OpenMTC/doc/certificates.md
2017-11-07 14:41:38 +01:00

36 lines
1022 B
Markdown

# Certificate Issuance Guide
## How to create certificates?
TODO: some extra documentation when issuance is changed
### OpenSSL commands to create certificates
1. Create a Private Key
```shell
$ openssl ecparam -genkey -name prime256v1 -out intermediate/private/server.key.pem
```
2. Create a Certificate Signing Request
The private key is used to create a certificate signing request (CSR).
```shell
$ openssl req -new -SHA256 -nodes -config intermediate/openssl_intermediate.cnf -key intermediate/private/server.key.pem -out intermediate/csr/server.csr.pem
```
3. Create a Certificate
The Certificate Authority (CA) (in this case the intermediate CA) is used to sign the CSR and create a certificate.
```shell
openssl ca -config intermediate/openssl_intermediate.cnf -extensions server_cert -days 365 -notext -md sha256 -in intermediate/csr/server.csr.pem -out intermediate/certs/server.cert.pem
```
## How to setup the certificates when using Docker?
TODO: NC