Ran into some SSL issues today and did not have the tools to generate an acceptable CSR/PEM/DER. Here is what I gathered for next time.
For *nix:
For Windows using Win32 OpenSSL:
@echo off
set PATH=C:\OpenSSL\bin;%PATH%
set OPENSSL=openssl.exe
set MOD=1024
set KEY=f00bar
IF NOT EXIST "%USERPROFILE%\Desktop\ssl" mkdir %USERPROFILE%\Desktop\ssl
::ELSE echo "%USERPROFILE%\Desktop\ssl exists"
IF NOT EXIST "%USERPROFILE%\Desktop\ssl\csr" mkdir %USERPROFILE%\Desktop\ssl\csr
::ELSE echo "%USERPROFILE%\Desktop\ssl\csr exists"
IF NOT EXIST "%USERPROFILE%\Desktop\ssl\cert" mkdir %USERPROFILE%\Desktop\ssl\cert
::ELSE echo "%USERPROFILE%\Desktop\ssl\cert exists"; fi
IF NOT EXIST "%USERPROFILE%\Desktop\ssl\key" mkdir %USERPROFILE%\Desktop\ssl\key
::ELSE echo "%USERPROFILE%\Desktop\ssl\key exists"
echo ***
echo *** Create Server certificate key
%OPENSSL% genrsa -passout pass:%KEY% -des3 -out %USERPROFILE%\Desktop\ssl\key\server-pass.key %MOD%
%OPENSSL% rsa -passin pass:%KEY% -in %USERPROFILE%\Desktop\ssl\key\server-pass.key -out %USERPROFILE%\Desktop\ssl\key\server.key
echo ***
echo *** Create Server self-signed certificates in PEM, DER formats
%OPENSSL% req -new -x509 -days 1440 -key %USERPROFILE%\Desktop\ssl\key\server.key -out %USERPROFILE%\Desktop\ssl\cert\server.pem.crt
%OPENSSL% x509 -in %USERPROFILE%\Desktop\ssl\cert\server.pem.crt -outform DER -out %USERPROFILE%\Desktop\ssl\cert\server.der
echo ***
::echo *** Create Server certificate signing request
::%OPENSSL% req -new -key %USERPROFILE%\Desktop\ssl\key\server.key -out %USERPROFILE%\Desktop\ssl\csr\server.csr
echo ***
::echo *** Create CA certificate key
::%OPENSSL% genrsa -passout pass:%KEY% -des3 -out %USERPROFILE%\Desktop\ssl\key\ca-pass.key %MOD%
::%OPENSSL% rsa -passin pass:%KEY% -in %USERPROFILE%\Desktop\ssl\key\ca-pass.key -out %USERPROFILE%\Desktop\ssl\key\ca.key
echo ***
::echo *** Create CA certificate
::%OPENSSL% req -new -x509 -days 1440 -key %USERPROFILE%\Desktop\ssl\key\ca.key -out %USERPROFILE%\Desktop\ssl\cert\ca.pem.crt
::# Use this command if the CSR was generated by another system
::echo *** Create Server certificate from certificate signing request and CA certificate, CA certificate key (3rd party verification)
::%OPENSSL% x509 -req -days 1440 -in %USERPROFILE%\Desktop\ssl\csr\server.csr -CA %USERPROFILE%\Desktop\ssl\cert\ca.pem.crt -CAkey %USERPROFILE%\Desktop\ssl\key\ca.key -set_serial 01 -out %USERPROFILE%\Desktop\ssl\cert\server-csr.pem.crt
For *nix:
#! /usr/bin/bash
PATH="/usr/local/ssl/bin:$PATH"
OPENSSL=`which openssl`
MOD=1024
KEY=f00bar
if [ ! -e "$OPENSSL" ]; then exit; else echo "$OPENSSL exists"; fi
if [ ! -d "$HOME/ssl" ]; then mkdir $HOME/ssl; else echo "$HOME/ssl exists"; fi
if [ ! -d "$HOME/ssl/csr" ]; then mkdir $HOME/ssl/csr; else echo "$HOME/ssl/csr exists"; fi
if [ ! -d "$HOME/ssl/cert" ]; then mkdir $HOME/ssl/cert; else echo "$HOME/ssl/cert exists"; fi
if [ ! -d "$HOME/ssl/key" ]; then mkdir $HOME/ssl/key; else echo "$HOME/ssl/key exists"; fi
echo -e "\t*\n***\tCreate Server certificate key\n\t*"
$OPENSSL genrsa -passout pass:$KEY -des3 -out $HOME/ssl/key/server-pass.key $MOD
$OPENSSL rsa -passin pass:$KEY -in $HOME/ssl/key/server-pass.key -out $HOME/ssl/key/server.key
echo -e "\t*\n***\tCreate Server self-signed certificates in PEM, DER formats\n\t*"
