Viktor,
On 03/09/2017 05:53 PM, Viktor Dukhovni wrote:
On Mar 9, 2017, at 8:43 PM, Robert Moskowitz wrote:
$ umask 077 # avoid world-readable private keys
Perhaps (no perhaps about it) this is old information, but I picked up that I
needed:
chmod 640 for the private keys for Apache. (a
Very nice. But this looks like it as part of the whole easyRSA effort,
not something I can easily feed into the openssl command to create the
cert. It would take a fair bit of digging to dig out what I need for now.
Definitely something I will look into soon, as providing a simple PKI
for a
On 03/10/2017 01:10 AM, openssl-users-requ...@openssl.org digested:
> Thing is that this then prompts for a number of fields:
[...]
> Is there some 'simple' way to provide these answers? Like with env
> variables?
Yes, and as others have already pointed out, there's also the
possibility of comma
On 03/09/2017 08:53 PM, Viktor Dukhovni wrote:
On Mar 9, 2017, at 8:43 PM, Robert Moskowitz wrote:
$ umask 077 # avoid world-readable private keys
Perhaps (no perhaps about it) this is old information, but I picked up that I
needed:
chmod 640 for the private keys for Apache. (and post
> On Mar 9, 2017, at 8:43 PM, Robert Moskowitz wrote:
>
>> $ umask 077 # avoid world-readable private keys
>
> Perhaps (no perhaps about it) this is old information, but I picked up that I
> needed:
>
> chmod 640 for the private keys for Apache. (and postfix and others use these
> certs;
Viktor,
On 03/09/2017 08:17 PM, Viktor Dukhovni wrote:
On Mar 9, 2017, at 6:49 PM, Robert Moskowitz wrote:
I am creating self-signed certs with:
openssl req -new -outform PEM -out certs/$your_host_tld.crt -newkey rsa:2048
-nodes -keyout private/$your_host_tld.key -keyform PEM -days 3650 -x50
Jan,
On 03/09/2017 08:06 PM, Jan Danielsson wrote:
On 03/10/17 00:49, Robert Moskowitz wrote:
[---]
Is there some 'simple' way to provide these answers? Like with env
variables?
I tend do create response files (one response per line) and then
simply pipe to openssl:
$ cat foo.params
> On Mar 9, 2017, at 6:49 PM, Robert Moskowitz wrote:
>
> I am creating self-signed certs with:
>
> openssl req -new -outform PEM -out certs/$your_host_tld.crt -newkey rsa:2048
> -nodes -keyout private/$your_host_tld.key -keyform PEM -days 3650 -x509
> -extensions v3_req
>
> Where, for examp
Hi, Rich.
Fancy meeting you here.
On 03/09/2017 07:33 PM, Salz, Rich via openssl-users wrote:
Yes there are easier ways to do this. Set up a conf file and use it (via the
-conf flag). You can use env vars, set default values, and so on. Look at the
config manpages, https://www.openssl.org/
On 03/10/17 00:49, Robert Moskowitz wrote:
[---]
> Is there some 'simple' way to provide these answers? Like with env
> variables?
I tend do create response files (one response per line) and then
simply pipe to openssl:
$ cat foo.params | openssl ...
Just make sure openssl doesn't need
Yes there are easier ways to do this. Set up a conf file and use it (via the
-conf flag). You can use env vars, set default values, and so on. Look at the
config manpages, https://www.openssl.org/docs/manmaster/man5/
For a fuller example, see https://www.openssl.org/~rsalz/pki.tgz
PS -- fi
I am creating self-signed certs with:
openssl req -new -outform PEM -out certs/$your_host_tld.crt -newkey
rsa:2048 -nodes -keyout private/$your_host_tld.key -keyform PEM -days
3650 -x509 -extensions v3_req
Where, for example:
your_host_tld=z9m9z.test.htt-consult.com
Thing is that this then
12 matches
Mail list logo