zbyszek@katastrofa7:~$ mkdir radagast.ca zbyszek@katastrofa7:~$ cd radagast.ca/ zbyszek@katastrofa7:~/radagast.ca$ openssl genrsa -aes256 -out ca.key 4096 Enter PEM pass phrase: Verifying - Enter PEM pass phrase: zbyszek@katastrofa7:~/radagast.ca$ ls ca.key zbyszek@katastrofa7:~/radagast.ca$ openssl req -new -x509 -days 3650 -key ca.key -out ca.crt Enter pass phrase for ca.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:PL State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []:Radagast Bookstore Certificate Authority 19 Email Address []: zbyszek@katastrofa7:~/radagast.ca$ ls ca.crt ca.key zbyszek@katastrofa7:~/radagast.ca$ openssl genrsa -out radagast.key 4096 zbyszek@katastrofa7:~/radagast.ca$ ls ca.crt ca.key radagast.key zbyszek@katastrofa7:~/radagast.ca$ openssl req -new -key radagast.key -out radagast.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:PL State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []:radagast.store Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: zbyszek@katastrofa7:~/radagast.ca$ ls ca.crt ca.key radagast.csr radagast.key zbyszek@katastrofa7:~/radagast.ca$ openssl req -in radagast.csr -noout -text Certificate Request: Data: Version: 1 (0x0) Subject: C = PL, ST = Some-State, O = Internet Widgits Pty Ltd, CN = radagast.store Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) Modulus: 00:a7:1b:af:c0:74:a3:a6:8b:19:06:1b:c5:3e:ad: c9:79:19:66:b8:96:a7:d6:26:80:03:c1:c9:a5:5c: 3d:d0:dc:ed:f6:4e:c3:16:6d:fc:71:71:3b:6a:7e: a5:83:2a:8d:f5:84:b7:f9:81:23:25:40:01:70:ed: 8d:1f:6b:2f:4c:df:4e:32:ee:76:06:f6:f6:14:9a: 94:dd:c9:82:a2:87:e8:6d:4a:8a:d2:64:fe:2b:51: 2b:89:1a:f6:68:db:4e:f3:87:21:8e:51:f7:38:5f: 24:12:bb:f7:19:e5:34:e0:f2:e3:b0:68:32:93:3a: a8:a6:9a:e3:b6:9e:1a:84:7b:b7:c6:83:53:1c:f9: 49:44:80:5a:d9:97:fe:18:03:ec:9e:d6:ab:ee:b3: ae:6e:cf:d0:2f:26:45:9e:67:e1:f2:e3:68:05:60: d9:88:83:f3:e4:a5:f1:4a:44:d7:b8:f2:27:20:27: 84:56:cf:d9:74:43:22:f3:01:22:2f:d6:ac:81:44: ec:86:76:fa:74:bb:ed:bc:34:ba:f1:f0:7d:9c:1b: 65:3a:17:c4:ad:29:fb:e7:be:76:b6:cb:c3:8f:b4: 95:70:96:9c:08:65:14:a9:07:bc:52:e6:bf:1d:5d: e7:10:21:11:5d:ab:be:f7:6d:c6:6e:a1:7a:b4:a8: 7c:2c:ae:a8:3e:7b:ac:af:69:c6:84:7e:f9:8b:18: 26:16:e3:05:ab:7a:c6:74:5b:3e:04:de:cb:2f:7f: d7:c7:13:3b:96:a8:7b:d1:93:3c:0e:5c:50:15:d5: 