$OPENSSL req -new -x509 -days 1440 -key $HOME/ssl/key/server.key -out $HOME/ssl/cert/server.pem.crt
$OPENSSL x509 -in $HOME/ssl/cert/server.pem.crt -outform DER -out $HOME/ssl/cert/server.der
#echo -e "\t*\n***\tCreate Server certificate signing request\n\t*"
#$OPENSSL req -new -key $HOME/ssl/key/server.key -out $HOME/ssl/csr/server.csr
#echo -e "\t*\n***\tCreate CA certificate key\n\t*"
#$OPENSSL genrsa -passout pass:$KEY -des3 -out $HOME/ssl/key/ca-pass.key $MOD
#$OPENSSL rsa -passin pass:$KEY -in $HOME/ssl/key/ca-pass.key -out $HOME/ssl/key/ca.key
#echo -e "\t*\n***\tCreate CA certificate\n\t*"
#$OPENSSL req -new -x509 -days 1440 -key $HOME/ssl/key/ca.key -out $HOME/ssl/cert/ca.pem.crt
## Use this command if the CSR was generated by another system
#echo -e "\t*\n***\tCreate Server certificate from certificate signing request and CA certificate, CA certificate key (3rd party verification)\n\t*"
#$OPENSSL x509 -req -days 1440 -in $HOME/ssl/csr/server.csr -CA $HOME/ssl/cert/ca.pem.crt -CAkey $HOME/ssl/key/ca.key -set_serial 01 -out $HOME/ssl/cert/server-csr.pem.crt
For Windows using Win32 OpenSSL:
@echo off
set PATH=C:\OpenSSL\bin;%PATH%
set OPENSSL=openssl.exe
set MOD=1024
set KEY=f00bar
IF NOT EXIST "%USERPROFILE%\Desktop\ssl" mkdir %USERPROFILE%\Desktop\ssl
::ELSE echo "%USERPROFILE%\Desktop\ssl exists"
IF NOT EXIST "%USERPROFILE%\Desktop\ssl\csr" mkdir %USERPROFILE%\Desktop\ssl\csr
::ELSE echo "%USERPROFILE%\Desktop\ssl\csr exists"
IF NOT EXIST "%USERPROFILE%\Desktop\ssl\cert" mkdir %USERPROFILE%\Desktop\ssl\cert
::ELSE echo "%USERPROFILE%\Desktop\ssl\cert exists"; fi
IF NOT EXIST "%USERPROFILE%\Desktop\ssl\key" mkdir %USERPROFILE%\Desktop\ssl\key
::ELSE echo "%USERPROFILE%\Desktop\ssl\key exists"
echo ***
echo *** Create Server certificate key
%OPENSSL% genrsa -passout pass:%KEY% -des3 -out %USERPROFILE%\Desktop\ssl\key\server-pass.key %MOD%
%OPENSSL% rsa -passin pass:%KEY% -in %USERPROFILE%\Desktop\ssl\key\server-pass.key -out %USERPROFILE%\Desktop\ssl\key\server.key
echo ***
echo *** Create Server self-signed certificates in PEM, DER formats
%OPENSSL% req -new -x509 -days 1440 -key %USERPROFILE%\Desktop\ssl\key\server.key -out %USERPROFILE%\Desktop\ssl\cert\server.pem.crt
%OPENSSL% x509 -in %USERPROFILE%\Desktop\ssl\cert\server.pem.crt -outform DER -out %USERPROFILE%\Desktop\ssl\cert\server.der
echo ***
::echo *** Create Server certificate signing request
::%OPENSSL% req -new -key %USERPROFILE%\Desktop\ssl\key\server.key -out %USERPROFILE%\Desktop\ssl\csr\server.csr
echo ***
::echo *** Create CA certificate key
::%OPENSSL% genrsa -passout pass:%KEY% -des3 -out %USERPROFILE%\Desktop\ssl\key\ca-pass.key %MOD%
::%OPENSSL% rsa -passin pass:%KEY% -in %USERPROFILE%\Desktop\ssl\key\ca-pass.key -out %USERPROFILE%\Desktop\ssl\key\ca.key
echo ***
::echo *** Create CA certificate
::%OPENSSL% req -new -x509 -days 1440 -key %USERPROFILE%\Desktop\ssl\key\ca.key -out %USERPROFILE%\Desktop\ssl\cert\ca.pem.crt
::# Use this command if the CSR was generated by another system
::echo *** Create Server certificate from certificate signing request and CA certificate, CA certificate key (3rd party verification)
::%OPENSSL% x509 -req -days 1440 -in %USERPROFILE%\Desktop\ssl\csr\server.csr -CA %USERPROFILE%\Desktop\ssl\cert\ca.pem.crt -CAkey %USERPROFILE%\Desktop\ssl\key\ca.key -set_serial 01 -out %USERPROFILE%\Desktop\ssl\cert\server-csr.pem.crt
Comments