new examples

master
Denis Knauf 2018-11-19 17:15:19 +01:00
parent 7c3c5eb895
commit 522977424d
1 changed files with 28 additions and 19 deletions

View File

@ -1,7 +1,7 @@
Making SSL-Certificates
=======================
Creates keys and certificate requests via openssl.
Creates keys and certificate requests via gnutls.
It tries to keep files, if there exist. But if you change one file,
files which depend on it, will be recreated by this program.
@ -11,8 +11,9 @@ Install
Dependencies
------------
You need GNU-make and openssl. sslmake is a Makefile, so you really need make!
You need GNU-make and gnutls-bin. sslmake is a Makefile, so you really need make!
apt install make gnutls-bin
Install
-------
@ -21,18 +22,22 @@ First clone this git-repository. Or download only sslmake.
YOu only need to copy it to a directory, which found in your $PATH.
install --owner root --group root --mode 0755 -t /usr/local/bin sslmake
install --owner root --group root --mode 0755 -t /usr/local/bin sslmake-gnutls
or simple:
make install
But it's possible to run sslmake local, so, you do not need any install.
./sslmake exmaple.cnf
./sslmake exmaple.csr
Howto
=====
All files will be replaced, if files which it depends on, are newer.
For example, if you create the `example.key`, and you run `sslmake example.csr`,
For example, if you create the `host.example.net.key`, and you run `sslmake host.example.net.csr`,
your CSR will be replaced be a new. But if your CSR is newer than the KEY,
it will not replace your CSR.
@ -44,23 +49,27 @@ Renewing and removing will follow in 'Second Use'.
* Create the config:
sslmake example.cnf
cat > host.example.net.cfg <<EOF
cn = host.example.net
dns_name = host.example.net
dns_name = additional.example.net.cfg
tls_www_server
This will copy `/etc/ssl/openssl.cnf` to local directory.
Now you edit this file and you can do next step.
Important are commonName_default and so on.
If you do not know the openssl.cnf, you should read a openssl-howto
about `openssl.cnf`.
* Create the KEY:
sslmake exmaple.key
It will create a key-file example.key with a 4096 bit strong rsa.
organization = "Example Inc."
unit = "NOC"
state = "Example"
country = Ex
signing_key
encryption_key
EOF
* Create the CSR:
sslmake example.csr
sslmake host.example.net.csr
This will use `example.cnf` as configfile and creates a key and the csr
This will use `host.example.net.csr` as configfile and creates a key and the csr
if didn't exists. Everything in one step.
* Perfect Forward Secrecy
sslmake host.example.net.dh