From cff6c67d38ec96cc8d11264011be905420b1bee4 Mon Sep 17 00:00:00 2001
From: Leonard Kugis <leonard@kug.is>
Date: Sat, 3 Oct 2020 20:00:52 +0200
Subject: Added cheatsheet for OpenSSL with CA

---
 openssl_ca.md | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 openssl_ca.md

diff --git a/openssl_ca.md b/openssl_ca.md
new file mode 100644
index 0000000..7cd92f9
--- /dev/null
+++ b/openssl_ca.md
@@ -0,0 +1,37 @@
+# OpenSSL with CA
+
+1. Generate private key for CA.
+2. Generate CA certificate with CA private key.
+3. Generate private key for the application.
+4. Create certificate signing request (CSR) for the application.
+5. Sign the CSR with the CA certificate and CA private key.
+
+## Generate private key for CA
+
+```
+openssl genrsa -out ca.key 4096
+```
+
+## Generate CA certificate
+
+```
+openssl req -new -x509 -key ca.key -out ca.crt
+```
+
+## Generate app private key
+
+```
+openssl genrsa -out app.key 4096
+```
+
+## Generate CSR
+
+```
+openssl req -new -key app.key -out app.csr
+```
+
+## Sign CSR
+
+```
+openssl x509 -req -in app.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out app.crt
+```
-- 
cgit v1.2.1