Here are example commands for generating your own Certificate Authority, and signing your own keys to distribute to end users.
openssl req -newkey rsa:512 -nodes -out ca.csr -keyout ca.key openssl x509 -req -trustout -signkey ca.key -days 365 -req -in ca.csr -out ca.pem echo "02" > ca.srl keytool -genkey -alias crushftp -keyalg RSA -keysize 512 -keystore crush.keystore -storepass password keytool -certreq -keyalg RSA -alias crushftp -file crushftp.csr -keystore crush.keystore -storepass password openssl x509 -CA ca.pem -CAkey ca.key -CAserial ca.srl -req -in crushftp.csr -out crushftp.crt -days 365 keytool -import -alias crushftp_ca -keystore crush.keystore -trustcacerts -file ca.pem -storepass password keytool -import -alias crushftp -keystore crush.keystore -file crushftp.crt -storepass password keytool -import -alias crushftp_ca -keystore crush.keystore_trust -trustcacerts -file ca.pem -storepass password openssl req -newkey rsa:512 -nodes -out myuser.req -keyout myuser.key openssl x509 -CA ca.pem -CAkey ca.key -CAserial ca.srl -req -in myuser.req -out myuser.pem -days 365 openssl pkcs12 -export -clcerts -in myuser.pem -inkey myuser.key -out myuser.p12 -name "myuser_certificate"
Now from here on, I just generate new signed certs for my clients: (making sure I give them valid common names that match usernames in CrushFTP.)
openssl req -newkey rsa:512 -nodes -out myuser.req -keyout myuser.key openssl x509 -CA ca.pem -CAkey ca.key -CAserial ca.srl -req -in myuser.req -out myuser.pem -days 365 openssl pkcs12 -export -clcerts -in myuser.pem -inkey myuser.key -out myuser.p12 -name "myuser_certificate"
Add new attachment
Only authorized users are allowed to upload new attachments.
«
This particular version was published on 09-Oct-2016 18:14 by Ben Spink.
G’day (anonymous guest)
Log in
JSPWiki