https://github.com/syncom/create-pki
Sample script to create a PKI for TLS server authentication, with openssl
https://github.com/syncom/create-pki
Last synced: about 1 year ago
JSON representation
Sample script to create a PKI for TLS server authentication, with openssl
- Host: GitHub
- URL: https://github.com/syncom/create-pki
- Owner: syncom
- License: other
- Created: 2017-02-15T01:34:45.000Z (about 9 years ago)
- Default Branch: master
- Last Pushed: 2017-10-28T08:28:09.000Z (over 8 years ago)
- Last Synced: 2025-01-07T22:13:17.925Z (about 1 year ago)
- Language: Shell
- Size: 5.86 KB
- Stars: 0
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# create-pki: a simple script demonstrating how to create a public-key infrastructure for a TLS server
# Dependency
The script has been tested on Ubuntu (e.g., 16.04 LTS), and requires
OpenSSL be installed. To install OpenSSL on Ubuntu,
```
sudo apt-get install openssl
```
# How to generate a PKI
* Modify the configuration template file `openssl.conf` as needed.
* Run `./create_pki.sh` to generate a TLS server certificate. Enter requested
information when prompted.
* To add a subjectAltName, in [openssl.cnf](./openssl.cnf), under the `[
v3_req]` section, uncomment the line
```
subjectAltName = DNS:
```
and replace the `` with your SAN.
# How to test the server certificate
## Server-side test
Run
```
openssl s_server \
-CAfile TestCA/cacert.pem \
-cert TestCA/server/example.com.cert.pem \
-key TestCA/server/example.com.key
```
If everything is OK, expect to see
```
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
```
## Client-side test
In another shell, try
```
openssl s_client
```