Console-tool for creating ssl-key/-csr(/-crt) and -pem.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
Denis Knauf af8f37dbe2 new examples 4 years ago
.gitignore ignore any keys, certs, reqs... install-section in readme 10 years ago
Makefile %.dh for generating diffie-hellmann-params added. sslmake BITS=1234 (default 4096) added. 5 years ago
README.md new examples 4 years ago
sslmake-gnutls fix bits (4069->4096) 4 years ago
sslmake-openssl %.dh for generating diffie-hellmann-params added. sslmake BITS=1234 (default 4096) added. 5 years ago
template.cfg http://gnutls.org/manual/html_node/certtool-Invocation.html template added 9 years ago

README.md

Making SSL-Certificates

Creates keys and certificate requests via gnutls. It tries to keep files, if there exist. But if you change one file, files which depend on it, will be recreated by this program.

Install

Dependencies

You need GNU-make and gnutls-bin. sslmake is a Makefile, so you really need make!

apt install make gnutls-bin

Install

First clone this git-repository. Or download only sslmake.

YOu only need to copy it to a directory, which found in your $PATH.

install --owner root --group root --mode 0755 -t /usr/local/bin sslmake-gnutls

or simple:

make install

But it's possible to run sslmake local, so, you do not need any install.

./sslmake exmaple.csr

Howto

All files will be replaced, if files which it depends on, are newer. For example, if you create the host.example.net.key, and you run sslmake host.example.net.csr, your CSR will be replaced be a new. But if your CSR is newer than the KEY, it will not replace your CSR.

First Use

If you creates something a first time, then you are alright here. Renewing and removing will follow in 'Second Use'.

  • Create the config:

      cat > host.example.net.cfg <<EOF
      cn = host.example.net
      dns_name = host.example.net
      dns_name = additional.example.net.cfg
      tls_www_server
    
      organization = "Example Inc."
      unit = "NOC"
      state = "Example"
      country = Ex
      signing_key
      encryption_key
      EOF
    
  • Create the CSR:

      sslmake host.example.net.csr
    

    This will use host.example.net.cfg as configfile and creates a key (if needed) and the csr if didn't exists. Everything in one step.

  • Perfect Forward Secrecy

      sslmake host.example.net.dh