Simpler TLS Cert Creation Available

Just looking at the example script contrib/scripts/ast_tls_cert in the source tree, and noting that the procedure for creating and signing certificates is much simpler with the command-line tools available with OpenSSL 3.0, which came out about 16 months ago. Having created your CA cert, you can create and sign a user (subject?) cert with a single command, without needing to set up a config file or go through the cert-request step. This is using the new “micro-CA” mode, e.g.

openssl req -new \
     -subj "/C=NZ/ST=Waikato/L=Hamilton/O=MegaCorp Inc/OU=Staff/CN=Server" \
     -newkey rsa:2048 -nodes \
     -CA test-ca.crt -CAkey test-ca.key -days 90 \
     -keyout server.key -out server.crt

Of course, I accept that lots of people will still be using OpenSSL 1.1.x

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.