Richiesta Certificato
Jump to navigation
Jump to search
GNU TLS
Generate KEY:
certtool --generate-privkey --key-type=gost12-512 --curve=TC26-512-A --outfile gost12-512.key certtool --generate-privkey --key-type=EdDSA --curve=Ed25519 --outfile Ed25519.key
oppure, nuova sintassi:
certtool --generate-privkey --key-type ed25519 --outfile Ed25519.key
Self Signed:
certtool --generate-self-signed --load-privkey Ed25519.key --template /tmp/cert.tmp --outfile Ed25519.pem
Certificate Request:
certtool --generate-request --load-privkey Ed25519.key --outfile Ed25519.req
Certificate Request e chiave:
certtool --generate-request --key-type ed25519 --outfile miao
Esempio:
percival@lancelot:~$ certtool --generate-request --ecc --curve=SECP521R1 --outfile miao Generating a PKCS #10 certificate request... Generating a 528 bit EC/ECDSA private key... Common name: Emilio Gargiulo Organizational unit name: Persone Organization name: emigar s.r.l. Locality name: Milano State or province name: MI Country name (2 chars): IT Enter the subject's domain component (DC): UID: Enter a dnsName of the subject of the certificate: Enter a URI of the subject of the certificate: Enter the IP address of the subject of the certificate: Enter the e-mail of the subject of the certificate: emilio.gargiulo@emigar.it Enter a challenge password: Does the certificate belong to an authority? (y/N): Will the certificate be used for encryption (RSA ciphersuites)? (Y/n): warning: this algorithm does not support encryption; disabling the encryption flag Will the certificate be used to sign code? (y/N): Will the certificate be used for time stamping? (y/N): y Will the certificate be used for email protection? (y/N): y Will the certificate be used for IPsec IKE operations? (y/N): y Will the certificate be used to sign OCSP requests? (y/N): Is this a TLS web client certificate? (y/N): Is this a TLS web server certificate? (y/N): percival@lancelot:~$
OpenSSL
openssl req -new -days 3655 -newkey rsa:8192 -nodes -sha384 -out amministrazione@emigar.com.req -keyout amministrazione@emigar.com.key \ -subj '/C=IT/ST=Italia/L=Milano/O=EMIGAR S.r.l./OU=Ruoli/CN=Amministrazione Emigar/emailAddress=amministrazione@emigar.com'
Windows
Creare un file req.txt
con questo contenuto:
[Version] Signature="$Windows NT$" [NewRequest] Subject = "C=IT, ST=Italia, ST=Italia, L=Milano, O=EMIGAR S.r.l., OU=Ruoli, CN=Amministrazione Emigar, emailAddress=amministrazione@emigar.com KeySpec = 1 KeyLength = 8192 Exportable = TRUE MachineKeySet = TRUE SMIME = TRUE PrivateKeyArchive = FALSE UserProtected = FALSE UseExistingKeySet = FALSE ProviderName = "Microsoft RSA SChannel Cryptographic Provider" ProviderType = 12 RequestType = PKCS10 KeyUsage = 0xa0 HashAlgorithm = SHA384 [EnhancedKeyUsageExtension] OID=1.3.6.1.5.5.7.3.1
certreq.exe -new req.txt req.csr