meta data for this page
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| ssl:openssl [2016/04/05 10:02] – linux:openssl renamed to ssl:openssl niziak | ssl:openssl [2025/01/11 14:19] (current) – niziak | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | == CA Bundle == | + | ====== OpenSSL ====== |
| + | |||
| + | ====== RSA keys ====== | ||
| + | <code bash> | ||
| + | < | ||
| + | Export private key (unencrypted!) | ||
| + | < | ||
| + | Export pub key in OpenSSH format: | ||
| + | < | ||
| + | |||
| + | ==== CA Bundle | ||
| === Extract CAs form Mozilla === | === Extract CAs form Mozilla === | ||
| Direct download link [[https:// | Direct download link [[https:// | ||
| Line 46: | Line 56: | ||
| === Server certificate chain === | === Server certificate chain === | ||
| + | |||
| + | [[https:// | ||
| + | < | ||
| + | certificate_list | ||
| + | This is a sequence (chain) of X.509v3 certificates. | ||
| + | certificate must come first in the list. Each following | ||
| + | certificate must directly certify the one preceding it. Because | ||
| + | certificate validation requires that root keys be distributed | ||
| + | independently, | ||
| + | certificate authority may optionally be omitted from the chain, | ||
| + | under the assumption that the remote end must already possess it | ||
| + | in order to validate it in any case. | ||
| + | </ | ||
| + | |||
| + | |||
| It is required to put not only site certificate in your web server configuration, | It is required to put not only site certificate in your web server configuration, | ||
| If your server certificate is in PEM format (text), additional certificates can be simply concatenated. | If your server certificate is in PEM format (text), additional certificates can be simply concatenated. | ||