83:f1:79:1e:85:1d:05:11:e6:cd:a2:c5:3d:de:84: 5b:70:75:ef:de:95:d1:29:11:1c:68:af:ec:72:62: ed:f4:dc:93:83:d6:47:d1:f0:cc:93:8e:e9:d4:e3: 88:31:07:3a:ea:ca:1f:92:4f:af:20:f7:53:ce:92: 82:ba:df:ed:44:1c:ca:6f:6d:4f:c7:cb:9c:65:4b: d4:b2:11:7e:52:c4:87:92:21:9a:01:6e:80:4b:2e: 4f:37:35:02:5d:2c:5e:4a:4e:d3:39:9a:b0:1b:28: 83:9d:9c:0b:6d:5d:e2:b6:0b:d4:34:c4:a1:d4:c7: 8e:9a:9d:fa:a4:29:75:b4:dd:2c:a3:c6:1d:92:2a: 45:1c:ee:f2:ba:96:c5:78:41:b0:6e:85:66:a2:97: 83:2c:7a:75:ba:b7:f7:6c:29:b3:8f:50:79:48:7c: 2d:0f:80:c8:dd:a7:2d:53:6f:71:7d:6b:86:fa:f6: 4a:e8:68:4a:0e:3d:66:0d:b0:4f:91:ef:bd:70:8c: 14:ed:ee:4a:6e:f7:e3:09:da:e2:7d:c1:80:e1:35: ef:49:5b Exponent: 65537 (0x10001) Attributes: (none) Requested Extensions: Signature Algorithm: sha256WithRSAEncryption Signature Value: 22:55:27:5f:96:40:a9:fa:36:07:0d:13:b2:68:20:eb:72:03: 10:59:22:cd:ce:99:d7:14:19:af:f8:c7:60:d3:d9:c3:f8:4d: ba:17:ec:c2:11:12:98:39:2a:ea:39:52:72:52:fd:55:d1:21: ae:04:ab:5d:d4:33:8f:cb:12:f9:e9:df:7a:50:4b:a0:95:5e: f6:45:8b:c7:8d:bd:1d:c9:74:a4:ec:d1:8c:81:d5:1e:8f:1e: ea:12:9b:48:a2:c5:b6:de:89:33:52:1c:c3:72:66:1c:e9:15: cb:0c:7f:9b:6e:08:12:96:cb:ad:f6:f4:a5:94:95:d9:a4:0d: bb:a1:8b:0c:0b:6a:7a:b2:8d:ac:fb:27:bc:cc:39:7d:cb:5f: c8:79:24:dd:f9:d4:45:09:bc:e6:c4:9e:6a:73:25:0c:ef:b5: 03:cf:2d:48:44:49:a8:7a:a4:0a:29:41:89:d5:8c:56:4e:ff: 4b:dd:5a:40:35:6f:ce:20:76:97:da:60:f5:a4:cc:00:6c:37: c1:b2:51:0b:f2:ad:30:6a:af:d0:6c:da:9c:a5:39:1b:05:09: 39:a3:90:ab:ff:4a:ef:6f:f4:84:4f:8d:70:a7:6f:19:d6:35: dc:5e:89:5b:cb:d4:45:cd:fb:3f:ce:de:e1:71:6b:83:af:e4: 45:08:50:1a:4b:4a:39:07:18:2c:e9:8e:59:e8:9e:98:2c:ea: 98:6c:42:2c:46:90:1a:10:ba:bf:d2:42:01:99:52:10:66:05: 85:1e:aa:c2:a5:8f:12:28:b3:9b:e8:ce:ab:d8:97:89:fb:9a: 6a:71:27:48:38:35:42:30:c8:c5:df:4c:00:ab:5b:d5:54:12: 37:47:df:d6:d4:f7:50:e8:9e:09:04:c2:b9:95:f4:c0:58:d4: 70:8c:18:4a:92:9b:49:ff:c0:2c:9e:a7:c1:93:a7:63:c7:9d: d2:f6:7e:10:fe:0c:58:0e:08:ec:30:48:db:47:6f:82:7f:86: 4b:26:4a:89:20:ef:5f:3b:8f:19:a6:a1:c3:42:d1:f5:ea:ef: 1f:72:1e:a1:0a:c2:fa:82:27:f7:34:01:21:ce:d3:f5:92:5d: 03:11:74:27:e8:9c:d4:a9:de:e3:e8:d8:4d:72:db:ec:90:3e: 45:3a:24:a8:86:93:b9:69:67:72:63:41:99:f7:4c:7e:c2:61: 41:73:d3:e2:26:99:cb:07:d0:c6:43:08:94:b1:a2:44:b1:85: a2:a6:e8:1b:13:e3:fb:79:7c:be:29:c1:d5:67:a5:17:a7:2e: