Fév 252023

Still pursuing my journey around ldap, ssl and certificates : lets play with OpenSSL libraries.

Have a look at the code on github here.

Possible actions so far:

--genkey generate rsa keys public.pem and private.pem
--encrypt encrypt a file using public.pem
--decrypt decrypt a file using private.pem
--mkcert make a self sign root cert, read from privatekey (option) & write to ca.crt and ca.key
--mkreq make a certificate service request, read from request.key (if exist) & write to request.csr request.key
--signreq make a certificate from a csr, read from a csr filename and a cert file
--selfsign make a self sign cert, write to cert.crt cert.key
--p12topem convert a pfx to pem, write to cert.crt and cert.key
--pemtop12 convert a pem to pfx, read from cert.crt and cert.key

Example to create a root ca, a certificate signing request and a certificate (which you can use in latest chrome) :

rem if you want to reuse an existing key and therefore renew instead of recreate
tinySSL.exe --mkcert --debug=true --privatekey=ca.key --password=password --filename=ca.crt
rem recreate, not renew
rem tinySSL.exe --mkcert --debug=true --filename=ca.crt
rem renew, not recreate
tinySSL.exe --mkreq --debug=true --filename=request.csr --privatekey=request.key
rem recreate, not renew
rem tinySSL.exe --mkreq --debug=true --filename=request.csr
tinySSL.exe --signreq --debug=true --alt="DNS:*.groupe.fr" --password=password --filename=request.csr --cert=ca.crt

Note : have a look at this article if you want to test your certificate in a http ssl server.