Stone 0a0a012ec5 Local certificate appendix

Adding "Locally create certificates" appendix

Signed-off-by: Stone <ronald.stone@windriver.com>
Change-Id: I4f5446a7015884a3d0eee6182dceaef71c64e97f

2021-03-19 20:33:28 +00:00

1.8 KiB

Raw Blame History

Create Certificates Locally using openssl

You can use openssl to locally create certificates suitable for use in a lab environment.

Create a Root Certificate and Key

Create the Root private key.

$ openssl genrsa -out my-root-ca-key.pem 2048

Generate the Root x509 certificate.

$ openssl req -x509 -new -nodes -key my-root-ca-key.pem -days 1024 -out my-root-ca-cert.pem -outform PEM

Create and sign a server certificate and key.

Create the server private key.

$ openssl genrsa -out my-server-key.pem 2048

Create the Server certificate signing request (csr).

Specify CN=<WRCP-OAM-Floating-IP> and do not specify a challenge password.
```
$ openssl req -new -key my-server-key.pem -out my-server.csr
```

Create the list.

$ echo subjectAltName = IP:<WRCP-OAM-Floating-IP>,DNS:registry.local,DNS:registry.central > extfile.cnf

Use the my-root-ca to sign the server certificate.

$ openssl x509 -req -in my-server.csr -CA my-root-ca-cert.pem -CAkey my-root-ca-key.pem -CAcreateserial -out my-server-cert.pem -days 365 -extfile extfile.cnf

Put the server certificate and key in a single file.

$ cat my-server-cert.pem my-server-key.pem > my-server.pem

1.8 KiB Raw Blame History

Create Certificates Locally using openssl

1.8 KiB

Raw Blame History