search

mylamour / blog

Your internal mediocrity is the moment when you lost the faith of being excellent. Just do it.
https://fz.cool
62 stars 14 forks source link

【CA】How to build your own Certificate Authority #74

Open mylamour opened 4 years ago

mylamour commented 4 years ago

image

With Vault

Actually, i don't want repeat it again. so, please follow this documents: https://learn.hashicorp.com/vault/secrets-management/sm-pki-engine

You have three choices:

  1. GUI
  2. API
  3. CLI

And finally, you would see that:

Screen Shot 2020-03-21 at 2 06 13 PM Screen Shot 2020-03-21 at 2 08 51 PM Screen Shot 2020-03-21 at 2 11 51 PM

With Openssl

$ openssl genrsa -des3 -out rootCA.key 4096
$ openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.crt
$ openssl genrsa -out 91sec.vip.key 2048
$ openssl req -new -key 91sec.vip.key -out 91sec.vip.csr
$ openssl x509 -req -in 91sec.vip.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out 91sec.vip.crt -days 500 -sha256
Screen Shot 2020-03-21 at 2 24 14 PM Screen Shot 2020-03-21 at 2 25 51 PM Screen Shot 2020-03-21 at 2 49 16 PM

Resources