cd:91:95:83:7d:11:25:9f:3b:c7:c4:e0:4c:c6:8c:3d:12:27: 8c:aa:e0:22:27:65:70:7c zbyszek@katastrofa7:~/radagast.ca$ openssl x509 -req -in radagast.csr -CA ca.crt -CAkey ca.key -days 730 -CAcreateserial -out radagast.crt -extensions v3_req Warning: ignoring -extensions option without -extfile Certificate request self-signature ok subject=C = PL, ST = Some-State, O = Internet Widgits Pty Ltd, CN = radagast.store Enter pass phrase for ca.key: zbyszek@katastrofa7:~/radagast.ca$ ls ca.crt ca.key ca.srl radagast.crt radagast.csr radagast.key zbyszek@katastrofa7:~/radagast.ca$ openssl verify radagast.crt C = PL, ST = Some-State, O = Internet Widgits Pty Ltd, CN = radagast.store error 20 at 0 depth lookup: unable to get local issuer certificate error radagast.crt: verification failed zbyszek@katastrofa7:~/radagast.ca$ openssl x509 -in radagast.crt -noout -text Certificate: Data: Version: 1 (0x0) Serial Number: 71:99:f7:71:e5:4f:35:3c:a9:ed:f9:de:3a:e7:6b:10:88:c0:0e:86 Signature Algorithm: sha256WithRSAEncryption Issuer: C = PL, ST = Some-State, O = Internet Widgits Pty Ltd, CN = Radagast Bookstore Certificate Authority 19 Validity Not Before: Jun 10 11:13:49 2024 GMT Not After : Jun 10 11:13:49 2026 GMT Subject: C = PL, ST = Some-State, O = Internet Widgits Pty Ltd, CN = radagast.store Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) Modulus: 00:a7:1b:af:c0:74:a3:a6:8b:19:06:1b:c5:3e:ad: c9:79:19:66:b8:96:a7:d6:26:80:03:c1:c9:a5:5c: 3d:d0:dc:ed:f6:4e:c3:16:6d:fc:71:71:3b:6a:7e: a5:83:2a:8d:f5:84:b7:f9:81:23:25:40:01:70:ed: 8d:1f:6b:2f:4c:df:4e:32:ee:76:06:f6:f6:14:9a: 94:dd:c9:82:a2:87:e8:6d:4a:8a:d2:64:fe:2b:51: 2b:89:1a:f6:68:db:4e:f3:87:21:8e:51:f7:38:5f: 24:12:bb:f7:19:e5:34:e0:f2:e3:b0:68:32:93:3a: a8:a6:9a:e3:b6:9e:1a:84:7b:b7:c6:83:53:1c:f9: 49:44:80:5a:d9:97:fe:18:03:ec:9e:d6:ab:ee:b3: ae:6e:cf:d0:2f:26:45:9e:67:e1:f2:e3:68:05:60: d9:88:83:f3:e4:a5:f1:4a:44:d7:b8:f2:27:20:27: 84:56:cf:d9:74:43:22:f3:01:22:2f:d6:ac:81:44: ec:86:76:fa:74:bb:ed:bc:34:ba:f1:f0:7d:9c:1b: 65:3a:17:c4:ad:29:fb:e7:be:76:b6:cb:c3:8f:b4: 95:70:96:9c:08:65:14:a9:07:bc:52:e6:bf:1d:5d: e7:10:21:11:5d:ab:be:f7:6d:c6:6e:a1:7a:b4:a8: 7c:2c:ae:a8:3e:7b:ac:af:69:c6:84:7e:f9:8b:18: 26:16:e3:05:ab:7a:c6:74:5b:3e:04:de:cb:2f:7f: d7:c7:13:3b:96:a8:7b:d1:93:3c:0e:5c:50:15:d5: 