booboo@dunno ~]$ umask 077 [booboo@dunno ~]$ mkdir ca [booboo@dunno ~]$ cd ca [booboo@dunno ~]$ mkdir newcerts [booboo@dunno ~]$ echo -ne "01" >serial [booboo@dunno ~]$ echo -ne "01" >crlnumber [booboo@dunno ca]$ locate openssl.cnf [booboo@dunno ca]$ cp Pfad/openssl.cnf ./ca.cnf [booboo@dunno ca]$ vi ca.cnf [booboo@dunno ca]$ # Anpassungen wie im Kasten "Zertifikate erstellen" beschrieben. [booboo@dunno ca]$ openssl genrsa -des3 -out ca.meine-domain.de.key 2048 [...] Enter pass phrase for ca.meine-domain.de.key:******** Verifying - Enter pass phrase for ca.meine-domain.de.key:******** [booboo@dunno ca]$ openssl req -config ./ca.cnf -new -x509 -days 3650 -key ca.meine-domain.de.key -out ca.meine-domain.de.crt Enter pass phrase for ca.meine-domain.de.key:******** [...] Country Name (2 letter code) [GB]:DE State or Province Name (full name) [Berkshire]:Bayern Locality Name (eg, city) [Newbury]:Nuernberg Organization Name (eg, company) [My Company Ltd]:BooBoo Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []:ca.meine-domain.de Email Address []:ca@meine-domain.de [booboo@dunno ca]$ openssl genrsa -out dunno.dyndns.info.key 1024 [...] [booboo@dunno ca]$ openssl req -config ./ca.cnf -new -key dunno.dyndns.info.key -out dunno.dyndns.info.csr [...] Common Name (eg, your name or your server's hostname) []:dunno.dyndns.info Email Address []:webmaster@meine-domain.de [...] [booboo@dunno ca]$ openssl ca -config ./ca.cnf -days 730 -in dunno.dyndns.info.csr -out dunno.dyndns.info.crt Using configuration from ./ca.cnf Enter pass phrase for /home/booboo/ca/ca.meine-domain.de.key:******** Check that the request matches the signature Signature ok Certificate Details: Serial Number: 1 (0x1) Validity Not Before: Apr 18 15:43:35 2009 GMT Not After : Apr 18 15:43:35 2011 GMT Subject: countryName = DE stateOrProvinceName = Bayern organizationName = BooBoo commonName = dunno.dyndns.info emailAddress = webmaster@meine-domain.de X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 9E:B0:98:FB:CB:34:34:9F:15:AC:6E:F5:91:0D:2A:A1:91:E5:35:1E X509v3 Authority Key Identifier: keyid:73:FA:ED:48:EF:7E:4A:EA:F6:E2:78:EB:A4:2C:9E:39:A4:46:98:51 Certificate is to be certified until Apr 18 15:43:35 2011 GMT (730 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated [booboo@dunno ca]$ openssl genrsa -des3 -out hans.meier.meine-domain.de.key 1024 [...] [booboo@dunno ca]$ openssl req -config ./ca.cnf -new -key hans.meier.meine-domain.de.key -out hans.meier.meine-domain.de.csr [...] Common Name (eg, your name or your server's hostname) []:hans.meier.meine-domain.de Email Address []:hans.meier@meine-domain.de [...] [booboo@dunno ca]$ openssl ca -config ./ca.cnf -days 730 -in hans.meier.meine-domain.de.csr -out hans.meier.meine-domain.de.crt [...] [booboo@dunno ca]$ openssl pkcs12 -export -in hans.meier.meine-domain.de.crt -inkey hans.meier.meine-domain.de.key -certfile ca.meine-domain.de.crt -out hans.meier.meine-domain.de.p12 Enter pass phrase for hans.meier.meine-domain.de.key:******** Enter Export Password:******** Verifying - Enter Export Password:********