/usr/share/doc/libaws-doc/examples/cert/README is in libaws-doc 3.3.2-2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 | Here are some notes to:
1. Create a CA
2. Create a server certificate (signed by our CA)
3. Create a client certificate (signed by our CA)
More information can be found a the AWS documentation.
-----------------------------------
Initialize OpenSSL CA on GNU/Debian
-----------------------------------
This heavily depends on the OS and distribution used. To initialize a demo
CA on GNU/Debian is easy with a standard OpenSSL install see default_ca in
/etc/ssl/openssl.cnf. So we can create the CA locally for the cert demo:
$ mkdir demoCA
$ mkdir demoCA/newcerts
$ touch demoCA/index.txt
$ echo ABCC > demoCA/serial
----------------------------------
Create a Certificate Authority key
----------------------------------
$ openssl genrsa -out private-ca.key 1024
$ openssl req -new -key private-ca.key -out private-ca.csr
Country Name (2 letter code) [AU]:FR
State or Province Name (full name) [Some-State]:Ile de France
Locality Name (eg, city) []:Magny les Hameaux
Organization Name (eg, company) [Internet Widgits Pty Ltd]:AWS Team
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:Pascal Obry
Email Address []:aws@obry.net
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:letmein
An optional company name []:AWS Team
$ openssl x509 -req -days 365 -in private-ca.csr -signkey private-ca.key -out private-ca.crt
-----------------------------------------
Create web server key signed with our CA
----------------------------------------
$ openssl genrsa -out aws-server.key 1024
$ openssl req -new -key aws-server.key -out aws-server.csr
Country Name (2 letter code) [AU]:FR
State or Province Name (full name) [Some-State]:Ile de France
Locality Name (eg, city) []:Magny les Hameaux
Organization Name (eg, company) [Internet Widgits Pty Ltd]:AWS Team
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:localhost
Email Address []:aws@obry.net
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:certdemo
An optional company name []:AWS Team
$ openssl ca -in aws-server.csr -cert private-ca.crt -keyfile private-ca.key -out aws-server.crt
-----------------------------------------
Create web browser key signed with our CA
-----------------------------------------
$ openssl genrsa -des3 -out aws-client.key 1024
Enter pass phrase for aws-client.key:letmein
$ openssl req -new -key aws-client.key -out aws-client.csr
Country Name (2 letter code) [AU]:FR
State or Province Name (full name) [Some-State]:Ile de France
Locality Name (eg, city) []:Paris
Organization Name (eg, company) [Internet Widgits Pty Ltd]:AWS Team
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:Jean Dupont
Email Address []:jean.dupont@nowhere.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:letmein
An optional company name []:AWS Team
$ openssl ca -in aws-client.csr -cert private-ca.crt -keyfile private-ca.key -out aws-client.crt
$ openssl pkcs12 -export -clcerts -in aws-client.crt -inkey aws-client.key -out aws-client.p12
|