new examples
This commit is contained in:
Denis Knauf
parent
7c3c5eb895
commit
522977424d
47
README.md
47
README.md
|
|
@ -1,7 +1,7 @@
|
|||
Making SSL-Certificates
|
||||
=======================
|
||||
|
||||
Creates keys and certificate requests via openssl.
|
||||
Creates keys and certificate requests via gnutls.
|
||||
It tries to keep files, if there exist. But if you change one file,
|
||||
files which depend on it, will be recreated by this program.
|
||||
|
||||
|
|
@ -11,8 +11,9 @@ Install
|
|||
Dependencies
|
||||
------------
|
||||
|
||||
You need GNU-make and openssl. sslmake is a Makefile, so you really need make!
|
||||
You need GNU-make and gnutls-bin. sslmake is a Makefile, so you really need make!
|
||||
|
||||
apt install make gnutls-bin
|
||||
|
||||
Install
|
||||
-------
|
||||
|
|
@ -21,18 +22,22 @@ First clone this git-repository. Or download only sslmake.
|
|||
|
||||
YOu only need to copy it to a directory, which found in your $PATH.
|
||||
|
||||
install --owner root --group root --mode 0755 -t /usr/local/bin sslmake
|
||||
install --owner root --group root --mode 0755 -t /usr/local/bin sslmake-gnutls
|
||||
|
||||
or simple:
|
||||
|
||||
make install
|
||||
|
||||
But it's possible to run sslmake local, so, you do not need any install.
|
||||
|
||||
./sslmake exmaple.cnf
|
||||
./sslmake exmaple.csr
|
||||
|
||||
|
||||
Howto
|
||||
=====
|
||||
|
||||
All files will be replaced, if files which it depends on, are newer.
|
||||
For example, if you create the `example.key`, and you run `sslmake example.csr`,
|
||||
For example, if you create the `host.example.net.key`, and you run `sslmake host.example.net.csr`,
|
||||
your CSR will be replaced be a new. But if your CSR is newer than the KEY,
|
||||
it will not replace your CSR.
|
||||
|
||||
|
|
@ -44,23 +49,27 @@ Renewing and removing will follow in 'Second Use'.
|
|||
|
||||
* Create the config:
|
||||
|
||||
sslmake example.cnf
|
||||
cat > host.example.net.cfg <<EOF
|
||||
cn = host.example.net
|
||||
dns_name = host.example.net
|
||||
dns_name = additional.example.net.cfg
|
||||
tls_www_server
|
||||
|
||||
This will copy `/etc/ssl/openssl.cnf` to local directory.
|
||||
Now you edit this file and you can do next step.
|
||||
Important are commonName_default and so on.
|
||||
If you do not know the openssl.cnf, you should read a openssl-howto
|
||||
about `openssl.cnf`.
|
||||
|
||||
* Create the KEY:
|
||||
|
||||
sslmake exmaple.key
|
||||
|
||||
It will create a key-file example.key with a 4096 bit strong rsa.
|
||||
organization = "Example Inc."
|
||||
unit = "NOC"
|
||||
state = "Example"
|
||||
country = Ex
|
||||
signing_key
|
||||
encryption_key
|
||||
EOF
|
||||
|
||||
* Create the CSR:
|
||||
|
||||
sslmake example.csr
|
||||
sslmake host.example.net.csr
|
||||
|
||||
This will use `example.cnf` as configfile and creates a key and the csr
|
||||
This will use `host.example.net.csr` as configfile and creates a key and the csr
|
||||
if didn't exists. Everything in one step.
|
||||
|
||||
* Perfect Forward Secrecy
|
||||
|
||||
sslmake host.example.net.dh
|
||||
|
|
|
|||
Loading…
Reference in a new issue