Cfssl CA example
- Generate self-sign CA:
mkdir temp
cfssl gencert -initca -loglevel 0 ca-csr.json | cfssljson -bare temp/root-ca
- Run CA server:
cfssl serve -address=0.0.0.0 -port=8888 -config=ca-config.json -ca=temp/root-ca.pem -ca-key=temp/root-ca-key.pem
- Request and sign client certificate (Use separate terminal):
cfssl gencert -config=client-conf.json -remote=127.0.0.1 -profile=client client-req.json | cfssljson --bare temp/test123
- Verify certificate and key (md5 hash):
openssl rsa -modulus -noout -in temp/test123-key.pem | openssl md5
openssl x509 -modulus -noout -in temp/test123.pem | openssl md5
- Check certificate against bundle:
openssl verify -CAfile temp/root-ca.pem temp/test123.pem
- Display CSR content:
openssl req -in temp/test123.csr -noout -text