Nowy certyfikat serwera: bez CA – na 3 lata – bez zaszyfrowanego klucza
# openssl req -newkey -x509 -nodes rsa:4096 -days 1089 -keyout /etc/ssl/private/serverkey.pem -out /etc/ssl/newcerts/servercert.pem
Weryfikacja
# openssl x509 -purpose -in /etc/ssl/newcerts/servercert.pem
Możliwe wartości –purpose
sslclient SSL client
sslserver SSL server
nssslserver Netscape SSL server
smimesign S/MIME signing
smimeencrypt S/MIME encryption
crlsign CRL signing
any Any Purpose
ocsphelper OCSP helper
timestampsign Time Stamp signing
Certificate purposes: SSL client : Yes SSL client CA : No SSL server : Yes SSL server CA : No Netscape SSL server : Yes Netscape SSL server CA : No S/MIME signing : Yes S/MIME signing CA : No S/MIME encryption : Yes S/MIME encryption CA : No CRL signing : Yes CRL signing CA : No Any Purpose : Yes Any Purpose CA : Yes OCSP helper : Yes OCSP helper CA : No Time Stamp signing : No Time Stamp signing CA : No -----BEGIN CERTIFICATE----- MIIEZjCCAk6gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjTELMAkGA1UEBhMCUEwx ...........