Certificados TLS: Difference between revisions

From Wiki
No edit summary
Line 3: Line 3:
* [[OpenSSL: Criando uma Autoridade Certificadora (CA)]]
* [[OpenSSL: Criando uma Autoridade Certificadora (CA)]]


== Criando as chaves ssl ==
==== Criando as chaves ssl ====


  openssl req -x509 -nodes -days 3650 -newkey rsa:2048  -keyout nginx.key -out nginx.crt \
  openssl req -x509 -nodes -days 3650 -newkey rsa:2048  -keyout nginx.key -out nginx.crt \
   -subj "/C=BR/ST=DF/L=Brasilia/O=Company/OU=TI/CN=$(hostname).company.com.br"
   -subj "/C=BR/ST=DF/L=Brasilia/O=Company/OU=TI/CN=$(hostname).company.com.br"


== Importando um Certificado ==
==== Importando um Certificado ====


Download do certificado
Download do certificado

Revision as of 21:29, 7 December 2023

OpenSSL Cheat Sheet

Criando as chaves ssl

openssl req -x509 -nodes -days 3650 -newkey rsa:2048  -keyout nginx.key -out nginx.crt \
  -subj "/C=BR/ST=DF/L=Brasilia/O=Company/OU=TI/CN=$(hostname).company.com.br"

Importando um Certificado

Download do certificado

openssl s_client -connect <HOST:PORT> </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > <FILENAME.cer>

Importando via ikeycmd

ikeycmd -cert -add -db "key.jks" -file "FILENAME.cer" -pw <PASSWORD> -label <LABEL_CERTIFICADO> > /dev/null

iKeyCmd Cheat Sheet

List certificates

ikeycmd -cert -list personal -db "key.kdb" -pw changeit

ikeycmd -cert -list ca -db "key.kdb" -pw changeit

Add a client certificate to keystore

ikeycmd -cert -add -db "key.kdb" -label <MYCERTLABEL> -file <FILENAME.crt> -format ascii -pw changeit

Remove certificate from keystore (using stashed password)

ikeycmd -cert -delete -label <MYCERTLABEL> -db "key.kdb" -stashed

Set default certificate

ikeycmd -cert -setdefault -db "key.kdb" -label "mydefaultcertificate" -pw changeit