Skip to content

shupp/openssl-examples

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits

crl

crl

 
 

cross-signing

cross-signing

 
 

ocsp

ocsp

 
 

scrape

scrape

 
 

ssh-signing

ssh-signing

 
 

subject-key-identifier

subject-key-identifier

 
 

three-tier

three-tier

 
 

two-tier

two-tier

 
 

.gitignore

.gitignore

 
 

README.md

README.md

 
 

Repository files navigation

openssl-examples

This is a place to capture examples of common openssl use cases for future reference. They are wrapped in easily repeatable make commands with related clean targets.

  • two-tier - A simple two tier certificate chain. One Certificate Authority and one leaf certificate. It aso includes examples of testing CipherString SECLEVEL values, which is an issue coming up with debian buster.
  • three-tier - An example three tier chain containing a Root Ceritificate Authority, an Intermediate Certificate Authority, and a leaf certificate.
  • cross-signing - An example cross signed three tier chain containing two different Root Ceritificate Authorities, an Intermediate Certificate Authority with a common Certificate Signing Request and private key, but two certificates (each signed by a unique root), and a leaf certificate that validates with either chain.
  • crl - An example Certificate Revocation List based on a single Certificate Authority, one leaf certificate, and another leaf certificate that has been revoked for "Key Compromise".
  • ocsp - An example CA implementing both a Certificate Revocation List and OCSP. It's based on a single Certificate Authority, an OCSP signing certificate, one leaf certificate, and another leaf certificate that has been revoked for "Key Compromise".
  • subject-key-identifier - This example shows how you can manually generate a Subject Key Identifier from a public key.
  • scrape - Examples of scraping certificates from live services.
  • ssh-signing - Example of signing a public ssh key for authorizaition by trusted certificates or even principals.

From each of these sub-directories, you can use make all to see available targets to work with:

$ (cd two-tier && make)
Available targets:

all
build
clean
clean-leaf-cert
clean-leaf-csr
clean-leaf-key
clean-root-cert
clean-root-key
clean-serial
help
inspect
inspect-extensions
inspect-leaf
inspect-leaf-csr
inspect-leaf-sha1
inspect-root
leaf/leaf-sha1.crt
leaf/leaf.crt
leaf/leaf.csr
leaf/leaf.key
root/ca.crt
root/ca.key
test-docker
test-http-seclevel1-pass
test-http-seclevel2-fail
test-http-seclevel2-pass
verify
version

About

A collection of common openssl examples

Resources

Readme
Activity

Stars

2 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages