Added bash as language to the how to create... file

pcarranza · Jul 8, 2014 · a13a7fa · a13a7fa
1 parent 34df5cd
commit a13a7fa
Showing 1 changed file with 34 additions and 14 deletions.
diff --git a/cert/how_to_create_timestamping_cert.md b/cert/how_to_create_timestamping_cert.md
@@ -2,23 +2,27 @@
 
 - Create basic CA folder
 
-```
+```bash
 mkdir CA
 cd CA
 ```
 
 - Create basic RSA key and Certificate Signature Request that will work as a CA
 
-    > openssl req -new -newkey rsa:4096 -nodes -out ca.csr -keyout ca.key
+```bash
+openssl req -new -newkey rsa:4096 -nodes -out ca.csr -keyout ca.key
+```
 
 - Complete the data with whatever you consider insteresting to have in your CA
 - Sign your Certificate Signature Request with your key and emit your first certificate
 
-    > openssl x509 -trustout -signkey ca.key -days 1461 -req -in ca.csr -out ca.pem
+```bash
+openssl x509 -trustout -signkey ca.key -days 1461 -req -in ca.csr -out ca.pem
+```
 
 - You now have 3 files:
 
-```
+```bash
 ca.key -> your CA private key
 ca.csr -> certificate signature request
 ca.pem -> your CA trusted public certificate
@@ -28,38 +32,48 @@ ca.pem -> your CA trusted public certificate
 
 - Create basic tsa folder
 
-```
+```bash
 mkdir tsa
 cd tsa
 ```
 
 - Create another RSA private key
 
-    > openssl genrsa -out client.key 4096
+```bash
+openssl genrsa -out client.key 4096
+```
 
 - On osx we will need a basic openssl configuration with a little tweaks
 
-```
+```bash
 cat /System/Library/OpenSSL/openssl.cnf > ext.config
 echo "[ tsa ]" >> ext.config
 echo "extendedKeyUsage=critical,timeStamping" >> ext.config
 ```
 
 - Create a configuration file with the timestamping extensions
 
-    > echo "extendedKeyUsage=critical,timeStamping" >> ext-only.config
+```bash
+echo "extendedKeyUsage=critical,timeStamping" >> ext-only.config
+```
 
 - Create a certificate signature request with the TSA extension configuration file
 
-    > openssl req -new -key client.key -out client.csr -nodes -days 1461 -extensions 'tsa' -config ./ext.config
+```bash
+openssl req -new -key client.key -out client.csr -nodes -days 1461 -extensions 'tsa' -config ./ext.config
+```
 
 - Sign the request with your CA using the timestamper configuration file
 
-    > openssl x509 -req -days 1641 -in client.csr -CA ../CA/ca.pem -CAkey ../CA/ca.key -set_serial 01 -out client.crt -extfile ext-only.config
+```bash
+openssl x509 -req -days 1641 -in client.csr -CA ../CA/ca.pem -CAkey ../CA/ca.key -set_serial 01 -out client.crt -extfile ext-only.config
+```
 
 - Validate by printing the certificate information
 
-    > openssl x509 -text -in client.crt
+```bash
+openssl x509 -text -in client.crt
+```
 
 - Look for timestamping critical extensions:
 
@@ -72,14 +86,20 @@ X509v3 extensions:
 ## Step 2: import your openssl generated timestamper keypair and certificate with java keytool
 - Export the tsa certificate with openssl with the whole chain (the password should be longer than 6 chars)
 
-    > openssl pkcs12 -export -out tsa.p12 -inkey client.key -in client.crt -CAfile ../CA/ca.pem -chain
+```bash
+openssl pkcs12 -export -out tsa.p12 -inkey client.key -in client.crt -CAfile ../CA/ca.pem -chain
+```
 
 - Print the certificates in the keystore:
 
-    > keytool -list -keystore tsa.p12 -v -storetype PKCS12
+```bash
+keytool -list -keystore tsa.p12 -v -storetype PKCS12
+```
 
 - Change the alias for a valid alias
 
-    > keytool -changealias -keystore tsa.p12 -storetype pkcs12 -alias 1 -destalias timestamping-cert
+```bash
+keytool -changealias -keystore tsa.p12 -storetype pkcs12 -alias 1 -destalias timestamping-cert
+```
 
 - Check it again just to be sure