Setup der OpenSSL Server Certificate without password
Server Certificate Setup
Konfigurationsdatei
siehe Intermediate CA
Anlegen des Server Keys und Zertifikats
# cd /<intermediate-ca-verzeichnis>
# openssl genrsa -out private/support01.just-virtual.com-key.pem 4096
Generating RSA private key, 4096 bit long modulus (2 primes)
...................................................................................................................++++
.........................................................................................................................................................................................................++++
e is 65537 (0x010001)
# openssl req -config openssl.cnf -key private/support01.just-virtual.com-key.pem -new -sha256 -out csr/support01.just-virtual.com-csr.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [DE]:
State or Province Name (full name) [Hessen]:
Locality Name (eg, city) [Freigericht]:
Organization Name (eg, company) [HCON]:
Organizational Unit Name (eg, section) [Consulting]:
Common Name (e.g. server FQDN or YOUR name) [HCON Intermediate CA]:support01.just-virtual.com server certificate
Email Address [Diese E-Mail-Adresse ist vor Spambots geschützt! Zur Anzeige muss JavaScript eingeschaltet sein!]:Diese E-Mail-Adresse ist vor Spambots geschützt! Zur Anzeige muss JavaScript eingeschaltet sein!
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
# openssl ca -config openssl.cnf -extensions server_cert -days 2000 -notext -md sha256 -in csr/support01.just-virtual.com-csr.pem -out certs/support01.just-virtual.com-cert.pem
Using configuration from openssl.cnf
Enter pass phrase for /CA//intermediate/private/intermediatekey.pem:
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 4096 (0x1000)
Validity
Not Before: Feb 2 10:06:07 2021 GMT
Not After : Jul 26 10:06:07 2026 GMT
Subject:
countryName = DE
stateOrProvinceName = Hessen
organizationName = HCON
organizationalUnitName = Consulting
commonName = support01.just-virtual.com server certificate
emailAddress = Diese E-Mail-Adresse ist vor Spambots geschützt! Zur Anzeige muss JavaScript eingeschaltet sein!
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
OpenSSL Generated Server Certificate
X509v3 Subject Key Identifier:
30:D0:31:F8:29:06:18:FC:FE:32:0E:A6:57:39:B5:C1:DF:4B:53:6E
X509v3 Authority Key Identifier:
keyid:CD:8C:35:0F:1F:95:D3:09:4C:3C:0C:9C:66:BD:2E:78:DC:FF:F0:C3
DirName:/C=DE/ST=Hessen/L=Freigericht/O=HCON/OU=Consulting/CN=HCON Root CA/emailAddress=Diese E-Mail-Adresse ist vor Spambots geschützt! Zur Anzeige muss JavaScript eingeschaltet sein!
serial:10:00
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
Certificate is to be certified until Jul 26 10:06:07 2026 GMT (2000 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
# openssl x509 -noout -text -in certs/support01.just-virtual.com-cert.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4096 (0x1000)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = DE, ST = Hessen, O = HCON, OU = Consulting, CN = HCON Intermediate CA, emailAddress = Diese E-Mail-Adresse ist vor Spambots geschützt! Zur Anzeige muss JavaScript eingeschaltet sein!
Validity
Not Before: Feb 2 10:06:07 2021 GMT
Not After : Jul 26 10:06:07 2026 GMT
Subject: C = DE, ST = Hessen, O = HCON, OU = Consulting, CN = support01.just-virtual.com server certificate, emailAddress = Diese E-Mail-Adresse ist vor Spambots geschützt! Zur Anzeige muss JavaScript eingeschaltet sein!
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:af:c7:6b:56:0e:9c:b8:b4:da:3a:9c:ac:64:ae:
fa:1a:e0:6b:cd:3d:46:9c:24:05:3b:41:50:06:11:
2c:5d:e4:07:79:60:9c:7d:39:45:21:55:5d:b9:c7:
40:92:27:27:c1:cb:1f:ac:8e:c5:2b:74:a4:37:f4:
01:ea:c6:71:d2:8e:93:8a:3e:a3:ff:83:19:d3:91:
5d:eb:d5:7e:85:1e:82:00:d4:b0:2b:db:4f:56:41:
30:49:5f:27:a7:70:5e:cf:48:87:6d:ec:50:83:4c:
a7:d1:05:fd:25:bd:91:26:2e:f9:64:16:18:88:26:
15:3f:89:59:02:09:a0:21:3c:2e:7e:c1:d5:f6:ef:
24:be:49:c6:bf:42:84:c9:4a:f8:99:5c:22:be:86:
47:db:53:5e:1b:f4:5f:65:e9:a2:35:fb:27:37:b4:
86:c4:cb:4c:af:8e:4f:03:98:f4:c6:a3:b8:44:e2:
ca:49:98:e7:35:39:dc:14:24:a3:fc:e5:b9:c1:f6:
41:23:a2:a2:9e:9a:a4:67:e1:4a:a7:10:41:2e:3e:
fc:76:d2:e3:83:86:86:53:58:b0:1e:c6:42:ae:6a:
8f:01:06:2b:e0:9f:b9:7f:f3:40:bd:6a:42:ed:9f:
5c:5a:6a:de:c7:4c:5e:86:e5:91:e3:f7:7e:10:d3:
24:35:d2:24:f7:49:c7:89:c5:c8:59:87:95:67:66:
dd:14:c3:54:a6:a0:d3:6b:a6:59:82:36:45:9e:40:
6d:7d:b2:2b:b8:fa:27:70:98:df:d3:b9:dc:50:a9:
f3:86:a3:7c:f9:8b:e1:f5:d0:00:eb:2f:f7:0c:cb:
7f:cb:12:5d:db:ef:b7:ff:c5:d4:95:a0:1a:8f:d5:
20:87:b2:7d:86:a1:2f:f9:52:4f:0c:43:94:04:c3:
51:7d:52:d3:05:62:39:8a:f3:b7:7c:50:88:97:0f:
53:9a:4f:00:03:8e:fe:79:96:e5:44:b2:ba:03:1d:
d0:64:e7:60:8e:47:4e:33:ba:76:94:fb:fb:23:28:
d2:b0:64:35:e9:89:9b:df:10:ed:4f:49:dc:1b:6b:
a9:c0:37:e4:40:83:a0:22:d9:6b:59:86:4a:7f:11:
9d:6e:d6:a8:3c:a7:f3:72:79:b0:e6:ee:2d:e6:91:
40:17:7f:f9:d8:51:3c:1f:18:40:13:cb:c2:2a:12:
bb:d8:ca:94:1a:ab:a2:8c:73:b5:5e:18:2f:a0:94:
c0:38:52:f3:d7:02:82:a3:4c:46:44:01:00:34:59:
44:3e:87:2c:c6:bd:4a:98:24:e5:c6:c5:0c:c7:7e:
e2:15:af:93:78:9f:da:cd:a4:86:32:36:e4:d4:50:
53:32:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
OpenSSL Generated Server Certificate
X509v3 Subject Key Identifier:
30:D0:31:F8:29:06:18:FC:FE:32:0E:A6:57:39:B5:C1:DF:4B:53:6E
X509v3 Authority Key Identifier:
keyid:CD:8C:35:0F:1F:95:D3:09:4C:3C:0C:9C:66:BD:2E:78:DC:FF:F0:C3
DirName:/C=DE/ST=Hessen/L=Freigericht/O=HCON/OU=Consulting/CN=HCON Root CA/emailAddress=Diese E-Mail-Adresse ist vor Spambots geschützt! Zur Anzeige muss JavaScript eingeschaltet sein!
serial:10:00
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
Signature Algorithm: sha256WithRSAEncryption
73:64:b9:c9:34:eb:3a:29:d5:49:d5:97:a9:a5:8f:a6:43:aa:
db:89:42:6f:d7:cb:8c:89:9d:40:1b:6f:4f:ca:93:fd:7c:40:
2f:1a:fa:fe:ca:2c:37:55:e4:5f:34:74:5d:76:d1:08:ac:73:
05:c2:f8:2f:2f:4f:a0:13:7f:67:17:55:12:53:12:c3:b7:97:
b1:7f:97:f4:5d:65:bc:fa:a4:76:b2:51:41:83:eb:93:52:24:
dc:4b:45:18:71:db:0c:96:3c:52:cf:ee:76:fb:61:ca:60:55:
b9:74:8f:2f:50:44:12:fd:fb:3a:f4:6d:5e:18:bc:40:6f:dd:
fc:5d:22:94:ef:22:fd:72:47:49:2d:1d:da:ae:58:66:26:fc:
9b:0a:e2:07:29:e8:d4:f2:b2:b0:35:13:d4:6d:33:60:3b:c4:
6b:3f:dd:ab:be:4e:25:55:ea:9e:99:9f:37:cd:30:ac:97:7f:
01:ad:a7:20:9c:ec:ec:72:18:3a:35:59:d6:c6:c3:cd:5a:33:
50:6a:da:e5:a9:bd:38:d8:be:f3:aa:72:8a:af:18:b7:50:16:
bc:a1:b2:93:15:23:48:4f:88:c1:b6:a2:b8:15:83:29:a5:23:
22:98:56:6c:3e:68:84:37:1e:c0:28:ab:e5:95:ab:c1:e8:b5:
08:f4:88:0b:fe:a5:c0:ee:44:90:e0:2f:e7:65:1a:75:76:cb:
27:c3:24:bb:7a:ac:8f:ef:6f:80:9f:91:85:51:15:59:a6:38:
17:f0:0f:2e:cf:67:4c:c2:32:d5:b0:81:65:f9:c2:26:cd:67:
31:ee:d3:3e:35:b2:9f:7b:5a:08:29:ae:e0:f3:8d:da:4e:5c:
97:5d:33:89:e0:3a:64:79:0d:e6:91:a6:3f:b8:54:4e:eb:6c:
01:16:8c:7d:70:b0:c4:4a:9e:23:07:a5:6d:83:28:ca:24:b4:
ea:38:28:84:e9:6d:f5:72:45:d9:4f:bf:d3:a8:0c:ca:e3:3d:
ba:24:d7:2b:83:36:1d:44:ab:7a:76:8b:3a:46:94:0a:e9:91:
45:80:3d:d6:9e:93:36:45:2b:16:ec:ec:28:c1:dc:16:89:8f:
f3:72:a9:d4:0e:7b:9d:59:d2:8e:ce:73:8c:c3:70:c5:bd:2a:
0d:6b:52:2e:58:c5:c9:f9:c1:d3:84:bb:12:7b:a0:26:0a:03:
85:39:77:ae:9d:a0:cd:1c:0a:b9:0b:20:c2:65:08:c3:1b:89:
52:27:c5:ba:2c:2e:b5:d1:b5:0e:76:db:3d:19:ae:f2:a0:17:
54:1c:90:5c:40:02:48:07:fe:8f:3e:49:5f:93:92:9d:d3:7b:
77:f6:8f:d6:07:22:77:04