cfssl Usage Demo

Workflows

CA: generate own cert

cfssl gencert -initca ca-csr.json | cfssljson -bare ca -

server: generate own CSR

cfssl genkey server.json | cfssljson -bare server

CA: sign server's CSR

cfssl sign -config=ca-config.json -profile=server -csr=server.csr -ca=ca.pem -ca-key=ca-key.pem | cfssljson -bare server

client+CA: generate client's CSR & sign client's CSR

cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=client client.json | cfssljson -bare client

Viewing

PEM key

openssl rsa -in ca-key.pem -text

PEM cert

openssl x509 -in ca.pem -text

Conversions

PEM cert to DER

openssl x509 -in ca.pem -inform PEM -out ca.crt -outform DER

PEM key+cert to PKCS12

openssl pkcs12 -export -out client-key.pfx -inkey client-key.pem -in client.pem

Notes

Do not issue certificates for 'localhost'.
Do not issue certificates for '127.0.0.1'.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

cfssl Usage Demo

Workflows

CA: generate own cert

server: generate own CSR

CA: sign server's CSR

client+CA: generate client's CSR & sign client's CSR

Viewing

PEM key

PEM cert

Conversions

PEM cert to DER

PEM key+cert to PKCS12

Notes

About

Releases

Packages

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
README.md		README.md
ca-config.json		ca-config.json
ca-csr.json		ca-csr.json
client.json		client.json
server.json		server.json

membrane/cfssl-example

Folders and files

Latest commit

History

Repository files navigation

cfssl Usage Demo

Workflows

CA: generate own cert

server: generate own CSR

CA: sign server's CSR

client+CA: generate client's CSR & sign client's CSR

Viewing

PEM key

PEM cert

Conversions

PEM cert to DER

PEM key+cert to PKCS12

Notes

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Packages