You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
learning openssl in a lab so nothing private here.
I created as described below but the app complains the server key is invalid.
Can anyone verify this is all good?
Then I can contact the app vendor.
Generate CSR for server certificate:
=====================================
cat > server.v3.ext <<EOF
basicConstraints = CA:FALSE
nsCertType = server
nsComment = "OpenSSL Generated Server Certificate"
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
keyUsage = critical, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
EOF
openssl req -newkey rsa:2048 -nodes -keyout server.key -days 365 -out server.csr
Generate server certificate and sign using RootCA:
===================================================
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -out server.crt -CAcreateserial -sha256 -days 365 -extfile server.v3.ext
Yields this:
-----BEGIN CERTIFICATE-----
MIIFuTCCA6GgAwIBAgIUaKkDjsxR4Lg9tW8+L4a8GyVJb6kwDQYJKoZIhvcNAQEL
BQAwZDEQMA4GA1UEAwwHbWlraWVDQTELMAkGA1UECwwCSVQxDDAKBgNVBAoMA0JD
UzEUMBIGA1UEBwwLTWlubmVhcG9saXMxEjAQBgNVBAgMCU1pbm5lc290YTELMAkG
A1UEBhMCVVMwHhcNMjQwNDI5MTYxNjIzWhcNMjUwNDI5MTYxNjIzWjBkMRAwDgYD
VQQDDAdtaWtpZUNBMQswCQYDVQQLDAJJVDEMMAoGA1UECgwDQkNTMRQwEgYDVQQH
DAtNaW5uZWFwb2xpczESMBAGA1UECAwJTWlubmVzb3RhMQswCQYDVQQGEwJVUzCC
AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALU4Qoqyec+HupBScgPsa53q
5F0uf2OTYXKNEqjD8w+14zKBI/u1svJ89bTh1fEebRo8VwyKzuBBUpVvHUp6f0O7
8GrmNSEJp+0E61U8ak0ZcFeeC2Dpl3z+V5Za5SB6WxxwNMWdNSJX0v4gMjNx9a24
TUZt0FevTkKaMYjAF1vcQ5EPqCz7xLfgJ1JwK+RVqsABwekKgDpeStz66Xeff0bF
7K1xSdTJY43pgJ0cup907TvYzPOAoxu57AvOsGrfEuu4o4OiFgNKt/BLKSskMA9o
+UeQdHXnq4gbF8pv1XJvGCgR5FQJRERkggT2eu5zn6Pbs21FLmTWFU8BjRt6MiWV
ba5YySbwY6M5sI4s4KTIfWr1ctbBc0KNkGaaq62Sdmp0ioLvxYPaoY3Y7C71GJ/Z
JNH1wxaItSc/9LmgnSg/D2D40fYOm24MTs8scyw2nptxLuTNXySPyErLY+40YQ+y
ZfZXPGaMH7euem6uei64OqY3u4/gCJNlw1/JAYZZ3+Ltfdb7gsbUliZXMnmIA6Dd
0lw6bIvkpHVqMtxuzUopgnJ5uCtNxLiK6Bbvlcd4ZcygeAri8SF97molz6KKHhDD
mJGtEzK+7VQj6eWi4vacDy5xwazGFsnlEZwp+LEDPVSEdE2MbXR1umKUvkV35/SN
h/C6yo2wv277UdadJ0CfAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O
BBYEFKLpKVaRGkUb2JsCEU/NXElBRBbOMB8GA1UdIwQYMBaAFKLpKVaRGkUb2JsC
EU/NXElBRBbOMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAmPeG
++hzEBgcjlrsgLHW0RbzZrTYcTP9/9UFByF8sqph9TMq+esGHTMpQh2UoerZE1je
c4xJ73jZWRnAFkn0t+o+gQPCkgNhIn3eTveTRXqxUaLk/k6vVd0Nv3lCzg1WdeX9
/SpG35tEuUnnc9iAV0xw2ZoZaY2ySrSbxcqrdzWds1nDa22MIh+ThYkSb8RZ9l12
