Skip to content
/ create-pki Public

Sample script to create a PKI for TLS server authentication, with openssl

License

View license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

syncom/create-pki

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
create_pki.sh
create_pki.sh
 
 
openssl.cnf
openssl.cnf
 
 

Repository files navigation

create-pki: a simple script demonstrating how to create a public-key infrastructure for a TLS server

Dependency

The script has been tested on Ubuntu (e.g., 16.04 LTS), and requires OpenSSL be installed. To install OpenSSL on Ubuntu,

sudo apt-get install openssl

How to generate a PKI

  • Modify the configuration template file openssl.conf as needed.
  • Run ./create_pki.sh to generate a TLS server certificate. Enter requested information when prompted.
  • To add a subjectAltName, in openssl.cnf, under the [ v3_req] section, uncomment the line 
    subjectAltName = DNS:<your_subject_alternative_name>
    and replace the <your_subject_alternative_name> with your SAN.

How to test the server certificate

Server-side test

Run

openssl s_server \
-CAfile TestCA/cacert.pem \
-cert TestCA/server/example.com.cert.pem \
-key TestCA/server/example.com.key

If everything is OK, expect to see

Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT

Client-side test

In another shell, try

openssl s_client

About

Sample script to create a PKI for TLS server authentication, with openssl

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages