http://educacion.luisantolin.com/index.php?title=Crear_un_CA_para_firmar_certificados_SSL&feed=atom&action=history
Crear un CA para firmar certificados SSL - Historial de revisiones
2024-03-28T23:16:37Z
Historial de revisiones de esta página en la wiki
MediaWiki 1.39.3
http://educacion.luisantolin.com/index.php?title=Crear_un_CA_para_firmar_certificados_SSL&diff=263&oldid=prev
Lantolin: /* Procedimiento */
2022-02-04T10:16:51Z
<p><span dir="auto"><span class="autocomment">Procedimiento</span></span></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="es">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Revisión anterior</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revisión del 11:16 4 feb 2022</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l51">Línea 51:</td>
<td colspan="2" class="diff-lineno">Línea 51:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Firmar la solicitud de certificado con la CA</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Firmar la solicitud de certificado con la CA</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> openssl ca -config openssl.conf -extensions v3_req -days 3650 -notext -md sha256 -in csr/${DOMINIO}.csr.pem -out certs/${DOMINIO}.cert.pem </div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> openssl ca -config openssl.conf <ins style="font-weight: bold; text-decoration: none;">-policy policy_loose </ins>-extensions v3_req -days 3650 -notext -md sha256 -in csr/${DOMINIO}.csr.pem -out certs/${DOMINIO}.cert.pem </div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> chmod 444 certs/${DOMINIO}.cert.pem</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> chmod 444 certs/${DOMINIO}.cert.pem</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
</table>
Lantolin
http://educacion.luisantolin.com/index.php?title=Crear_un_CA_para_firmar_certificados_SSL&diff=256&oldid=prev
Lantolin en 22:35 2 mar 2021
2021-03-02T22:35:22Z
<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="es">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Revisión anterior</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revisión del 23:35 2 mar 2021</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1">Línea 1:</td>
<td colspan="2" class="diff-lineno">Línea 1:</td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>Problema: estamos practicando SSL/TLS y queremos ir más allá de los certificados auto-firmados.</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>Problema: estamos practicando SSL/TLS y queremos ir más allá de los certificados auto-firmados<ins style="font-weight: bold; text-decoration: none;">. Además es un incordio estar añadiendo las excepciones de seguridad en los programas cliente, y además quiero usar comodines en los dominios</ins>.</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Solución: crear una clave privada+certificado de una CA, usarla para firmar certificados, e importar esa CA a Firefox y Thunderbird para que confien en ella.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Solución: crear una clave privada+certificado de una CA, usarla para firmar certificados, e importar esa CA a Firefox y Thunderbird para que confien en ella.</div></td></tr>
<tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l5">Línea 5:</td>
<td colspan="2" class="diff-lineno">Línea 5:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Procedimiento ==</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Procedimiento ==</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>Practicamente todo está tomado de https://blog.guillen.io/2018/09/29/crear-autoridad-certificadora-ca-y-certificados-autofirmados-en-linux/</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>Practicamente todo está tomado de <ins style="font-weight: bold; text-decoration: none;">este fantástico artículo [</ins>https://blog.guillen.io/2018/09/29/crear-autoridad-certificadora-ca-y-certificados-autofirmados-en-linux/ <ins style="font-weight: bold; text-decoration: none;">Crear autoridad certificadora (CA) y certificados autofirmados en Linux]. ¡Muchas gracias Antonio Guillen!</ins></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Basicamente lo que ves aquí es una simplificación de ese artículo.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Basicamente lo que ves aquí es una simplificación de ese artículo.</div></td></tr>
</table>
Lantolin
http://educacion.luisantolin.com/index.php?title=Crear_un_CA_para_firmar_certificados_SSL&diff=255&oldid=prev
Lantolin: /* openssl.conf */
2021-03-02T22:17:21Z
<p><span dir="auto"><span class="autocomment">openssl.conf</span></span></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="es">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Revisión anterior</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revisión del 23:17 2 mar 2021</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l64">Línea 64:</td>
<td colspan="2" class="diff-lineno">Línea 64:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== openssl.conf== </div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== openssl.conf== </div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;"><nowiki></del></div></td><td colspan="2" class="diff-side-added"></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><pre></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><pre></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>[ ca ]</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>[ ca ]</div></td></tr>
<tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l226">Línea 226:</td>
<td colspan="2" class="diff-lineno">Línea 225:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>extendedKeyUsage = critical, OCSPSigning</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>extendedKeyUsage = critical, OCSPSigning</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div></pre></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div></pre></div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;"></nowiki></del></div></td><td colspan="2" class="diff-side-added"></td></tr>
</table>
Lantolin
http://educacion.luisantolin.com/index.php?title=Crear_un_CA_para_firmar_certificados_SSL&diff=254&oldid=prev
Lantolin: /* openssl.conf */
2021-03-02T22:16:58Z
<p><span dir="auto"><span class="autocomment">openssl.conf</span></span></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="es">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Revisión anterior</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revisión del 23:16 2 mar 2021</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l64">Línea 64:</td>
<td colspan="2" class="diff-lineno">Línea 64:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== openssl.conf== </div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== openssl.conf== </div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><<del style="font-weight: bold; text-decoration: none;">pre</del>><<del style="font-weight: bold; text-decoration: none;">nowiki</del>></div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><<ins style="font-weight: bold; text-decoration: none;">nowiki</ins>></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><<ins style="font-weight: bold; text-decoration: none;">pre</ins>></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>[ ca ]</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>[ ca ]</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div># man ca</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div># man ca</div></td></tr>
<tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l224">Línea 224:</td>
<td colspan="2" class="diff-lineno">Línea 225:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>keyUsage = critical, digitalSignature</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>keyUsage = critical, digitalSignature</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>extendedKeyUsage = critical, OCSPSigning</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>extendedKeyUsage = critical, OCSPSigning</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div></pre></<del style="font-weight: bold; text-decoration: none;">code</del>></div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div></pre></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div></<ins style="font-weight: bold; text-decoration: none;">nowiki</ins>></div></td></tr>
</table>
Lantolin
http://educacion.luisantolin.com/index.php?title=Crear_un_CA_para_firmar_certificados_SSL&diff=253&oldid=prev
Lantolin en 22:16 2 mar 2021
2021-03-02T22:16:18Z
<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="es">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Revisión anterior</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revisión del 23:16 2 mar 2021</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l11">Línea 11:</td>
<td colspan="2" class="diff-lineno">Línea 11:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Creamos un directorio vacío como base, aquí va a estar la CA.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Creamos un directorio vacío como base, aquí va a estar la CA.</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> export <del style="font-weight: bold; text-decoration: none;">$</del>BASE='/root/ca' </div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> export BASE='/root/ca' </div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> mkdir $BASE</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> mkdir $BASE</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> cd $BASE</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> cd $BASE</div></td></tr>
</table>
Lantolin
http://educacion.luisantolin.com/index.php?title=Crear_un_CA_para_firmar_certificados_SSL&diff=252&oldid=prev
Lantolin en 22:06 2 mar 2021
2021-03-02T22:06:43Z
<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="es">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Revisión anterior</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revisión del 23:06 2 mar 2021</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l53">Línea 53:</td>
