Certificados TLS: Difference between revisions

From Wiki
 
(19 intermediate revisions by the same user not shown)
Line 1: Line 1:
= OpenSSL Cheat Sheet =
= OpenSSL Cheat Sheet =


* [[OpenSSL: Criando uma Autoridade Certificadora (CA)]]


== Criando as chaves ssl ==
==== Criando as chaves ssl ====


  openssl req -x509 -nodes -days 3650 -newkey rsa:2048  -keyout nginx.key -out nginx.crt \
  openssl req -x509 -nodes -days 3650 -newkey rsa:2048  -keyout nginx.key -out nginx.crt \
   -subj "/C=BR/ST=DF/L=Brasilia/O=Company/OU=TI/CN=$(hostname).company.com.br"
   -subj "/C=BR/ST=DF/L=Brasilia/O=Company/OU=TI/CN=$(hostname).company.com.br"


== Importando um Certificado ==
==== Importando um Certificado ====


Download do certificado
Download do certificado


  openssl s_client -connect <HOST:PORT> </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > <NOME_DO-ARQUIVO.cer>
  openssl s_client -connect <HOST:PORT> </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > <FILENAME.cer>


Importando via ikeycmd
Importando via ikeycmd


  ikeycmd -cert -add -db "key.jks" \-file "NOME_DO-ARQUIVO.cer" -pw <PASSWORD> -label <LABEL_CERTIFICADO> > /dev/null
  ikeycmd -cert -add -db "key.jks" -file "FILENAME.cer" -pw <PASSWORD> -label <LABEL_CERTIFICADO> > /dev/null


= iKeyCmd Cheat Sheet =
= iKeyCmd Cheat Sheet =
Line 27: Line 28:
Add a client certificate to keystore
Add a client certificate to keystore


  ikeycmd -cert -add -db "key.kdb" -label ibmwebspheremqclient01 -file ibmwebspheremqclient01.crt -format ascii -pw changeit
  ikeycmd -cert -add -db "key.kdb" -label <MYCERTLABEL> -file <FILENAME.crt> -format ascii -pw changeit


Remove certificate from keystore (using stashed password)
Remove certificate from keystore (using stashed password)


  ikeycmd -cert -delete -label ibmwebspheremqclient01 -db "key.kdb" -stashed
  ikeycmd -cert -delete -label <MYCERTLABEL> -db "key.kdb" -stashed


Set default certificate
Set default certificate


  ikeycmd -cert -setdefault -db key.kdb -label "mydefaultcertificate" -pw changeit
  ikeycmd -cert -setdefault -db "key.kdb" -label "mydefaultcertificate" -pw changeit
 
To create a new certificate request
 
ikeycmd -certreq -create -db gui-truststore.jks -pw password -size 2048 \
-sig_alg SHA256WithRSA -dn "CN=srv.company.com" -file certreq.csr -label label \
-san_dnsname srv1.company.com,srv2.company.com  \
-san_ipaddr 192.168.2.1,192.168.2.2
 
To receive the signed certificate by using the iKeycmd command, issue the following command:
 
ikeycmd -cert -receive -db gui-truststore.jks -pw password -format format -file certificate_file
 
To create a self signed certificate
 
ikeycmd -cert -create -db keyselfsigned.jks -pw 1234 -label mysigner -dn "CN=srv.company.com" -size 2048 -expire 3650 -ca true
 
* [[WLP: Adicionando um certificado TLS como confiável na Liberty trust store]]
 
= Keytool Cheat Sheet =
 
List certificates
 
keytool -v -list -keystore <JAVA_HOME>/lib/security/cacerts -storepass changeit
 
 
Add a client certificate to keystore
 
keytool -import -alias cert-interno -file /<TEMP_DIR>/certificadoInterno.der \
-keystore  <JAVA_HOME>/lib/security/cacerts -storetype jceks \
-storepass changeit -noprompt
 
Remove certificate from keystore
 
keytool -delete -noprompt -alias <ALIAS> -keystore JAVA_HOME>/lib/security/cacerts -storepass changeit
 
* [[Java: Importando Certificados SSL para a Java Virtual Machine (JVM)]]
* [[Keytool: Importando chave TLS do servidor LDAP]]
* [[Keytool: Importando uma chave da Let's Encrypt]]
* [[Sametime: Importando Certificados SSL para o cacerts]]

Latest revision as of 18:30, 27 December 2023

OpenSSL Cheat Sheet

Criando as chaves ssl

openssl req -x509 -nodes -days 3650 -newkey rsa:2048  -keyout nginx.key -out nginx.crt \
  -subj "/C=BR/ST=DF/L=Brasilia/O=Company/OU=TI/CN=$(hostname).company.com.br"

Importando um Certificado

Download do certificado

openssl s_client -connect <HOST:PORT> </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > <FILENAME.cer>

Importando via ikeycmd

ikeycmd -cert -add -db "key.jks" -file "FILENAME.cer" -pw <PASSWORD> -label <LABEL_CERTIFICADO> > /dev/null

iKeyCmd Cheat Sheet

List certificates

ikeycmd -cert -list personal -db "key.kdb" -pw changeit

ikeycmd -cert -list ca -db "key.kdb" -pw changeit

Add a client certificate to keystore

ikeycmd -cert -add -db "key.kdb" -label <MYCERTLABEL> -file <FILENAME.crt> -format ascii -pw changeit

Remove certificate from keystore (using stashed password)

ikeycmd -cert -delete -label <MYCERTLABEL> -db "key.kdb" -stashed

Set default certificate

ikeycmd -cert -setdefault -db "key.kdb" -label "mydefaultcertificate" -pw changeit

To create a new certificate request

ikeycmd -certreq -create -db gui-truststore.jks -pw password -size 2048 \
-sig_alg SHA256WithRSA -dn "CN=srv.company.com" -file certreq.csr -label label \
-san_dnsname srv1.company.com,srv2.company.com  \
-san_ipaddr 192.168.2.1,192.168.2.2

To receive the signed certificate by using the iKeycmd command, issue the following command:

ikeycmd -cert -receive -db gui-truststore.jks -pw password -format format -file certificate_file 

To create a self signed certificate

ikeycmd -cert -create -db keyselfsigned.jks -pw 1234 -label mysigner -dn "CN=srv.company.com" -size 2048 -expire 3650 -ca true

Keytool Cheat Sheet

List certificates

keytool -v -list -keystore <JAVA_HOME>/lib/security/cacerts -storepass changeit


Add a client certificate to keystore

keytool -import -alias cert-interno -file /<TEMP_DIR>/certificadoInterno.der \
-keystore  <JAVA_HOME>/lib/security/cacerts -storetype jceks \
-storepass changeit -noprompt

Remove certificate from keystore

keytool -delete -noprompt -alias <ALIAS> -keystore JAVA_HOME>/lib/security/cacerts -storepass changeit