WX4WaeRuIu6GzDDUoj5ygwxy3kmHY6DMeDtAtJtnAPiuM01NWQaAPvtshqB+ee5A
HCdGgqUZWLryCs6ySrJKUBUcSjiOzlb9+40lXnDMvfuQvE8fNI3GUQEGCjQBJEjw
aMXXnzjWgFmtqMMiIeW87f6Wy2wcm/zWzEJ7bFJpR9K/Qp13HkOouWXlMBsn+AoO
Kbm+TbTqWX7Mj8dko/Sq9eLQ6YN4dGxbuAU9NZg3mFBK8GO3gKcmDjliPaGxjYM/
/MCPkuOBr4ZdEDVc7ZzEt/4CqLa5hsdNZoNW9pQFstP3beNLU2qlmKEmKakWHR+0
lN9vxTF/vxY+vCwvY0vwksc9C9h34d+4hkK9yAiq1ZpmrZK3WC1bumfMH6VzAtPW
y7PUTRGtD+CYSm3JyQHE7F0G/85T2JEHST3Zqt5Rsr2o+57E6gqs9Q6wbqfMgFY4
DyiT0veqWmgrK/kmnWH6KoS+o5rcDQ0Jjjd9GIE=
-----END CERTIFICATE-----
Generate CSR for client certificate:
=====================================
cat > client.v3.ext <<EOF
basicConstraints = CA:FALSE
nsCertType = client, email
nsComment = "OpenSSL Generated Client Certificate"
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = clientAuth, emailProtection
EOF
openssl req -newkey rsa:2048 -keyout client.key -days 365 -out client.csr
Generate client certificate and sign using RootCA:
===================================================
openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -out client.crt -CAcreateserial -days 365 -sha256 -extfile client.v3.ext
Yields this:
-----BEGIN CERTIFICATE-----
MIIFnjCCA4agAwIBAgIUeuOmldkVaOd+H8OK4BEoQko4hQYwDQYJKoZIhvcNAQEL
BQAwZDEQMA4GA1UEAwwHbWlraWVDQTELMAkGA1UECwwCSVQxDDAKBgNVBAoMA0JD
UzEUMBIGA1UEBwwLTWlubmVhcG9saXMxEjAQBgNVBAgMCU1pbm5lc290YTELMAkG
A1UEBhMCVVMwHhcNMjQwNDI5MTYzNTI0WhcNMjUwNDI5MTYzNTI0WjBrMQswCQYD
VQQGEwJVUzESMBAGA1UECAwJTWlubmVzb3RhMRQwEgYDVQQHDAtNaW5uZWFwb2xp
czEMMAoGA1UECgwDQkNTMQswCQYDVQQLDAJJVDEXMBUGA1UEAwwOMTkyLjE2OC4x
MC4xMDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjEc/rwrI2czr/
leAyvLLiEHyZZITTdikAaz32NRfJepCBYlPzhY02sqGgM8z8zffvP0/ThhdAbpOB
m2BtJS+fStAWPIdxtrtR7CUoYcXCEHn4N5DsXpt4oTFMAbvs6AH98aEehyd8niNV
Hz7EfhdSePY1I51mkv614aMKtTfdOcd8cB9rhKwzxXtBpgWyx1Tj5srIfCatTK+O
es9CG2orOfkb3IRx2bnC+XYNye6XOPXt/B5lYaNEsayPCqYOyruSAxrktl9BumTy
IZhs74g63cKOR+18hhuN6QkKlB/SdLcyuHlJqh2pjsnPN4igM96Xmka2NfHMn6YN
QuIdHRMbAgMBAAGjggE/MIIBOzAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIG
QDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgU2VydmVyIENlcnRp
ZmljYXRlMB0GA1UdDgQWBBTZrdTuuBnWHDEbY37XQ9Zm5/1WSTCBoQYDVR0jBIGZ
MIGWgBSi6SlWkRpFG9ibAhFPzVxJQUQWzqFopGYwZDEQMA4GA1UEAwwHbWlraWVD
QTELMAkGA1UECwwCSVQxDDAKBgNVBAoMA0JDUzEUMBIGA1UEBwwLTWlubmVhcG9s
aXMxEjAQBgNVBAgMCU1pbm5lc290YTELMAkGA1UEBhMCVVOCFGipA47MUeC4PbVv
Pi+GvBslSW+pMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAN
