Generate SSL Cert

generate private key

1
openssl genrsa -out xxx-privateKey.key 2048``` no passphase to protect private key

generate public certificate for domain of dummy.gov.hk

1
2
1. openssl req -out xxx.csr -new -newkey rsa:2048 -sha256 -nodes -key xxx-privateKey.key
2. openssl req -text -noout -verify -in xxx.csr

re-generate csr with same private key

1
2
3. openssl req -new -sha256 -nodes -out www.dummy.gov.hk.csr -key www.dummy.gov.hk-privateKey.key -config config.txt
4. openssl req -text -noout -verify -in www.dummy.gov.hk.csr > www.dummy.gov.hk.csr.verify.txt

generate private key for internal certificate for domain of *.dummy.hksarg

1
2
1. openssl req -new -sha256 -nodes -out dummy.hksarg.csr -newkey rsa:2048 -keyout xxx.hksarg-privateKey.key -config config.txt
2. openssl req -text -noout -verify -in dummy.hksarg.csr

generate 3 internal certificates for domain of *.dummy.hksarg by one private key

1
2
3
4
5
6
7
8
1. openssl req -new -sha256 -nodes -out sit.dummy.hksarg.csr -key xxx.hksarg-privateKey.key -config config.txt
2. openssl req -text -noout -verify -in sit.dummy.hksarg.csr > sit.xxx.hksarg.csr.verify.txt

1. openssl req -new -sha256 -nodes -out uat.dummy.hksarg.csr -key xxx.hksarg-privateKey.key -config config.txt
2. openssl req -text -noout -verify -in uat.dummy.hksarg.csr > uat.xxx.hksarg.csr.verify.txt

1. openssl req -new -sha256 -nodes -out dummy.hksarg.csr -key xxx.hksarg-privateKey.key -config config.txt
2. openssl req -text -noout -verify -in dummy.hksarg.csr > dummy.hksarg.csr.verify.txt

convert p7b cert format to PEM

1
2
3
openssl pkcs7 -print_certs -inform der -in certnew-der.p7b > sit.dummy.hksarg.crt
openssl pkcs7 -print_certs -inform der -in certnew-der.p7b > uat.dummy.hksarg.crt
openssl pkcs7 -print_certs -inform der -in certnew-der.p7b > dummy.hksarg.crt

conbime cert and cacert

1
2
3
4
5
openssl x509 -in cert0002107503.cer -subject -issuer -out cert0002107503.crt
openssl x509 -in ecert_ca_1-15_pem.crt -subject -issuer -out ecert_ca_1-15_pem.crt
openssl x509 -in root_ca_1_pem.crt -subject -issuer -out root_ca_1_pem.crt

cat cert0002107503.crt ecert_ca_1-15_pem.crt root_ca_1_pem.crt > www.dummy.gov.hk.crt