2013-02-06 16:48:25 +01:00
|
|
|
Making SSL-Certificates
|
|
|
|
=======================
|
|
|
|
|
2018-11-19 17:15:19 +01:00
|
|
|
Creates keys and certificate requests via gnutls.
|
2013-02-06 16:48:25 +01:00
|
|
|
It tries to keep files, if there exist. But if you change one file,
|
|
|
|
files which depend on it, will be recreated by this program.
|
|
|
|
|
2013-02-06 16:56:06 +01:00
|
|
|
Install
|
|
|
|
=======
|
|
|
|
|
|
|
|
Dependencies
|
|
|
|
------------
|
|
|
|
|
2018-11-19 17:15:19 +01:00
|
|
|
You need GNU-make and gnutls-bin. sslmake is a Makefile, so you really need make!
|
2013-02-06 16:56:06 +01:00
|
|
|
|
2018-11-19 17:15:19 +01:00
|
|
|
apt install make gnutls-bin
|
2013-02-06 16:56:06 +01:00
|
|
|
|
|
|
|
Install
|
|
|
|
-------
|
|
|
|
|
|
|
|
First clone this git-repository. Or download only sslmake.
|
|
|
|
|
|
|
|
YOu only need to copy it to a directory, which found in your $PATH.
|
|
|
|
|
2018-11-19 17:15:19 +01:00
|
|
|
install --owner root --group root --mode 0755 -t /usr/local/bin sslmake-gnutls
|
|
|
|
|
|
|
|
or simple:
|
|
|
|
|
|
|
|
make install
|
2013-02-06 16:56:06 +01:00
|
|
|
|
|
|
|
But it's possible to run sslmake local, so, you do not need any install.
|
|
|
|
|
2018-11-19 17:15:19 +01:00
|
|
|
./sslmake exmaple.csr
|
2013-02-06 16:56:06 +01:00
|
|
|
|
|
|
|
|
2013-02-06 16:48:25 +01:00
|
|
|
Howto
|
|
|
|
=====
|
|
|
|
|
|
|
|
All files will be replaced, if files which it depends on, are newer.
|
2018-11-19 17:15:19 +01:00
|
|
|
For example, if you create the `host.example.net.key`, and you run `sslmake host.example.net.csr`,
|
2013-02-06 16:48:25 +01:00
|
|
|
your CSR will be replaced be a new. But if your CSR is newer than the KEY,
|
|
|
|
it will not replace your CSR.
|
|
|
|
|
|
|
|
First Use
|
|
|
|
---------
|
|
|
|
|
|
|
|
If you creates something a first time, then you are alright here.
|
|
|
|
Renewing and removing will follow in 'Second Use'.
|
|
|
|
|
|
|
|
* Create the config:
|
|
|
|
|
2018-11-19 17:15:19 +01:00
|
|
|
cat > host.example.net.cfg <<EOF
|
|
|
|
cn = host.example.net
|
|
|
|
dns_name = host.example.net
|
|
|
|
dns_name = additional.example.net.cfg
|
|
|
|
tls_www_server
|
2013-02-06 16:48:25 +01:00
|
|
|
|
2018-11-19 17:15:19 +01:00
|
|
|
organization = "Example Inc."
|
|
|
|
unit = "NOC"
|
|
|
|
state = "Example"
|
|
|
|
country = Ex
|
|
|
|
signing_key
|
|
|
|
encryption_key
|
|
|
|
EOF
|
2013-02-06 16:48:25 +01:00
|
|
|
|
|
|
|
* Create the CSR:
|
|
|
|
|
2018-11-19 17:15:19 +01:00
|
|
|
sslmake host.example.net.csr
|
2013-02-06 16:48:25 +01:00
|
|
|
|
2018-11-19 17:17:00 +01:00
|
|
|
This will use `host.example.net.cfg` as configfile and creates a key (if needed)
|
|
|
|
and the csr if didn't exists. Everything in one step.
|
2018-11-19 17:15:19 +01:00
|
|
|
|
|
|
|
* Perfect Forward Secrecy
|
|
|
|
|
|
|
|
sslmake host.example.net.dh
|