cancel
Showing results for 
Search instead for 
Did you mean: 
AlanAguinaga2
Mission Specialist
Mission Specialist
  • 1,054 Views

I am worry about tls openssl certificates generation at exam

Jump to solution

Hi guys. I am worried about certificate generation. This is a task with a lot of steps!

I don't know if I will remember all those steps to generate it at exam day. 

What is your strategy to generate certificates from nothing? Without any help? 

I am asking it because I have a clue and I use zsh-completition to walk throught all those openssl steps. 

I saw bash-completition can deal with openssl too. 
This is hard to generate only by remembering because it has a lot of arguments and options. 

What did you use to generate that without clue or support? 

Labels (1)
0 Kudos
1 Solution

Accepted Solutions
Fran_Garcia
Starfighter Starfighter
Starfighter
  • 990 Views

[root@rhel86 ~]# rpm -ql openssl | grep -i make

/usr/bin/make-dummy-cert

/usr/share/doc/openssl/Makefile.certificate

 

[root@rhel86 ~]# less /usr/share/doc/openssl/Makefile.certificate

 
Is this enough reminder?

View solution in original post

5 Replies
AlanAguinaga2
Mission Specialist
Mission Specialist
  • 1,051 Views

I know if I need to generate a certificate from a existing one at ch04s02, it needs to enter 6 steps: 


Generate a Private Key: Created a 4096-bit RSA private key for the server.
Generate a CSR: Created a CSR with specific subject information.
Sign the CSR: Used the CA to sign the CSR and generate a server certificate.
Create a Secret: Stored the certificate and key as a secret in OpenShift.
Attach the Secret: Mounted the secret as a volume in the todo-https deployment.
Create a Route: Created a route with passthrough TLS termination to expose the service.

Those openssl commads are pretty tricky to remember. 

0 Kudos
Fran_Garcia
Starfighter Starfighter
Starfighter
  • 991 Views

[root@rhel86 ~]# rpm -ql openssl | grep -i make

/usr/bin/make-dummy-cert

/usr/share/doc/openssl/Makefile.certificate

 

[root@rhel86 ~]# less /usr/share/doc/openssl/Makefile.certificate

 
Is this enough reminder?
AlanAguinaga2
Mission Specialist
Mission Specialist
  • 982 Views

%.pem:
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req $(UTF8) -newkey $(TYPE) -keyout $$PEM1 -nodes -x509 -days $(DAYS) -out $$PEM2 $(EXTRA_FLAGS) ; \
cat $$PEM1 > $@ ; \
echo "" >> $@ ; \
cat $$PEM2 >> $@ ; \
$(RM) $$PEM1 $$PEM2

%.key:
umask 77 ; \
/usr/bin/openssl genrsa -aes128 $(KEYLEN) > $@

%.csr: %.key
umask 77 ; \
/usr/bin/openssl req $(UTF8) -new -key $^ -out $@

%.crt: %.key
umask 77 ; \
/usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days $(DAYS) -out $@ $(EXTRA_FLAGS)

0 Kudos
AlanAguinaga2
Mission Specialist
Mission Specialist
  • 982 Views

thanx you bro. it is really good clue

0 Kudos
Emanuel_Haine
Flight Engineer
Flight Engineer
  • 316 Views

I was having the same concern and for me, openssl was a little bit trick. However, recently I just realized there are a lot a man pages with the subcommands and those pages have a lot of examples.

man openssl-genrsa

man openssl-req

man openssl-x509

0 Kudos
Join the discussion
You must log in to join this conversation.