[linux notes] CA

mkdir /var/myca
cd /var/myca
vi /etc/ssl/openssl.cnf
/usr/share/ssl/misc/CA -newca
openssl req -newkey rsa:1024 -nodes -keyout newreq.pem -out newreq.pem
/usr/share/ssl/misc/CA -sign
openssl x509 -in newcert.pem -text -noout

———-
# cat get_x509_hash.sh
HASH=`openssl x509 -noout -hash -in /etc/openldap/cacert.pem`
echo Please run these commands
echo “cd /etc/openldap/cacerts”
echo “ln -s ../cacert.pem $HASH.0”
———-

openssl ca -revoke ./demoCA/newcerts/01.pem
openssl ca -gencrl -out ca-crl.pem