본문 바로가기

LINUX/UBUNTU

(DK) SELF-CERT 만들기

728x90
### HARBOR 구성

cat << EOF | tee rootca_openssl.conf
extensions              = v3_ca

[ req ]
default_bits            = 2048
default_md              = sha1
default_keyfile         = lesstif-rootca.key
prompt = no
distinguished_name = dn-param


[dn-param]
CN=*.vcf.local
OU=ob
O=ob
L=seoul
C=kr

[ v3_ca ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
authorityKeyIdentifier = keyid,issuer
subjectKeyIdentifier = hash
keyUsage = nonRepudiation, digitalSignature, keyEncipherment

extendedKeyUsage = serverAuth,clientAuth
subjectAltName          = @alt_names
[ alt_names]
DNS.1   = *.vcf.local
IP.1 = 10.253.108.10
#DNS.2   = lesstif.com
#DNS.3   = *.lesstif.com

[policy]

EOF

openssl genrsa -aes256  -passout pass:'P@ssw0rd'  -out lesstif-rootca.key 2048

cp  lesstif-rootca.key lesstif-rootca.key.enc

openssl rsa -in lesstif-rootca.key.enc  -passin pass:'P@ssw0rd'  -out lesstif-rootca.key

openssl req -config rootca_openssl.conf -new -key lesstif-rootca.key -passin pass:'P@ssw0rd'  -out lesstif-rootca.csr

openssl x509 -req -days 3650 -extensions v3_ca  -set_serial 1 -in lesstif-rootca.csr -signkey lesstif-rootca.key -passin pass:'Openbase!234'  -out lesstif-rootca.crt -extfile rootca_openssl.conf

openssl x509 -text -in lesstif-rootca.crt

openssl x509 -inform PEM -in lesstif-rootca.crt -out lesstif-rootca.cert
반응형

'LINUX > UBUNTU' 카테고리의 다른 글

(DK) UBUNTU IP 설정  (0) 2021.06.15
(DK) 우분투 DNS NAME 변경 불가  (0) 2021.06.15
(DK) UBUNTU Interface unrecognizable  (0) 2021.06.11
(DK) UBUNTU 커널 변경  (0) 2021.06.11
(DK) UBUNTU kernal delete  (0) 2021.06.11