Diferencia entre revisiones de «Openssl»
Línea 44: | Línea 44: | ||
CSR realizar documentación: https://www.digicert.com/es/creacion-de-sfc-apache.htm | CSR realizar documentación: https://www.digicert.com/es/creacion-de-sfc-apache.htm | ||
openssl genrsa 2048 > wildcard.key | |||
Generating RSA private key, 2048 bit long modulus | |||
............................................................................................+++ | |||
..........................................................................+++ | |||
e is 65537 (0x10001) | |||
openssl req -new -x509 -nodes -sha1 -days 3650 -key wildcard.key > wildcard.crt | |||
You are about to be asked to enter information that will be incorporated | |||
into your certificate request. | |||
What you are about to enter is what is called a Distinguished Name or a DN. | |||
There are quite a few fields but you can leave some blank | |||
For some fields there will be a default value, | |||
If you enter '.', the field will be left blank. | |||
----- | |||
Country Name (2 letter code) [AU]:ES | |||
State or Province Name (full name) [Some-State]:Bizkaia | |||
Locality Name (eg, city) []:Bilbao | |||
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Irontec: Internet y Sistemas sobre GNU / Linux | |||
Organizational Unit Name (eg, section) []:Sistemas | |||
Common Name (e.g. server FQDN or YOUR name) []:*.irontec.com | |||
Email Address []:registry@irontec.com |
Revisión del 02:24 7 jun 2021
Cómo crear un certificado SSL autofirmado en dos simples pasos.
Linux
instalar openssl
sudo apt-get install openssl
convertir el certificado de .pfx a .crt
openssl pkcs12 -in certificado.pfx -out certificado.crt -nodes
convertir el certificado de .pfx a .pem
openssl pkcs12 -in certificado.pfx -out certificado.pem -nodes
También se puede extraer del mismo certificado, las claves pública y privada por separado:
extraer la clave pública
openssl pkcs12 -in certificado.pfx -clcerts -nokeys -out certificado.cer
extraer la clave privada
Genere un certificado autofirmado con una nueva clave privada.
openssl req -x509 -nodes -days 9999 -newkey rsa:2048 -keyout HOSTNAME.key -out HOSTNAME.cer -subj "/CN=HOSTNAME"
Convierta el certificado y la clave privada en un archivo .pfx.
openssl pkcs12 -export -out HOSTNAME.pfx -inkey HOSTNAME.key -in HOSTNAME.cer -name "HOSTNAME" -passout pass:
openssl pkcs12 -in certificado.pfx -nocerts -nodes -out certificado.key
CSR realizar documentación: https://www.digicert.com/es/creacion-de-sfc-apache.htm
openssl genrsa 2048 > wildcard.key
Generating RSA private key, 2048 bit long modulus ............................................................................................+++ ..........................................................................+++ e is 65537 (0x10001)
openssl req -new -x509 -nodes -sha1 -days 3650 -key wildcard.key > wildcard.crt
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:ES State or Province Name (full name) [Some-State]:Bizkaia Locality Name (eg, city) []:Bilbao Organization Name (eg, company) [Internet Widgits Pty Ltd]:Irontec: Internet y Sistemas sobre GNU / Linux Organizational Unit Name (eg, section) []:Sistemas Common Name (e.g. server FQDN or YOUR name) []:*.irontec.com Email Address []:registry@irontec.com