<td colspan="2" class="diff-lineno">Línea 53:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> openssl ca -config openssl.conf -extensions v3_req -days 3650 -notext -md sha256 -in csr/${DOMINIO}.csr.pem -out certs/${DOMINIO}.cert.pem </div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> openssl ca -config openssl.conf -extensions v3_req -days 3650 -notext -md sha256 -in csr/${DOMINIO}.csr.pem -out certs/${DOMINIO}.cert.pem </div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> chmod 444 certs/${DOMINIO}.cert.pem</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> chmod 444 certs/${DOMINIO}.cert.pem</div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">Convertimos el certificado en DER, por si nos lo piden en ese formato, tenerlo ya</ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"> openssl x509 -in certs/${DOMINIO}.cert.pem -out certs/${DOMINIO}.cert.der -outform DER</ins></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Ahora hay colocar el certs/DOMINIO.cert.pem y el private/DOMINIO.key.pem al servidor (Apache, o Postfix, o Dovecot), en donde corresponda en cada caso.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Ahora hay colocar el certs/DOMINIO.cert.pem y el private/DOMINIO.key.pem al servidor (Apache, o Postfix, o Dovecot), en donde corresponda en cada caso.</div></td></tr>
</table>
Lantolin
http://educacion.luisantolin.com/index.php?title=Crear_un_CA_para_firmar_certificados_SSL&diff=251&oldid=prev
Lantolin en 22:05 2 mar 2021
2021-03-02T22:05:05Z
<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="es">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Revisión anterior</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revisión del 23:05 2 mar 2021</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l28">Línea 28:</td>
<td colspan="2" class="diff-lineno">Línea 28:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> chmod 400 ./private/ca.key.pem</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> chmod 400 ./private/ca.key.pem</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>Generamos el certificado de la CA</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>Generamos el certificado de la CA <ins style="font-weight: bold; text-decoration: none;">(En Common Name ponemos lo que queramos)</ins></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> URL=luisantolin.com</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> URL=luisantolin.com</div></td></tr>
<tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l34">Línea 34:</td>
<td colspan="2" class="diff-lineno">Línea 34:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> openssl req -config openssl.conf -key private/ca.key.pem -new -x509 -days 7300 -sha256 -extensions v3_ca -out certs/ca.cert.pem</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> openssl req -config openssl.conf -key private/ca.key.pem -new -x509 -days 7300 -sha256 -extensions v3_ca -out certs/ca.cert.pem</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> chmod 444 certs/ca.cert.pem</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> chmod 444 certs/ca.cert.pem</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;"></del></div></td><td colspan="2" class="diff-side-added"></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;">En Common Name ponemos lo que queramos.</del></div></td><td colspan="2" class="diff-side-added"></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Crear una clave privada para nuestro sitio web.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Crear una clave privada para nuestro sitio web.</div></td></tr>
<tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l44">Línea 44:</td>
<td colspan="2" class="diff-lineno">Línea 42:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> chmod 400 ./private/${DOMINIO}.key.pem</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> chmod 400 ./private/${DOMINIO}.key.pem</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>Generar la solicitud de certificado</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>Generar la solicitud de certificado <ins style="font-weight: bold; text-decoration: none;">(en Common Name ponemos el DOMINIO)</ins></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> URL="*.miweb.com"</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> URL="*.miweb.com"</div></td></tr>
<tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l50">Línea 50:</td>
<td colspan="2" class="diff-lineno">Línea 48:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> export SAN=DNS:$URL,DNS:$DOMINIO</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> export SAN=DNS:$URL,DNS:$DOMINIO</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> openssl req -config openssl.conf -key private/${DOMINIO}.key.pem -new -sha256 -out csr/${DOMINIO}.csr.pem</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> openssl req -config openssl.conf -key private/${DOMINIO}.key.pem -new -sha256 -out csr/${DOMINIO}.csr.pem</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;"></del></div></td><td colspan="2" class="diff-side-added"></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;">En Common Name ponemos el DOMINIO.</del></div></td><td colspan="2" class="diff-side-added"></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Firmar la solicitud de certificado con la CA</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Firmar la solicitud de certificado con la CA</div></td></tr>
</table>
Lantolin
http://educacion.luisantolin.com/index.php?title=Crear_un_CA_para_firmar_certificados_SSL&diff=250&oldid=prev
Lantolin en 22:04 2 mar 2021
2021-03-02T22:04:31Z
<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="es">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Revisión anterior</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revisión del 23:04 2 mar 2021</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l50">Línea 50:</td>
<td colspan="2" class="diff-lineno">Línea 50:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> export SAN=DNS:$URL,DNS:$DOMINIO</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> export SAN=DNS:$URL,DNS:$DOMINIO</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> openssl req -config openssl.conf -key private/${DOMINIO}.key.pem -new -sha256 -out csr/${DOMINIO}.csr.pem</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> openssl req -config openssl.conf -key private/${DOMINIO}.key.pem -new -sha256 -out csr/${DOMINIO}.csr.pem</div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">En Common Name ponemos el DOMINIO.</ins></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Firmar la solicitud de certificado con la CA</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Firmar la solicitud de certificado con la CA</div></td></tr>
</table>
Lantolin
http://educacion.luisantolin.com/index.php?title=Crear_un_CA_para_firmar_certificados_SSL&diff=249&oldid=prev
Lantolin en 22:03 2 mar 2021
2021-03-02T22:03:06Z
<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="es">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Revisión anterior</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revisión del 23:03 2 mar 2021</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l40">Línea 40:</td>
<td colspan="2" class="diff-lineno">Línea 40:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> URL="*.miweb.com"</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> URL="*.miweb.com"</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> openssl genrsa -out ./private/${<del style="font-weight: bold; text-decoration: none;">URL</del>}.key.pem 2048</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"> DOMINIO=$(echo $URL | sed 's/*\.//g' )</ins></div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> chmod 400 ./private/${<del style="font-weight: bold; text-decoration: none;">URL</del>}.key.pem</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> openssl genrsa -out ./private/${<ins style="font-weight: bold; text-decoration: none;">DOMINIO</ins>}.key.pem 2048</div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> chmod 400 ./private/${<ins style="font-weight: bold; text-decoration: none;">DOMINIO</ins>}.key.pem</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Generar la solicitud de certificado</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Generar la solicitud de certificado</div></td></tr>
</table>
Lantolin
http://educacion.luisantolin.com/index.php?title=Crear_un_CA_para_firmar_certificados_SSL&diff=248&oldid=prev
Lantolin: Página creada con «Problema: estamos practicando SSL/TLS y queremos ir más allá de los certificados auto-firmados. Solución: crear una clave privada+certificado de una CA, usarla para fir…»
2021-03-02T22:01:50Z
<p>Página creada con «Problema: estamos practicando SSL/TLS y queremos ir más allá de los certificados auto-firmados. Solución: crear una clave privada+certificado de una CA, usarla para fir…»</p>
<p><b>Página nueva</b></p><div>Problema: estamos practicando SSL/TLS y queremos ir más allá de los certificados auto-firmados.<br />
<br />
Solución: crear una clave privada+certificado de una CA, usarla para firmar certificados, e importar esa CA a Firefox y Thunderbird para que confien en ella.<br />
<br />
== Procedimiento ==<br />
<br />
Practicamente todo está tomado de https://blog.guillen.io/2018/09/29/crear-autoridad-certificadora-ca-y-certificados-autofirmados-en-linux/<br />
<br />
Basicamente lo que ves aquí es una simplificación de ese artículo.<br />
<br />
Creamos un directorio vacío como base, aquí va a estar la CA.<br />
<br />
export $BASE='/root/ca' <br />
mkdir $BASE<br />
cd $BASE<br />
<br />
mkdir certs csr crl newcerts private<br />
chmod 700 private<br />
touch index.txt<br />
touch index.txt.attr<br />
echo 1000 > serial<br />
<br />
Creamos el fichero <code>openssl.conf</code>, puedes ver el contenido al final.<br />
<br />
Creamos la clave privada de la CA<br />
<br />
openssl genrsa -aes256 -out ./private/ca.key.pem 4096<br />
chmod 400 ./private/ca.key.pem<br />
<br />
Generamos el certificado de la CA<br />
<br />
URL=luisantolin.com<br />
export SAN=DNS:$URL<br />
openssl req -config openssl.conf -key private/ca.key.pem -new -x509 -days 7300 -sha256 -extensions v3_ca -out certs/ca.cert.pem<br />
chmod 444 certs/ca.cert.pem<br />
<br />
En Common Name ponemos lo que queramos.<br />
<br />
Crear una clave privada para nuestro sitio web.<br />
<br />
URL="*.miweb.com"<br />
openssl genrsa -out ./private/${URL}.key.pem 2048<br />
chmod 400 ./private/${URL}.key.pem<br />
<br />
Generar la solicitud de certificado<br />
<br />
URL="*.miweb.com"<br />
DOMINIO=$(echo $URL | sed 's/*\.//g' )<br />
export SAN=DNS:$URL,DNS:$DOMINIO<br />
openssl req -config openssl.conf -key private/${DOMINIO}.key.pem -new -sha256 -out csr/${DOMINIO}.csr.pem<br />
<br />
Firmar la solicitud de certificado con la CA<br />
<br />
openssl ca -config openssl.conf -extensions v3_req -days 3650 -notext -md sha256 -in csr/${DOMINIO}.csr.pem -out certs/${DOMINIO}.cert.pem <br />
chmod 444 certs/${DOMINIO}.cert.pem<br />
<br />
Ahora hay colocar el certs/DOMINIO.cert.pem y el private/DOMINIO.key.pem al servidor (Apache, o Postfix, o Dovecot), en donde corresponda en cada caso.<br />
<br />
Por ultimo hay que importar el certs/ca.cert.pem en los clientes. En Mar-2021, para Firefox Linux y para Thunderbird Linux, en Ubuntu 20.04 LTS el procedimiento es trivial, basta con ir a opciones, buscar certificados, ahi CAs e importar el PEM.<br />
<br />
== openssl.conf== <br />
<br />
<pre><nowiki><br />
[ ca ]<br />
# man ca<br />
<br />
default_ca = CA_default<br />
<br />
[ CA_default ]<br />
# Directory and file locations.<br />
<br />
dir = ./<br />
certs = ./certs<br />
crl_dir = ./crl<br />
new_certs_dir = ./newcerts<br />
database = ./index.txt<br />
serial = ./serial<br />
RANDFILE = ./private/.rand<br />
<br />
# The root key and root certificate.<br />
<br />
private_key = ./private/ca.key.pem<br />
certificate = ./certs/ca.cert.pem<br />
<br />
# For certificate revocation lists.<br />
<br />
crlnumber = ./crlnumber<br />
crl = ./crl/ca.crl.pem<br />
crl_extensions = crl_ext<br />
default_crl_days = 30<br />
<br />
# SHA-1 is deprecated, so use SHA-2 instead.<br />
<br />
default_md = sha256<br />
<br />
name_opt = ca_default<br />
cert_opt = ca_default<br />
default_days = 375<br />
preserve = no<br />
policy = policy_strict<br />
<br />
[ policy_strict ]<br />
# The root CA should only sign intermediate certificates that match.<br />
<br />
# See the POLICY FORMAT section of man ca.<br />
<br />
countryName = match<br />
stateOrProvinceName = match<br />
organizationName = match<br />
organizationalUnitName = optional<br />
commonName = supplied<br />
emailAddress = optional<br />
<br />
[ policy_loose ]<br />
# Allow the intermediate CA to sign a more diverse range of certificates.<br />
<br />
# See the POLICY FORMAT section of the ca man page.<br />
<br />
countryName = optional<br />
stateOrProvinceName = optional<br />
localityName = optional<br />
organizationName = optional<br />
organizationalUnitName = optional<br />
commonName = supplied<br />
emailAddress = optional<br />
<br />
[ req ]<br />
# Options for the req tool (man req).<br />
<br />
default_bits = 2048<br />
distinguished_name = req_distinguished_name<br />
string_mask = utf8only<br />
# SHA-1 is deprecated, so use SHA-2 instead.<br />
<br />
default_md = sha256<br />
# Extension to add when the -x509 option is used.<br />
<br />
x509_extensions = v3_ca<br />
# Extension for SANs<br />
<br />
req_extensions = v3_req<br />
<br />
[ v3_req ]<br />
# Extensions to add to a certificate request<br />
<br />
# Before invoke openssl use: export SAN=DNS:value1,DNS:value2<br />
<br />
basicConstraints = CA:FALSE<br />
keyUsage = nonRepudiation, digitalSignature, keyEncipherment<br />
subjectAltName = ${ENV::SAN}<br />
<br />
[ req_distinguished_name ]<br />
# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.<br />
<br />
countryName = Country Name (2 letter code)<br />
stateOrProvinceName = State or Province Name<br />
localityName = Locality Name<br />
0.organizationName = Organization Name<br />
organizationalUnitName = Organizational Unit Name<br />
commonName = Common Name<br />
emailAddress = Email Address<br />
<br />
# Optionally, specify some defaults.<br />
<br />
countryName_default = CO<br />
stateOrProvinceName_default = Coruscant<br />
localityName_default = Ciudad Galactica<br />
0.organizationName_default = Consejo Jedi<br />
organizationalUnitName_default = CJ<br />
emailAddress_default = consejo@templo.jedi.org<br />
<br />
[ v3_ca ]<br />
# Extensions for a typical CA (man x509v3_config).<br />
<br />
subjectKeyIdentifier = hash<br />
authorityKeyIdentifier = keyid:always,issuer<br />
basicConstraints = critical, CA:true<br />
keyUsage = critical, digitalSignature, cRLSign, keyCertSign<br />
<br />
[ v3_intermediate_ca ]<br />
# Extensions for a typical intermediate CA (man x509v3_config).<br />
<br />
subjectKeyIdentifier = hash<br />
authorityKeyIdentifier = keyid:always,issuer<br />
basicConstraints = critical, CA:true, pathlen:0<br />
keyUsage = critical, digitalSignature, cRLSign, keyCertSign<br />
<br />
[ usr_cert ]<br />
# Extensions for client certificates (man x509v3_config).<br />
<br />
basicConstraints = CA:FALSE<br />
nsCertType = client, email<br />
nsComment = "OpenSSL Generated Client Certificate"<br />
subjectKeyIdentifier = hash<br />
authorityKeyIdentifier = keyid,issuer<br />
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment<br />
extendedKeyUsage = clientAuth, emailProtection<br />
<br />
[ server_cert ]<br />
# Extensions for server certificates (man x509v3_config).<br />
<br />
basicConstraints = CA:FALSE<br />
nsCertType = server<br />
nsComment = "OpenSSL Generated Server Certificate"<br />
subjectKeyIdentifier = hash<br />
authorityKeyIdentifier = keyid,issuer:always<br />
keyUsage = critical, digitalSignature, keyEncipherment<br />
extendedKeyUsage = serverAuth<br />
<br />
[ crl_ext ]<br />
# Extension for CRLs (man x509v3_config).<br />
<br />
authorityKeyIdentifier=keyid:always<br />
<br />
[ ocsp ]<br />
# Extension for OCSP signing certificates (man ocsp).<br />
<br />
basicConstraints = CA:FALSE<br />
subjectKeyIdentifier = hash<br />
authorityKeyIdentifier = keyid,issuer<br />
keyUsage = critical, digitalSignature<br />
extendedKeyUsage = critical, OCSPSigning<br />
</pre></code></div>
Lantolin