https://amod-kadam.medium.com/how-to-set-up-private-ca-and-use-the-certificates-issued-by-private-ca-da55941c51ee
Step1: Generate private key for CA
openssl genrsa -des3 -out CA.key 2048
openssl genrsa -des3 -out ca.key 4096
openssl genrsa -aes256 -out ca.key 2048
openssl genrsa -aes256 -out lab.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
.......................................+++++
..........................................+++++
e is 65537 (0x010001)
Enter pass phrase for lab.key:
Verifying - Enter pass phrase for lab.key: aruba123
cisco123
.........................................
Step2: Generate CA certificate
openssl req -x509 -new -nodes -key CA.key -sha256 -days 1825 -out CA.pem
openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
openssl req -x509 -new -nodes -key ca.key -sha256 -days 1825 -out ca.pem
.........................................
openssl req -new -key client1.key -out client1.csr -config client.conf.
openssl genrsa -aes256 -out client1.key 2048
openssl genrsa -aes256 -out client2.key 2048
(openssl req -new -key ca.key -out client1.csr)
openssl req -new -key client1.key -out client1.csr
openssl req -new -key client2.key -out client2.csr
.........................................
openssl req -in client1.csr -noout -text
.........................................
openssl x509 -req -in client1.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out client1.crt -days 500 -sha256 -extfile client.conf -extensions req_ext.
openssl x509 -req -days 3650 -in acme.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out acme.crt -sha256
openssl x509 -req -in client1.csr -CA ca.pem -days 3650 -CAkey ca.key -set_serial 01 -out client1.pem
openssl x509 -req -in client2.csr -CA ca.pem -days 3650 -CAkey ca.key -set_serial 02 -out client2.pem
.........................................
openssl x509 -in client1.pem -text -noout
.........................................
https://stackoverflow.com/questions/808669/convert-a-cert-pem-certificate-to-a-pfx-certificate
openssl pkcs12 -inkey bob_key.pem -in bob_cert.cert -export -out bob_pfx.pfx
openssl pkcs12 -inkey client1.key -in client1.pem -export -out client1_pfx.pfx
openssl pkcs12 -inkey client2.key -in client2.pem -export -out client2.pfx
.........................................
openssl pkcs12 -in example.pfx -info
.........................................
.........................................
Reference:
https://www.javaxt.com/wiki/Tutorials/Windows/How_to_Enable_LDAPS_in_Active_Directory
https://knowledge.digicert.com/general-information/openssl-quick-reference-guide
https://amod-kadam.medium.com/how-to-set-up-private-ca-and-use-the-certificates-issued-by-private-ca-da55941c51ee
https://mcilis.medium.com/how-to-create-a-client-certificate-with-configuration-using-openssl-89214dca58ec
https://docs.microfocus.com/SM/9.60/Hybrid/Content/security/concepts/example_generating_a_client_certificate_with_openssl.htm
https://techdocs.akamai.com/iot-edge-connect-msg-store/docs/create-client-certificate
https://techdocs.akamai.com/iot-edge-connect-msg-store/docs/create-root-certificate
PFX file
https://superuser.com/questions/1352171/certificate-validation-failure-while-using-cisco-anyconnect-with-pfx-certificate
https://stackoverflow.com/questions/808669/convert-a-cert-pem-certificate-to-a-pfx-certificate
.........................................
<?xml version="1.0" encoding="UTF-8"?><CISCO_WT_ARTIFACTS version="1.0"><CISCO_WT_LICENSE version="1.0"><FEATURE_NAME>isrv_ax_2500M</FEATURE_NAME><FEATURE_VERSION>1.0</FEATURE_VERSION><UDI><PID>CSR1000V</PID><SN>9TH7THPKTT1</SN></UDI><SOURCE>Cisco HQ</SOURCE><CREATE_DATE>2024-08-07T21:15:32</CREATE_DATE><LICENSE_LINE_HASH hashAlgo="SHA1">JBvrqjBdFJT20G0r1k+HIKCCc2w=</LICENSE_LINE_HASH><TYPE>PERMANENT</TYPE><EXPIRATION><END_DATE>2024-10-06T00:00:00</END_DATE></EXPIRATION><EULA>YES</EULA><LICENSE_LINE><![CDATA[12 isrv_ax_2500M 1.0 LONG NORMAL STANDALONE EXCL INFINITE_KEYS INFINITE_KEYS NEVER 6 OCT 2024 0 NiL SLM_CODE CL_ND_LCK NiL *16TCG9NNFN3G7NB400 NiL NiL NiL 5_MINS <UDI><PID>CSR1000V</PID><SN>9TH7THPKTT1</SN></UDI><T></T> g1vN31TW:J1oxPN,my80fXjZhLpsIKAemgCQWu7QO:3CTbzuOlwc3o:Ek:JBvVmjLP2x8eaaDknlXLsCY9sTB13nG4DG1,Bwtnvt4JJVuTD:VdVmhrGPnS8eIAuqwaYtOXVf$<WLC>AQEBISAB//+MlxSL+JEtsz69sAok+UgcaAQrPyL4yPhKhHwtX5bmbzFZXBZo8M5Y0j9gHdCXtUfuqTEyF3Qjv6OgUxqCBLxC39awh+4AFpeUpMd2eIwjYyY4xDkAF4R5JxWFrounhiN89CsmPogG23Og4EJ0yZfQDhXzY00o7+ZWZVe61YQ1M11MRJGkwS1ELz8crBZnBZo=</WLC>]]></LICENSE_LINE><USER_MODIFIABLE_COMMENT fieldRestrictions="Max 99 ASCII characters in length."></USER_MODIFIABLE_COMMENT></CISCO_WT_LICENSE>
</CISCO_WT_ARTIFACTS>
.........................................
No comments:
Post a Comment