new examples
This commit is contained in:
Denis Knauf
parent
7c3c5eb895
commit
522977424d
47
README.md
47
README.md
|
|
@ -1,7 +1,7 @@
|
||||||
Making SSL-Certificates
|
Making SSL-Certificates
|
||||||
=======================
|
=======================
|
||||||
|
|
||||||
Creates keys and certificate requests via openssl.
|
Creates keys and certificate requests via gnutls.
|
||||||
It tries to keep files, if there exist. But if you change one file,
|
It tries to keep files, if there exist. But if you change one file,
|
||||||
files which depend on it, will be recreated by this program.
|
files which depend on it, will be recreated by this program.
|
||||||
|
|
||||||
|
|
@ -11,8 +11,9 @@ Install
|
||||||
Dependencies
|
Dependencies
|
||||||
------------
|
------------
|
||||||
|
|
||||||
You need GNU-make and openssl. sslmake is a Makefile, so you really need make!
|
You need GNU-make and gnutls-bin. sslmake is a Makefile, so you really need make!
|
||||||
|
|
||||||
|
apt install make gnutls-bin
|
||||||
|
|
||||||
Install
|
Install
|
||||||
-------
|
-------
|
||||||
|
|
@ -21,18 +22,22 @@ First clone this git-repository. Or download only sslmake.
|
||||||
|
|
||||||
YOu only need to copy it to a directory, which found in your $PATH.
|
YOu only need to copy it to a directory, which found in your $PATH.
|
||||||
|
|
||||||
install --owner root --group root --mode 0755 -t /usr/local/bin sslmake
|
install --owner root --group root --mode 0755 -t /usr/local/bin sslmake-gnutls
|
||||||
|
|
||||||
|
or simple:
|
||||||
|
|
||||||
|
make install
|
||||||
|
|
||||||
But it's possible to run sslmake local, so, you do not need any install.
|
But it's possible to run sslmake local, so, you do not need any install.
|
||||||
|
|
||||||
./sslmake exmaple.cnf
|
./sslmake exmaple.csr
|
||||||
|
|
||||||
|
|
||||||
Howto
|
Howto
|
||||||
=====
|
=====
|
||||||
|
|
||||||
All files will be replaced, if files which it depends on, are newer.
|
All files will be replaced, if files which it depends on, are newer.
|
||||||
For example, if you create the `example.key`, and you run `sslmake example.csr`,
|
For example, if you create the `host.example.net.key`, and you run `sslmake host.example.net.csr`,
|
||||||
your CSR will be replaced be a new. But if your CSR is newer than the KEY,
|
your CSR will be replaced be a new. But if your CSR is newer than the KEY,
|
||||||
it will not replace your CSR.
|
it will not replace your CSR.
|
||||||
|
|
||||||
|
|
@ -44,23 +49,27 @@ Renewing and removing will follow in 'Second Use'.
|
||||||
|
|
||||||
* Create the config:
|
* Create the config:
|
||||||
|
|
||||||
sslmake example.cnf
|
cat > host.example.net.cfg <<EOF
|
||||||
|
cn = host.example.net
|
||||||
|
dns_name = host.example.net
|
||||||
|
dns_name = additional.example.net.cfg
|
||||||
|
tls_www_server
|
||||||
|
|
||||||
This will copy `/etc/ssl/openssl.cnf` to local directory.
|
organization = "Example Inc."
|
||||||
Now you edit this file and you can do next step.
|
unit = "NOC"
|
||||||
Important are commonName_default and so on.
|
state = "Example"
|
||||||
If you do not know the openssl.cnf, you should read a openssl-howto
|
country = Ex
|
||||||
about `openssl.cnf`.
|
signing_key
|
||||||
|
encryption_key
|
||||||
* Create the KEY:
|
EOF
|
||||||
|
|
||||||
sslmake exmaple.key
|
|
||||||
|
|
||||||
It will create a key-file example.key with a 4096 bit strong rsa.
|
|
||||||
|
|
||||||
* Create the CSR:
|
* Create the CSR:
|
||||||
|
|
||||||
sslmake example.csr
|
sslmake host.example.net.csr
|
||||||
|
|
||||||
This will use `example.cnf` as configfile and creates a key and the csr
|
This will use `host.example.net.csr` as configfile and creates a key and the csr
|
||||||
if didn't exists. Everything in one step.
|
if didn't exists. Everything in one step.
|
||||||
|
|
||||||
|
* Perfect Forward Secrecy
|
||||||
|
|
||||||
|
sslmake host.example.net.dh
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue