Certificados TLS: Difference between revisions
No edit summary |
|||
Line 3: | Line 3: | ||
* [[OpenSSL: Criando uma Autoridade Certificadora (CA)]] | * [[OpenSSL: Criando uma Autoridade Certificadora (CA)]] | ||
== Criando as chaves ssl == | ==== Criando as chaves ssl ==== | ||
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout nginx.key -out nginx.crt \ | openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout nginx.key -out nginx.crt \ | ||
-subj "/C=BR/ST=DF/L=Brasilia/O=Company/OU=TI/CN=$(hostname).company.com.br" | -subj "/C=BR/ST=DF/L=Brasilia/O=Company/OU=TI/CN=$(hostname).company.com.br" | ||
== Importando um Certificado == | ==== Importando um Certificado ==== | ||
Download do certificado | Download do certificado |
Revision as of 21:29, 7 December 2023
OpenSSL Cheat Sheet
Criando as chaves ssl
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout nginx.key -out nginx.crt \ -subj "/C=BR/ST=DF/L=Brasilia/O=Company/OU=TI/CN=$(hostname).company.com.br"
Importando um Certificado
Download do certificado
openssl s_client -connect <HOST:PORT> </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > <FILENAME.cer>
Importando via ikeycmd
ikeycmd -cert -add -db "key.jks" -file "FILENAME.cer" -pw <PASSWORD> -label <LABEL_CERTIFICADO> > /dev/null
iKeyCmd Cheat Sheet
List certificates
ikeycmd -cert -list personal -db "key.kdb" -pw changeit ikeycmd -cert -list ca -db "key.kdb" -pw changeit
Add a client certificate to keystore
ikeycmd -cert -add -db "key.kdb" -label <MYCERTLABEL> -file <FILENAME.crt> -format ascii -pw changeit
Remove certificate from keystore (using stashed password)
ikeycmd -cert -delete -label <MYCERTLABEL> -db "key.kdb" -stashed
Set default certificate
ikeycmd -cert -setdefault -db "key.kdb" -label "mydefaultcertificate" -pw changeit