openssl req -nodes -x509 -sha256 -newkey rsa:4096 \
-keyout example.org.key \
-out example.org.crt \
-days 356 \
-subj "/C=NL/ST=Zuid Holland/L=Rotterdam/O=ACME Corp/OU=IT Dept/CN=example.org" \
-addext "subjectAltName = DNS:localhost,DNS:example.org"
une fonction pour vérifier un certificat remote sur un local ca.crt
verify_cert ()
{
g=${PWD};
cd /tmp;
echo $2 | cut -c 1 | grep --color=auto -iEq '\.|\/';
if [ $? -eq 0 ]; then
capath=$2;
else
capath=$g/$2;
fi;
echo verifying $1 against $capath...;
openssl s_client -showcerts -connect $1 < /dev/null 2> /dev/null | openssl x509 -outform PEM > cert.pem && openssl verify -verbose -CAfile $capath cert.pem;
ret=$?;
cd -;
return $ret
}
openssl s_client -connect dooby.fr:443 -cipher "AES128-SHA-EDH"
Le one liner qu'il est bien :D
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout mysitename.key -out mysitename.crt