Hi guys. I am worried about certificate generation. This is a task with a lot of steps!
I don't know if I will remember all those steps to generate it at exam day.
What is your strategy to generate certificates from nothing? Without any help?
I am asking it because I have a clue and I use zsh-completition to walk throught all those openssl steps.
I saw bash-completition can deal with openssl too.
This is hard to generate only by remembering because it has a lot of arguments and options.
What did you use to generate that without clue or support?
[root@rhel86 ~]# rpm -ql openssl | grep -i make
/usr/bin/make-dummy-cert
/usr/share/doc/openssl/Makefile.certificate
[root@rhel86 ~]# less /usr/share/doc/openssl/Makefile.certificate
I know if I need to generate a certificate from a existing one at ch04s02, it needs to enter 6 steps:
Generate a Private Key: Created a 4096-bit RSA private key for the server.
Generate a CSR: Created a CSR with specific subject information.
Sign the CSR: Used the CA to sign the CSR and generate a server certificate.
Create a Secret: Stored the certificate and key as a secret in OpenShift.
Attach the Secret: Mounted the secret as a volume in the todo-https deployment.
Create a Route: Created a route with passthrough TLS termination to expose the service.
Those openssl commads are pretty tricky to remember.
[root@rhel86 ~]# rpm -ql openssl | grep -i make
/usr/bin/make-dummy-cert
/usr/share/doc/openssl/Makefile.certificate
[root@rhel86 ~]# less /usr/share/doc/openssl/Makefile.certificate
%.pem:
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req $(UTF8) -newkey $(TYPE) -keyout $$PEM1 -nodes -x509 -days $(DAYS) -out $$PEM2 $(EXTRA_FLAGS) ; \
cat $$PEM1 > $@ ; \
echo "" >> $@ ; \
cat $$PEM2 >> $@ ; \
$(RM) $$PEM1 $$PEM2
%.key:
umask 77 ; \
/usr/bin/openssl genrsa -aes128 $(KEYLEN) > $@
%.csr: %.key
umask 77 ; \
/usr/bin/openssl req $(UTF8) -new -key $^ -out $@
%.crt: %.key
umask 77 ; \
/usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days $(DAYS) -out $@ $(EXTRA_FLAGS)
thanx you bro. it is really good clue
I was having the same concern and for me, openssl was a little bit trick. However, recently I just realized there are a lot a man pages with the subcommands and those pages have a lot of examples.
man openssl-genrsa
man openssl-req
man openssl-x509
Red Hat
Learning Community
A collaborative learning environment, enabling open source skill development.