Richiesta Certificato

Da Emigar.
Jump to navigation Jump to search

GNU TLS

Generate KEY: 

certtool --generate-privkey --key-type=gost12-512  --curve=TC26-512-A --outfile gost12-512.key
certtool --generate-privkey --key-type=EdDSA --curve=Ed25519 --outfile Ed25519.key

oppure, nuova sintassi: 

certtool --generate-privkey --key-type ed25519 --outfile Ed25519.key

Self Signed: 

certtool --generate-self-signed --load-privkey Ed25519.key --template /tmp/cert.tmp --outfile Ed25519.pem

Certificate Request: 

certtool --generate-request --load-privkey Ed25519.key --outfile Ed25519.req

Certificate Request e chiave: 

certtool --generate-request --key-type ed25519 --outfile miao

Esempio: 

percival@lancelot:~$ certtool --generate-request --ecc --curve=SECP521R1 --outfile miao
Generating a PKCS #10 certificate request...
Generating a 528 bit EC/ECDSA private key...
Common name: Emilio Gargiulo
Organizational unit name: Persone
Organization name: emigar s.r.l.
Locality name: Milano
State or province name: MI
Country name (2 chars): IT
Enter the subject's domain component (DC): 
UID: 
Enter a dnsName of the subject of the certificate: 
Enter a URI of the subject of the certificate: 
Enter the IP address of the subject of the certificate: 
Enter the e-mail of the subject of the certificate: emilio.gargiulo@emigar.it
Enter a challenge password: 
Does the certificate belong to an authority? (y/N): 
Will the certificate be used for encryption (RSA ciphersuites)? (Y/n): 
warning: this algorithm does not support encryption; disabling the encryption flag
Will the certificate be used to sign code? (y/N): 
Will the certificate be used for time stamping? (y/N): y
Will the certificate be used for email protection? (y/N): y
Will the certificate be used for IPsec IKE operations? (y/N): y
Will the certificate be used to sign OCSP requests? (y/N): 
Is this a TLS web client certificate? (y/N): 
Is this a TLS web server certificate? (y/N): 
percival@lancelot:~$

OpenSSL

openssl req -new -days 3655 -newkey rsa:8192 -nodes -sha384 -out amministrazione@emigar.com.req -keyout amministrazione@emigar.com.key \
 -subj '/C=IT/ST=Italia/L=Milano/O=EMIGAR S.r.l./OU=Ruoli/CN=Amministrazione Emigar/emailAddress=amministrazione@emigar.com'

Windows

Creare un file req.txt con questo contenuto: 

[Version]
Signature="$Windows NT$"

[NewRequest]
Subject = "C=IT, ST=Italia, ST=Italia, L=Milano, O=EMIGAR S.r.l., OU=Ruoli, CN=Amministrazione Emigar, emailAddress=amministrazione@emigar.com

KeySpec = 1
KeyLength = 8192
Exportable = TRUE
MachineKeySet = TRUE
SMIME = TRUE
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0
HashAlgorithm = SHA384

[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1 



certreq.exe -new req.txt req.csr
Estratto da "http://www.emigar.com/wiki/index.php?title=Richiesta_Certificato&oldid=5620"