2026-03-12 21:01:38

2026-03-12 22:01:38 +01:00
parent 3bd1db26cc
commit 26296b6d6a
336 changed files with 27507 additions and 0 deletions
--- a/divers/tiny_root_CA_01.md
+++ b/divers/tiny_root_CA_01.md
@@ -0,0 +1,41 @@
+> Based on article https://www.baeldung.com/openssl-self-signed-cert
+
+## Build a home made root CA
+
+	mkdir -p /app/CA
+	cd /app/CA
+
+Create rootCA private key:
+
+	openssl genrsa -des3 -out rootCA.key 4096
+
+Create rootCA certificate:
+
+	openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 7300 -out rootCA.pem
+
+
+## Generate client root CA signed certificate for a client
+
+Client private key:
+
+	openssl genrsa -out raxus.swgalaxy.key 2048
+
+Client certificate signature request:
+
+	openssl req -new -key raxus.swgalaxy.key -out raxus.swgalaxy.csr
+
+Root CA create a signed certificate using the certificate signature request:
+
+	openssl x509 -req -CA rootCA.pem -CAkey rootCA.key -in raxus.swgalaxy.csr -out raxus.swgalaxy.crt -days 365 -CAcreateserial
+
+Optionally create the full chain:
+
+	cat raxus.swgalaxy.crt rootCA.pem > raxus.swgalaxy.fullchain.crt
+
+Optionally create an export to be imported into a Oracle wallet:
+
+	openssl pkcs12 -export \
+		-in raxus.swgalaxy.crt \
+		-inkey raxus.swgalaxy.key \
+		-certfile rootCA.pem \
+		-out raxus.swgalaxy.p12