BgkqhkiG9w0BAQsFAAOCAgEAPPvE1GVlmx4HaRSOZSy4072P/mqMgjlCPHCEpFc9
+wRDyv6GBPWOJFcy6vcy5FV0AGovloTt4l1zTYxYC9GUhGMiYZxQzr5HSBei0/Vn
IUMoe9BHPjdn2cGvUyrgWg29FIo7vRuS43/a0NnOyX1cetuZ+Lt2Gnrn2DUTRJ61
5epS2w2+ewvLHDAIPTrwKy4/GS7gd+LZL9IbyJURq2nijT6nv6jn+pSQepMnRx8W
LjknLV71S18LjTTQ8M/5lofuF1OJS0R/wyrVUUVH7W5PtDbAzWb2yADTs9RBsqyM
RHjPruTVAAkf18mUTkOpte0I1vmdDj4TEtKZQtu8UV48q9B6IcZq7LjaIKzHrCPG
DnLKvWcgqDNHGP9e0yDXHJAFL2hl5NxY8uNKvhTZqqLhbzuCcM1NDPElIKLEV7gC
ohZ82x7/ZY4hzA5qnP2W5tUih9CYpwgsKvhh1tNd75/VEiRbQk6n76FYSny+mjH4
fR74DxdxKjYH8p7Up/DiRxHbQi/P5vXjObqNBHgfbwUt1sXZXhwcHED+VZW2cWH1
Sbx9d8Ly8BfZ041QL5HGAHUSehgE4KMrwgKZ3igP8JxIRIk+pfOOcSNMagnLcLad
zn0HP8dN/ExVmFkPseQ7YabcfV9JZ6qSrSH6RRE8cMjMcYgEsFajka3zS9lMy+0J
p4g=
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCjEc/rwrI2czr/
leAyvLLiEHyZZITTdikAaz32NRfJepCBYlPzhY02sqGgM8z8zffvP0/ThhdAbpOB
m2BtJS+fStAWPIdxtrtR7CUoYcXCEHn4N5DsXpt4oTFMAbvs6AH98aEehyd8niNV
Hz7EfhdSePY1I51mkv614aMKtTfdOcd8cB9rhKwzxXtBpgWyx1Tj5srIfCatTK+O
es9CG2orOfkb3IRx2bnC+XYNye6XOPXt/B5lYaNEsayPCqYOyruSAxrktl9BumTy
IZhs74g63cKOR+18hhuN6QkKlB/SdLcyuHlJqh2pjsnPN4igM96Xmka2NfHMn6YN
QuIdHRMbAgMBAAECggEAKm+1OzZkqFTecqrvOGTw7HG76zNEeb9TNj+yVUNF2HHj
7zfGfyYvNJ/R/d3dJ6D2N7WzMWnA3UypaF4l/uFhfkO62T6RRN936f7ZQKQJEdK1
2wmi1lBch0zzhkMhQ6qw8gQSmN41QXHp4foKnJnvuc+uyu9kw8/XJz/77Qpx6kj3
ipEv46pZIFa3+p04AgZWiRZGD60j2gWLqj3qMwaJQYvn/uOk19FshCW+lOGhvYji
MS8SvuyisFeqVJXcDJdn3R81DnlUcWxBQffyI4W8n6AdZRtPJU8QaMDuQSyiZk3Z
X2G7MBU8r7Q1tZWnlOkOyXDfljMrevihLU/CKIzGkQKBgQDB2Nhn7oBNvHxkLySe
zUpTDLOZ/QYKAH0ErB/q5SjFEBwkuuHToNXGRYEIGY8y1nNfMLnfSHu2beEcywZO
1rtLL6m/HY7lpY4fXdMBUl8GMVq9dFIalC51tfwrkdn1QZNHLIQ3w/s2lEsQ6XnV
25hI4pZSzMla7xnyLP+eY/PzMwKBgQDXWrjOufhdKi4cpq8NxuCP1NDyO5XCvwM/
WpfyeT8DTx/oa6wGo2FXB5Nv4YYAIyPEbfShKPIW2mluVYYI6y+ZYmDFWZLQjZ4V
mmnB2JD0wVD9jESQW5pfZy2W2MO4HRZ1bKmgrM7/gXHuweBDstdM1v0faRM5GBc1
uw2kDfRgeQKBgQCRdP8GFgBu1IXew0VOaCtiYECQxz112eH11JbqsuRB4xHLOfRk
0eY3rkXhZxR+CE9wWWbQNlqmjJMEARCNrjHCfFR6lVp51h3sSYIhFsc5JWW6jgNh
8FlgeJttsjcEAx3ZpXzdP5FM5j/hw+Bpais+XdCA9ywMsSgeAkgZeVU/4wKBgQCh
+tzysTK8cJOKfV1CEYqq5Lnc2TCF8MJyjqOnf8cDqCop2YLk41K98TbWel0eEVA/
2SydY3zj75hJow5T+wIsbrC2/+7L6xkyypgtc8VkM1vFuhGAO0Zb5/GEerqL62UP
IZJdBl4UFLsriKw0f3otk6+ERrZsxU//3Bggg1aCkQKBgQC/V0z7yDVi+PYSF1R2
+EczT4kLrWylcXUM4YgzENFKqewkea1gUTdIQahGLXCi14tE0opEryrbyt6u+ebr
fxhdfNTY4P1UA/IbcKwsIyB97UkCoNnPwLd3AYjqMIjWJrH9Aoz+/t8LROzfK1u1
oaM5JBsvdBBSpBXUlFnoK/SJug==
-----END PRIVATE KEY-----
Beta Was this translation helpful? Give feedback.
All reactions