Certificados TLS

= OpenSSL Cheat Sheet =


 * OpenSSL: Criando uma Autoridade Certificadora (CA)


 * OpenSSL: Assinando um CSR com a nossa CA

Criando as chaves ssl
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout nginx.key -out nginx.crt \ -subj "/C=BR/ST=DF/L=Brasilia/O=Company/OU=TI/CN=$(hostname).company.com.br"

Importando um Certificado
Download do certificado

openssl s_client -connect   

Importando via ikeycmd

ikeycmd -cert -add -db "key.jks" \-file "FILENAME.cer" -pw  -label  > /dev/null

= iKeyCmd Cheat Sheet =

List certificates

ikeycmd -cert -list personal -db "key.kdb" -pw changeit ikeycmd -cert -list ca -db "key.kdb" -pw changeit

Add a client certificate to keystore

ikeycmd -cert -add -db "key.kdb" -label  -file  -format ascii -pw changeit

Remove certificate from keystore (using stashed password)

ikeycmd -cert -delete -label  -db "key.kdb" -stashed

Set default certificate

ikeycmd -cert -setdefault -db "key.kdb" -label "mydefaultcertificate" -pw changeit