What configuration did you use when creating the example TLS certificates for bfe? #939

curiosport · 2022-01-09T22:47:13Z

curiosport
Jan 9, 2022

Following the openssl commands in this tutorial:
https://www.bfe-networks.net/en_us/example/client_auth/#configuration-steps

What configuration did you use between those commands?, I could not find in the source code the configuration and commands you used to create your example certificate, I know that the configuration varies a lot between projects, I just want to give me a general idea in these steps, I would appreciate if you can give me that information, thanks in advance.

Answered by curiosport

Jan 12, 2022

This is the way I managed to replicate it, any corrections would be appreciated.

In an empty folder create the following three files:

root.cnf

# OpenSSL configuration for Root CA

[ req ]
prompt             = no
string_mask        = default

# The size of the keys in bits:
default_bits       = 2048
distinguished_name = req_distinguished_name
x509_extensions    = x509_ext

[ req_distinguished_name ]
commonName = example.org

[ x509_ext ]
extendedKeyUsage = clientAuth, serverAuth
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid
basicConstraints=CA:true

server.cnf

# OpenSSL configuration for end-entity cert

[ req ]
prompt             = no
string_mask        = default

default_bi…

View full answer

curiosport · 2022-01-12T02:13:38Z

curiosport
Jan 12, 2022
Author

This is the way I managed to replicate it, any corrections would be appreciated.

In an empty folder create the following three files:

root.cnf

# OpenSSL configuration for Root CA

[ req ]
prompt             = no
string_mask        = default

# The size of the keys in bits:
default_bits       = 2048
distinguished_name = req_distinguished_name
x509_extensions    = x509_ext

[ req_distinguished_name ]
commonName = example.org

[ x509_ext ]
extendedKeyUsage = clientAuth, serverAuth
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid
basicConstraints=CA:true

server.cnf

# OpenSSL configuration for end-entity cert

[ req ]
prompt             = no
string_mask        = default

default_bits       = 2048
distinguished_name = req_distinguished_name

x509_extensions    = x509_ext

[ req_distinguished_name ]
commonName = example.org

[ x509_ext ]
extendedKeyUsage = clientAuth, serverAuth
authorityKeyIdentifier = keyid
subjectKeyIdentifier = hash

subjectAltName = @alt_names

[alt_names]
DNS.1 = example.org
IP.1 = 127.0.0.1

openssl.cnf

[server]
extendedKeyUsage = clientAuth, serverAuth

authorityKeyIdentifier = keyid
subjectKeyIdentifier = hash

And finally I execute these commands in that order:

openssl genrsa -out example_ca.key 2048
openssl req -new -x509 -days 365 -key example_ca.key -out example_ca.crt -config root.cnf
	
openssl genrsa -out example.key 2048
openssl req -new -out example.csr -key example.key -config server.cnf
	
openssl x509 -req -in example.csr -out example.crt -CA example_ca.crt -CAkey example_ca.key -CAcreateserial -days 365 -extfile openssl.cnf -extensions server

What I did is to replicate the configuration files that are in the "certs" and "client_ca" folder of this link:
https://github.com/bfenetworks/bfe/tree/develop/conf/tls_conf

Note: Change the values according to your project. In the root.cnf file, the CN value must not be a URL.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

BFE Open Source Project

What configuration did you use when creating the example TLS certificates for bfe? #939

{{title}}

Replies: 1 comment

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Select a reply

BFE Open Source Project

What configuration did you use when creating the example TLS certificates for bfe? #939

curiosport Jan 9, 2022

Replies: 1 comment

curiosport Jan 12, 2022 Author

curiosport
Jan 9, 2022

curiosport
Jan 12, 2022
Author