Security

Create a Wildcard Server Certificate Generate a key file (It can be one-off operation) openssl genrsa -out server/private/server.key 2048 Generate a Certificate Signing Request (CSR) openssl req -config mid-ca/mid-ca.conf -key server/private/server.key -new -sha256 -out server/csr/XXX.csr Sign the request (CSR) by Sub-CA openssl ca -config mid-ca/mid-ca.conf -extensions server_cert_gcs -days 3650 -notext -in server/csr/XXX.csr -out server/certs/XXX.crt Generate PFX with NO password openssl pkcs12 -inkey server/private/gcs_server.key -in server/certs/XXX.crt -export -out server/certs/XXX.pfx -passout pass: Revoke a certificate openssl ca -config mid-ca/mid-ca.crt -revoke server/certs/XXX.crt cat mid-ca/index ...

Create a “Intermediate CA” certificate Generate a key file for “Intermediate CA” openssl genrsa -aes256 -out mid-ca/private/mid-ca.key 4096 chmod 400 Generate a Certificate Signing Request (CSR) openssl req -config ca/ca.conf -new -key mid-ca/private/mid-ca.key -sha256 -out mid-ca/csr/mid-ca.csr Sign the request file by Root-CA openssl -config ca/ca.conf -extensions v3_mid_ca -days 3650 -notext -in mid-ca/csr/mid-ca.csr -out mid-ca/certs/mid-ca.crt chmod 444 Verify the content openssl x509 -noout -text -in mid-ca/certs/mid-ca.crt openssl veriry -CAfile ca/certs/ca.crt mid-ca/certs/mid-ca.crt CHECK ca/index.txt

Create a “Root CA” certificate Generate a key file for “Root CA” openssl genrsa –aes256 -out ca/private/ca.key 4096 chmod 400 openssl rsa -noout -text -in ca/private/ca.key Generate a certificate file for “Root CA” openssl req -config ca/ca.conf -key ca/private/ca.key -new -x509 -days 3650 -sha256 -extensions v3_ca -out ca/certs/ca.crt chmod 444 openssl x509 -noout -text -in ca/certs/ca.crt