-
-
Notifications
You must be signed in to change notification settings - Fork 57
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #112 from ryan4yin/private-ca
feat: private ca
- Loading branch information
Showing
12 changed files
with
118 additions
and
22 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
*.key | ||
*.csr |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
# My Private PKI / CA | ||
|
||
This is my private Private Key Infrastructure (PKI) / Certificate Authority (CA) for my personal | ||
use. It is used to issue certificates for my own servers and services. | ||
|
||
All the private keys are ignored by git, and will be stored in my private secrets repo | ||
[../secrets](../secrets/) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
-----BEGIN CERTIFICATE----- | ||
MIIBajCB8QIJAIwL98is2nQPMAoGCCqGSM49BAMEMB8xHTAbBgNVBAMMFFJ5YW40 | ||
WWluJ3MgUm9vdCBDQSAxMB4XDTI0MDQwMzA4NDgzM1oXDTM0MDQwMTA4NDgzM1ow | ||
HzEdMBsGA1UEAwwUUnlhbjRZaW4ncyBSb290IENBIDEwdjAQBgcqhkjOPQIBBgUr | ||
gQQAIgNiAAQ6ixMbsGZ/u/ZnwzOZ49naVL7rQxm9C74SboGytKcYBH03JjC7tgZ3 | ||
DylirxSLcTYHHtCz9ajdamP6+sgiGVpUODtfGSO+WmS+gAbLjCS37T41bkUhkx88 | ||
JU4NsGhjPXcwCgYIKoZIzj0EAwQDaAAwZQIwDrGLSdO+p/1uywkzqzdM/OnZs8bp | ||
n60uBhUI7EZzDmrouOFeGx+dXYI5yy5AD/qDAjEA7fTQx+jccyOj4dimq1iU9+71 | ||
e/gWYg0rexfy/+9dQY6kvwMzv8Lnm6URaRMbE1Q/ | ||
-----END CERTIFICATE----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
C050420A8E5A3C1E |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
[ req ] | ||
prompt = no | ||
req_extensions = v3_ext | ||
distinguished_name = req_distinguished_name | ||
|
||
[ req_distinguished_name ] | ||
countryName = US | ||
stateOrProvinceName = NYK | ||
localityName = NYK | ||
organizationName = Ryan4Yin | ||
organizationalUnitName = Ryan4Yin | ||
commonName = writefor.fun # deprecated, use subjectAltName(SAN) instead | ||
emailAddress = [email protected] | ||
|
||
[ alt_names ] | ||
DNS.1 = writefor.fun | ||
DNS.2 = *.writefor.fun | ||
|
||
[ v3_ext ] | ||
subjectAltName=@alt_names | ||
basicConstraints = CA:false | ||
extendedKeyUsage = serverAuth |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
-----BEGIN CERTIFICATE----- | ||
MIICKTCCAa6gAwIBAgIJAMBQQgqOWjweMAoGCCqGSM49BAMEMB8xHTAbBgNVBAMM | ||
FFJ5YW40WWluJ3MgUm9vdCBDQSAxMB4XDTI0MDQwMzA4NDgzM1oXDTM0MDQwMTA4 | ||
NDgzM1owgYkxCzAJBgNVBAYTAlVTMQwwCgYDVQQIDANOWUsxDDAKBgNVBAcMA05Z | ||
SzERMA8GA1UECgwIUnlhbjRZaW4xETAPBgNVBAsMCFJ5YW40WWluMRUwEwYDVQQD | ||
DAx3cml0ZWZvci5mdW4xITAfBgkqhkiG9w0BCQEWEnJheW40eWluQGxpbnV4LmNv | ||
bTB2MBAGByqGSM49AgEGBSuBBAAiA2IABCNTYKDq/I99NltQR5eKrrovQXp9BbLV | ||
iuUdYmzFrAh+NC9ikiIqTfDwP+c+7QvDyI3KXu3KI2qPSPdxktZKDUPHK4p2Y2kZ | ||
xKOI2IFTgTqV3uBciyx7ayWPTwBYxsTDmqNLMEkwJwYDVR0RBCAwHoIMd3JpdGVm | ||
b3IuZnVugg4qLndyaXRlZm9yLmZ1bjAJBgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsG | ||
AQUFBwMBMAoGCCqGSM49BAMEA2kAMGYCMQCHw9YkDo15P9mqEObvxSUak8tQmhBB | ||
9wB81Qg4c+JsMCZA1rMUB7GkNJj1Dr9rWLoCMQDSituLzmo/yPLEOrbNV83bj3/I | ||
ikKgobSie3pMXm5ZG7krOXaunyFRR/bIkih2V2Q= | ||
-----END CERTIFICATE----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
# 1. generate the private key for the CA root certificate | ||
openssl ecparam -genkey -name secp384r1 -out ecc-ca.key | ||
# 2. generate the CA root certificate with the private key | ||
# with the validity period of 10 years | ||
openssl req -x509 -new -SHA512 -key ecc-ca.key -subj "/CN=Ryan4Yin's Root CA 1" -days 3650 -out ecc-ca.crt | ||
|
||
# 3. generate the private key for the server certificate | ||
openssl ecparam -genkey -name secp384r1 -out ecc-server.key | ||
# 4. generate the certificate signing request (CSR) for the server certificate | ||
# using the private key and the configuration file ecc-csr.conf | ||
openssl req -new -SHA512 -key ecc-server.key -out ecc-server.csr -config ecc-csr.conf | ||
# 5. sign the server certificate with the CA root certificate | ||
openssl x509 -req -SHA512 -in ecc-server.csr -CA ecc-ca.crt -CAkey ecc-ca.key \ | ||
-CAcreateserial -out ecc-server.crt -days 3650 \ | ||
-extensions v3_ext -extfile ecc-csr.conf | ||
|
||
openssl x509 -noout -text -in ecc-ca.crt | ||
openssl x509 -noout -text -in ecc-server.crt | ||
|
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters