cloudflare/cfssl
overview
Github: https://github.com/cloudflare/cfssl
常用命令
# Genereate Root CA
cfssl gencert -initca ca.json |cfssljson -bare ca-root
# Generate CSR
cfssl gencsr -key gw-key.pem gw.json
# Sign certificate
cfssl sign -ca ca-root.pem -ca-key ca-root-key.pem -config sign.config gw.csr |cfssljson -bare gw
设置Root CA 有效期 ca.json
{
"CN": "FastObject LLC Root CA",
"hosts": [
"fastobject.net",
"www.fastobject.net"
],
"key": {
"algo": "rsa",
"size": 4096
},
"ca": {
"expiry": "87600h",
"pathlen": 0
},
"names": [
{
"C": "US",
"L": "San Francisco",
"O": "FastObject",
"OU": "Network",
"ST": "California"
}
]
}
设置签发证书的有效期及CN gw.json
{
"CN": "gw.vsrx.fastobject.net",
"hosts": [
"gw.vsrx.fastobject.net"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "US",
"L": "San Francisco",
"O": "FastObject",
"OU": "Network",
"ST": "California"
}
],
"default": {
"expiry": "127200h"
}
}
证书签名用途 sign.config
{
"signing": {
"default": {
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
],
"expiry": "43800h"
}
}
}