software:openssl:internalca:overview
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revision | |||
| software:openssl:internalca:overview [2025/10/25 03:07] – ↷ Page moved from software:openssl:overview to software:openssl:internalca:overview rodolico | software:openssl:internalca:overview [2025/10/25 03:25] (current) – rodolico | ||
|---|---|---|---|
| Line 5: | Line 5: | ||
| ===== Flow ===== | ===== Flow ===== | ||
| - | - Generate private key for Certificate of Authority (CA), encrypted (-des3) | + | |
| - | - Generate Public Certificate for CA using //openssl req -x509//. Use long -days parameter (like 10 years) | + | |
| - | - Copy/import public portion (.crt) of the CA to all consumers of the server certificates, | + | - Generate Public Certificate for CA using //openssl req -x509//. Use long -days parameter (like 10 years) |
| - | - for each server/ | + | - [[software: |
| + | - for each server/ | ||
| - Generate new private key, if needed | - Generate new private key, if needed | ||
| - Generate Certficate Signing Request (csr) using -days somewhere between 30 and 365 days | - Generate Certficate Signing Request (csr) using -days somewhere between 30 and 365 days | ||
| - Generate Server Certificate combining private key, CSR and signing with CA | - Generate Server Certificate combining private key, CSR and signing with CA | ||
| - Combine .key and .crt files into .pem | - Combine .key and .crt files into .pem | ||
| - | - Copy .key, .crt and .pem to server and configure/ | + | - Copy .key, .crt and .pem to server and configure/ |
| - Test | - Test | ||
| - Prior to Server Certificate expiry | - Prior to Server Certificate expiry | ||
software/openssl/internalca/overview.txt · Last modified: 2025/10/25 03:25 by rodolico