===== SSL =====
==== Generowanie ====
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ssl.key -out ssl.crt
==== Generowanie do IIS ====
cd /usr/lib/openssl
./CA.pl -newreq-nodes
./CA.pl -newca
./CA.pl -sign
openssl req -new > new.cert.csr
openssl rsa -in privkey.pem -out new.cert.key
openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days 365
openssl pkcs12 -export -out DigiCertBackup.pfx -inkey new.cert.key -in new.cert.cert -certfile ./privkey.pem
==== Eksport do JSK ====
=== SCM ===
openssl pkcs12 -export -in ssl.crt -inkey ssl.key -out ssl.p12 -name scm
../../jdk/bin/keytool -importkeystore -srckeystore ./ssl.p12 -srcstoretype pkcs12 -srcalias scm -srcstorepass tajnepass -destkeystore ./ssl.jks -deststoretype jks -deststorepass tajnepass
=== JBoss ===
openssl pkcs12 -export -in ./ssl.crt -inkey ./ssl.key -out ssl.p12 -name jboss
keytool -importkeystore -srckeystore ./ssl.p12 -srcstoretype pkcs12 -srcalias jboss -srcstorepass nasze_tajne_haslo -destkeystore ./ssl.jks -deststoretype jks -deststorepass nasze_tajne_haslo
==== Import certyfikatów z PFX ====
Certyfikat:
openssl pkcs12 -in ssl.pfx -nocerts -out ssl.crt
Klucz:
openssl pkcs12 -in ssl.pfx -clcerts -nokeys -out ssl.key
Usunięcie z klucza hasła:
openssl rsa -in ssl.key -out ssl_nopass.key