... | ... | @@ -16,11 +16,20 @@ To generate server and client certificates, you need to have CA like certificate |
|
|
You can use pre-generated CA like certificate or generate your own. Pre-generated certificate files `ca.key`, `ca.pem` and `ca.srl` are placed in [JetConf](https://gitlab.labs.nic.cz/labs/jetconf) repository in `utils/cert_gen` subdirectory.
|
|
|
|
|
|
### Generate your own CA like certificate
|
|
|
Generate key
|
|
|
Make or move to your working directory
|
|
|
```bash
|
|
|
$ openssl genrsa -des3 -out ca.key 4096
|
|
|
$ mkdir my_ca_cert
|
|
|
$ cd my_ca_cert
|
|
|
```
|
|
|
Generate certificate
|
|
|
Generate `ca.key`
|
|
|
```bash
|
|
|
$ openssl genrsa -out ca.key 2048
|
|
|
```
|
|
|
Create `ca.srl`
|
|
|
```bash
|
|
|
$ openssl genrsa -out ca.key 2048
|
|
|
```
|
|
|
Generate `ca.pem` certificate. [more](https://www.openssl.org/docs/manmaster/man1/openssl-x509.html)
|
|
|
```bash
|
|
|
$ openssl req -x509 -new -nodes -key ca.key -sha256 -days 1024 -out ca.pem
|
|
|
```
|
... | ... | |