83:f1:79:1e:85:1d:05:11:e6:cd:a2:c5:3d:de:84: 5b:70:75:ef:de:95:d1:29:11:1c:68:af:ec:72:62: ed:f4:dc:93:83:d6:47:d1:f0:cc:93:8e:e9:d4:e3: 88:31:07:3a:ea:ca:1f:92:4f:af:20:f7:53:ce:92: 82:ba:df:ed:44:1c:ca:6f:6d:4f:c7:cb:9c:65:4b: d4:b2:11:7e:52:c4:87:92:21:9a:01:6e:80:4b:2e: 4f:37:35:02:5d:2c:5e:4a:4e:d3:39:9a:b0:1b:28: 83:9d:9c:0b:6d:5d:e2:b6:0b:d4:34:c4:a1:d4:c7: 8e:9a:9d:fa:a4:29:75:b4:dd:2c:a3:c6:1d:92:2a: 45:1c:ee:f2:ba:96:c5:78:41:b0:6e:85:66:a2:97: 83:2c:7a:75:ba:b7:f7:6c:29:b3:8f:50:79:48:7c: 2d:0f:80:c8:dd:a7:2d:53:6f:71:7d:6b:86:fa:f6: 4a:e8:68:4a:0e:3d:66:0d:b0:4f:91:ef:bd:70:8c: 14:ed:ee:4a:6e:f7:e3:09:da:e2:7d:c1:80:e1:35: ef:49:5b Exponent: 65537 (0x10001) Signature Algorithm: sha256WithRSAEncryption Signature Value: a6:56:37:06:8f:ff:ea:65:93:b0:8d:0f:f3:2b:d7:21:ea:7b: 20:33:a0:a3:9a:98:f6:a7:28:50:17:9b:d4:14:37:bd:24:bb: cd:c5:eb:82:24:a7:37:e8:f6:96:82:d7:23:ea:1b:a3:81:0a: 8d:00:f2:da:e9:e2:b7:e2:62:c3:29:0c:22:be:f1:c1:9c:3b: 0f:5b:b7:08:7c:b9:4d:ca:f0:0f:f4:fb:7c:f4:5c:96:c1:a3: 55:2d:94:25:e7:5b:f6:a6:86:ad:09:b1:66:ae:b6:09:38:f9: ad:1a:78:c1:40:74:ba:53:9e:ac:52:da:4c:00:6b:a6:b4:4d: f7:a5:e1:62:67:9a:ef:b6:52:77:79:43:3c:24:59:3f:4a:fe: d0:9c:d7:ff:88:25:b1:e5:3d:a1:36:4c:fd:db:f1:be:1e:46: 5c:e8:c3:c9:63:fd:55:e6:8c:15:9e:c0:03:20:a5:78:01:e7: 0f:78:6d:8b:bb:29:fe:8a:93:0e:49:fc:ee:79:34:ad:72:dc: 9e:a5:5c:09:89:aa:e9:7c:5a:19:a6:97:51:2c:ff:29:74:1c: 25:d1:40:6c:5f:0e:e0:c9:e9:62:56:ac:62:8a:d2:d2:21:cf: e7:d0:ae:e2:98:a0:f5:82:3f:71:56:78:d8:af:0e:9f:70:c2: 55:19:e5:a2:76:b7:fb:63:d5:84:98:4f:ec:94:6d:ee:2c:9b: c0:35:9c:ee:3d:f0:76:7d:f3:7c:a2:c5:9e:c6:68:22:be:8f: 01:bd:bc:3b:50:53:93:44:ab:1f:e8:bd:5a:48:47:99:c0:79: e7:cd:42:4c:1a:59:64:12:3c:63:43:19:be:64:ad:9b:b8:2c: 90:93:f9:04:45:26:2f:fe:9b:a0:69:c5:67:00:d6:b4:f5:67: e7:f6:07:99:16:0c:19:2c:96:90:84:35:c6:3f:2b:0c:cf:b9: 0f:81:93:38:c0:05:fb:f9:f9:b6:54:89:34:f7:44:0c:e0:19: c2:7d:4f:fe:b8:bd:20:2f:bf:c5:b0:b3:08:f0:f6:a6:57:07: 3b:e0:3f:49:73:5c:69:3f:bd:41:2e:10:0f:13:27:20:83:91: 10:4f:70:10:d2:d5:5c:c6:01:52:8d:7e:c4:d5:06:8a:55:4b: e2:ec:05:5b:64:09:0f:8e:42:ac:9b:db:48:eb:1a:71:76:aa: 8c:85:bb:fa:58:f5:b3:62:39:c6:58:ce:78:0f:93:a2:15:36: 89:ec:72:00:38:7a:23:db:ec:0c:32:e9:30:02:8c:76:b0:a6: 61:e5:a5:f6:2d:c8:77:02:7c:4b:7e:7d:4a:1f:de:17:4d:2e: 2f:00:9a:b8:ae:05:c8:e2