https://github.com/membrane/cfssl-example
https://github.com/membrane/cfssl-example
Last synced: 5 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/membrane/cfssl-example
- Owner: membrane
- Created: 2021-06-25T08:26:33.000Z (almost 5 years ago)
- Default Branch: main
- Last Pushed: 2021-06-25T08:37:19.000Z (almost 5 years ago)
- Last Synced: 2025-07-04T22:43:56.259Z (12 months ago)
- Size: 1.95 KB
- Stars: 0
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# cfssl Usage Demo
## Workflows
### CA: generate own cert
```
cfssl gencert -initca ca-csr.json | cfssljson -bare ca -
```
### server: generate own CSR
```
cfssl genkey server.json | cfssljson -bare server
```
### CA: sign server's CSR
```
cfssl sign -config=ca-config.json -profile=server -csr=server.csr -ca=ca.pem -ca-key=ca-key.pem | cfssljson -bare server
```
### client+CA: generate client's CSR & sign client's CSR
```
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=client client.json | cfssljson -bare client
```
## Viewing
### PEM key
```
openssl rsa -in ca-key.pem -text
```
### PEM cert
```
openssl x509 -in ca.pem -text
```
## Conversions
### PEM cert to DER
```
openssl x509 -in ca.pem -inform PEM -out ca.crt -outform DER
```
### PEM key+cert to PKCS12
```
openssl pkcs12 -export -out client-key.pfx -inkey client-key.pem -in client.pem
```
## Notes
* Do not issue certificates for 'localhost'.
* Do not issue certificates for '127.0.0.1'.