Show More
| @@ -4,27 +4,22 b' Generate a private key (priv.pem):' | |||||
| 4 |
|
4 | |||
| 5 | Generate 2 self-signed certificates from this key (pub.pem, pub-other.pem): |
|
5 | Generate 2 self-signed certificates from this key (pub.pem, pub-other.pem): | |
| 6 |
|
6 | |||
| 7 | $ printf '.\n.\n.\n.\n.\nlocalhost\nhg@localhost\n' | \ |
|
7 | $ openssl req -new -x509 -key priv.pem -nodes -sha256 -days 9000 \ | |
| 8 | openssl req -new -x509 -key priv.pem -nodes -sha256 -days 9000 -out pub.pem |
|
8 | -out pub.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/' | |
| 9 |
|
9 | $ openssl req -new -x509 -key priv.pem -nodes -sha256 -days 9000 \ | ||
| 10 | $ printf '.\n.\n.\n.\n.\nlocalhost\nhg@localhost\n' | \ |
|
10 | -out pub-other.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/' | |
| 11 | openssl req -new -x509 -key priv.pem -nodes -sha256 -days 9000 -out pub-other.pem |
|
|||
| 12 |
|
11 | |||
| 13 | Now generate an expired certificate by turning back the system time: |
|
12 | Now generate an expired certificate by turning back the system time: | |
| 14 |
|
13 | |||
| 15 |
$ |
|
14 | $ faketime 2016-01-01T00:00:00Z \ | |
| 16 | $ printf '.\n.\n.\n.\n.\nlocalhost\nhg@localhost\n' | \ |
|
15 | openssl req -new -x509 -key priv.pem -nodes -sha256 -days 1 \ | |
| 17 | openssl req -new -x509 -key priv.pem -nodes -sha256 -days 1 -out pub-expired.pem |
|
16 | -out pub-expired.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/' | |
| 18 |
|
17 | |||
| 19 | Generate a certificate not yet active by advancing the system time: |
|
18 | Generate a certificate not yet active by advancing the system time: | |
| 20 |
|
19 | |||
| 21 |
$ |
|
20 | $ faketime 2030-01-1T00:00:00Z \ | |
| 22 | $ printf '.\n.\n.\n.\n.\nlocalhost\nhg@localhost\n' | \ |
|
21 | openssl req -new -x509 -key priv.pem -nodes -sha256 -days 1 \ | |
| 23 | openssl req -new -x509 -key priv.pem -nodes -sha256 -days 1 -out pub-not-yet.pem |
|
22 | -out pub-not-yet.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/' | |
| 24 |
|
||||
| 25 | Note: When adjusting system time, verify the time change sticks. If running |
|
|||
| 26 | systemd, you may want to use `timedatectl set-ntp false` and e.g. |
|
|||
| 27 | `timedatectl set-time '2016-01-01 00:00:00'` to set system time. |
|
|||
| 28 |
|
23 | |||
| 29 | Generate a passphrase protected client certificate private key: |
|
24 | Generate a passphrase protected client certificate private key: | |
| 30 |
|
25 | |||
General Comments 0
You need to be logged in to leave comments.
Login now