OpenSSL

OpenSSL

Selfsigned Certificate

$ openssl req -x509 -newkey rsa:4096 -keyout server.key -nodes -out server.crt -days 365 -subj '/CN=doma.in'

Create CA and sign cert

$ openssl genrsa -out ca.key 4096
$ openssl req -new -x509 -key ca.key -out ca.crt -subj "/CN=ca"
$ openssl genrsa -out test.key 4096
$ openssl req -new -key test.key -out test.csr -subj "/CN=test.site"
$ openssl x509 -req -in test.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out test.crt

Create Certificate Request with SAN

Works with openssl >= 1.1.1

$ openssl req -new -nodes -sha256 -subj "/CN=host.name" \
      -addext "subjectAltName = DNS:host.name,DNS:another.host.name,IP:10.10.10.10" \
      -newkey rsa:4096 -keyout server.key -out server.csr

Create Self-Signed Certificate Request with SAN

Works with openssl >= 1.1.1

$ openssl req -x509 -nodes -sha256 -subj "/CN=host.name" \
      -addext "subjectAltName = DNS:host.name,DNS:another.host.name,IP:10.10.10.10" \
      -newkey rsa:4096 -keyout server.key -out server.crt

CA Zertifikate zum Trust hinzufügen

Rocky Linux 9

Um eine CA als Trust dem Betriebssystem hinzuzufügen wird die CA - Datei im Verzeichnis /etc/pki/ca-trusted/source/anchors hinzugefügt und über den Befehl update-ca-trust eingebunden.

Beispiel für die MyLinuxTime CA:

cat >/etc/pki/ca-trusted/source/anchors/mylinuxtime-ca.pem <<HERE
-----BEGIN CERTIFICATE-----
MIIF8jCCA9qgAwIBAgIJAMG9bSijnHU1MA0GCSqGSIb3DQEBCwUAMIGFMQswCQYD
VQQGEwJERTEMMAoGA1UECAwDTlJXMRMwEQYDVQQHDApPYmVyaGF1c2VuMRQwEgYD
VQQKDAtNeUxpbnV4VGltZTEcMBoGA1UEAwwTTXlMaW51eFRpbWUgUm9vdCBDQTEf
MB0GCSqGSIb3DQEJARYQQ2hyaXN0aUBuLUhlcy5zZTAeFw0xODA1MTUxMTU4Mzha
Fw0zODA1MTAxMTU4MzhaMIGFMQswCQYDVQQGEwJERTEMMAoGA1UECAwDTlJXMRMw
EQYDVQQHDApPYmVyaGF1c2VuMRQwEgYDVQQKDAtNeUxpbnV4VGltZTEcMBoGA1UE
AwwTTXlMaW51eFRpbWUgUm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQQ2hyaXN0aUBu
LUhlcy5zZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOzna6+tq2N7
+tXv/eTYIj+YZYsCbMiR4xHhNq6kICGt3LRxCXWLkZtLaxrBPuaKfhQGkUJtU0Hl
NwSgUQrd1pboLVkY9JgbO0d+j4HtkGzkCBh2Xan+EdDGmT8x6UGdg+9EFM3UHECv
ZHrdn6tcI3UBoFBtF5dDvMJECQFXaL4vNFrf/EkFbrlW6uuB7Z2w1YLB+zpBSLYm
C/GtnHddpXALff0k+4LnF/dX2Skws6BRf0nL1mJ86A2p5EI7zx9RxrcYKrdWk7jw
M/4HD5VzWS7WWu4tteGidCciIBA6mg+bOgNOirdT3PnYae6s2Ddjb1SDLklpU+/D
uPOO0CqwTtOyZ+3GznuU2N3jTcHbE0Bmjh+uCI7aB24RsGj9Zi+1mMCSz0zOKHEF
1CLn9mMwweGK3lzq+tlKWp6T7NI4I+Yv/4ZB92LvZW2PYr2jwgBdI2ymYdpequRe
hr4tBM871JRxlgnJYgS1xV8B789bR6Me/5vfl2L4eurbBSs6wEZZl2JIOTaW6aNv
1UvU9ns/4WOfSHHnd/yeZIDg0tS3jsgFOHG1cQzPc7U4p9IaKr45WHG9tE8mkkBp
v1TcagCR2yaLKK3u9Y/MdyxrjL7tPMkdLIBpSFAN1hROAw3bD8xpVNRhoP6gf8XW
Ot3ZbtpaaQ5GD3vqpn7Ra7dtDSV0DkTPAgMBAAGjYzBhMB0GA1UdDgQWBBTk0M1X
BsrGqkbCOIgAQm1TkhXhuTAfBgNVHSMEGDAWgBTk0M1XBsrGqkbCOIgAQm1TkhXh
uTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
AAOCAgEA6dypeAws8Bzs9hWS5Zk4iKcLPsbuKKAIBfqrtWG1QJybL9OFhwoAHk6D
xC31O5hP/KdiUaqSEAAXoy/V0K+iNHt+JSeYfKVRA/ZMqh02GR30kuyJnNemZS2m
Qel7/PfZBUbcHXun4ZJWYm+lXkQ/weDDRJ46TaYXGXDCk0nOuP17IUPZxWs5oT7d
axwx4oJo/rcbp0kURKEDnyK55AIbwD0l5cpSGaNvzl3ShuJrWm8EILKkcF8uUNmB
yKfGwXpdnc58vqEjc9PosBAveWUnT3ASwzEAcXZKyOn+afhIbCM4mzYzzppRIVE8
wz437rGvpAOZyH9kKvc/HAGaaYV1vKyQIH44ypwtFtsPou6GbhUDkuwd3Kjna1h/
d2ngscT7/ytgEUNB9lCCd2wLo6bGbYnblLToRhstW8eNbzMqEdfEwaYMRSJq6QV0
eiuNrU/r+92SibgmCG7UO3bWo4FILYYDaANB8VIMKzKgnFdDm0BjGgmzmBOCoIfV
RBQATFTe3K/do8VwE0pQ2SPs+o8d1hRQRmUonVdHpyPHU0TvmOi/9qJIpsLnhz85
wq6kQtvnL2Xp8f8HB5xFLoO9pUiCLYOhpc5rI1PkI9rR2etMu51ROC5VojE6jzRf
vG7ggGVksq0Mp7AH2MMVMnTsJufPzIDLTRp0OIiJ+bHS7RiPwUo=
-----END CERTIFICATE-----
HERE
update-ca-trust