Openssl

De Base de conocimiento
Ir a la navegación Ir a la búsqueda

Cómo crear un certificado SSL autofirmado en dos simples pasos.

Linux


instalar openssl 

  sudo apt-get install openssl

convertir el certificado de .pfx a .crt 

  openssl pkcs12 -in certificado.pfx -out certificado.crt -nodes

convertir el certificado de .pfx a .pem 

  openssl pkcs12 -in certificado.pfx -out certificado.pem -nodes

También se puede extraer del mismo certificado, las claves pública y privada por separado:

extraer la clave pública 

  openssl pkcs12 -in certificado.pfx -clcerts -nokeys -out certificado.cer

extraer la clave privada


Genere un certificado autofirmado con una nueva clave privada.

  openssl req -x509 -nodes -days 9999 -newkey rsa:2048 -keyout HOSTNAME.key -out HOSTNAME.cer -subj "/CN=HOSTNAME"


Convierta el certificado y la clave privada en un archivo .pfx. 

  openssl pkcs12 -export -out HOSTNAME.pfx -inkey HOSTNAME.key -in HOSTNAME.cer -name "HOSTNAME" -passout pass:

link:https://docs.vmware.com/es/VMware-vRealize-Operations-for-Published-Applications/6.5/com.vmware.v4pa.admin_install/GUID-ED4F6D9A-B471-40F6-85AF-7C3187106546.html 


  openssl pkcs12 -in certificado.pfx -nocerts -nodes  -out certificado.key


CSR realizar documentación: https://www.digicert.com/es/creacion-de-sfc-apache.htm 

  openssl genrsa 2048 > wildcard.key

Generating RSA private key, 2048 bit long modulus ............................................................................................+++ ..........................................................................+++ e is 65537 (0x10001) 

  openssl req -new -x509 -nodes -sha1 -days 3650 -key wildcard.key > wildcard.crt

You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank.

Country Name (2 letter code) [AU]:ES State or Province Name (full name) [Some-State]:Bizkaia Locality Name (eg, city) []:Bilbao Organization Name (eg, company) [Internet Widgits Pty Ltd]:Irontec: Internet y Sistemas sobre GNU / Linux Organizational Unit Name (eg, section) []:Sistemas Common Name (e.g. server FQDN or YOUR name) []:*.irontec.com Email Address []:registry@irontec.com 

  openssl req -x509 -sha256 -nodes -days 3650 -newkey rsa:2048 -keyout osvg.key -out osvg.crt
Obtenido de «https://wikiov.duckdns.org/index.php?title=Openssl&oldid=328»