Build Certificates
From wiki.network-crawler.de
[edit]
First build the CA:
cd /etc/ssl/
Modify CA.sh:
vi /usr/share/ssl/misc/CA.sh /usr/share/ssl/misc/CA.sh -newca
Modify xpextensions:
vi xpextensions
Example:
[ xpclient_ext] extendedKeyUsage = 1.3.6.1.5.5.7.3.2 [ xpserver_ext ] extendedKeyUsage = 1.3.6.1.5.5.7.3.1
openssl req -new -nodes -keyout server_key.pem -out server_req.pem -days 730 -config ./openssl.cnf openssl ca -config ./openssl.cnf -policy policy_anything \ -out server_cert.pem -extensions xpserver_ext \ -extfile ./xpextensions -infiles ./server_req.pem
Open your signed certificate with the text editor
of your choice and delete everything before the line:
BEGIN CERTIFICATE-----.
Concatenate it and your key into a single file, like this:
cat server_key.pem server_cert.pem > server_keycert.pem
A little Script to create the certificates (call with sh client.sh ):
#! /bin/bash name=$1 echo `openssl req -new -keyout "$name"_key.pem -out "$name"_req.pem \ -days 730 -config ./openssl.cnf` echo `openssl ca -config ./openssl.cnf -policy policy_anything \ -out "$name"_cert.pem -extensions xpclient_ext -extfile \ ./xpextensions -infiles ./"$name"_req.pem` echo `grep -i "BEGIN" -A20 "$name"_cert.pem > "$name"_cert_stripped.pem` echo `openssl pkcs12 -export -in "$name"_cert_stripped.pem \ -inkey "$name"_key.pem -out "$name"_cert.p12 -clcerts`
For Reference see:
http://www.linuxjournal.com/article/8095
http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00804b976b.shtml
http://www.jacco2.dds.nl/networking/crtimprt.html
