1,14 +1,20 @@
# OpenSSL
1. [TL;DR](#tldr)
1. [Create a self signed certificate](#create-a-self-signed-certificate)
1. [Display the contents of a SSL certificate](#display-the-contents-of-a-ssl-certificate)
1. [Troubleshooting](#troubleshooting)
1. [Code 20: unable to get local issuer certificate](#code-20-unable-to-get-local-issuer-certificate)
1. [Code 21: unable to verify the first certificate](#code-21-unable-to-verify-the-first-certificate)
1. [Further readings](#further-readings)
1. [Sources](#sources)
## TL;DR
```sh
# Generate a pseudo-random password, encode it in base64 and print it out.
openssl rand -base64 18
# Check a certificate and return information about it.
openssl x509 -in 'certificate.crt' -text -noout
@@ -83,6 +89,52 @@ openssl verify -CAfile 'RootCert.pem' -untrusted 'Intermediate.pem' 'UserCert.pe
cat 'server.crt' 'intermediate1.crt' 'intermediateN.crt' 'rootca.crt'
```
## Create a self signed certificate
```sh
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
```
To make it **not** ask for a password, add the `-nodes` option.
To avoid answering the questions (for automation), add `-subj "/C=US/ST=Oregon/L=Portland/O=Company Name/OU=Org/CN=www.example.com"`:
```sh
$ openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes -subj "/C=NL/ST=Nederlands/L=Amsterdam/O=Mek Net/OU=Org/CN=mek.info"
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes -subj "/C=NL/ST=Nederlands/L=Amsterdam/O=Mek Net/OU=Org/CN=mek.info"
Generating a 4096 bit RSA private key
..............................................................................................................................................................................................................................++
...........................................................................................................................................................................++
writing new private key to 'key.pem'
-----
$ ls
key.pem cert.pem
```
## Display the contents of a SSL certificate
```sh
# if PEM formatted
$ openssl x509 -in cert.pem -text
# if DER formatted
$ openssl x509 -in cert.der -inform der -text
```
```txt
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
bc:ac:32:b7:cd:42:3f:e3:05:48:36:ed:84:fc:56:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bed8ecc9-ae31-40b9-bb27-448ec91dd6f4
Rq4HD9Ap8Ew1r9ttTeECig==
-----END CERTIFICATE-----
```
## Troubleshooting
### Code 20: unable to get local issuer certificate
@@ -127,15 +179,29 @@ This error is somewhat generic, and a previous error message might be telling mo
See [code 20](#code-20-unable-to-get-local-issuer-certificate).
## Sources
## Further readings
- [OpenSSL commands to check and verify your SSL certificate, key and CSR]
- [How to generate a self-signed SSL certificate using OpenSSL]
- [The most common OpenSSL commands]
- [Create a self signed certificate]
- [Display the contents of a SSL certificate]
## Sources
All the references in the [further readings] section, plus the following:
- [How to generate a self-signed SSL certificate using OpenSSL]
- [OpenSSL unable to verify the first certificate for Experian URL]
- [Verify certificate chain with OpenSSL]
<!-- -->
<!-- project's references -->
<!-- internal references -->
[further readings]: #further-readings
<!-- external references -->
[create a self signed certificate]: https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl#10176685
[display the contents of a ssl certificate]: https://support.qacafe.com/knowledge-base/how-do-i-display-the-contents-of-a-ssl-certificate/
[how to generate a self-signed ssl certificate using openssl]: https://stackoverflow.com/questions/10175812/how-to-generate-a-self-signed-ssl-certificate-using-openssl#10176685
[openssl commands to check and verify your ssl certificate, key and csr]: https://www.ibm.com/support/pages/openssl-commands-check-and-verify-your-ssl-certificate-key-and-csr
[openssl unable to verify the first certificate for experian url]: https://stackoverflow.com/questions/7587851/openssl-unable-to-verify-the-first-certificate-for-experian-url