About Me

My photo
I am MCSE in Data Management and Analytics with specialization in MS SQL Server and MCP in Azure. I have over 13+ years of experience in IT industry with expertise in data management, Azure Cloud, Data-Canter Migration, Infrastructure Architecture planning and Virtualization and automation. Contact me if you are looking for any sort of guidance in getting your Infrastructure provisioning automated through Terraform. I sometime write for a place to store my own experiences for future search and read by own blog but can hopefully help others along the way. Thanks.

Generate an Azure Application Gateway self-signed certificate with a custom root CA



https://slproweb.com/products/Win32OpenSSL.html

  download 32 bit.
then follow below link:-
https://docs.microsoft.com/bs-latn-ba/azure/application-gateway/self-signed-certificates

at section Generate the certificate with the CSR and the key and sign it with the CA’s root key

 instead of

openssl x509 -req -in fabrikam.csr -CA public.crt -CAkey contoso.key -CAcreateserial -out fabrikam.crt -days 365 -sha256

 use this
openssl x509 -req -in fabrikam.csr -CA contoso.crt -CAkey contoso.key -CAcreateserial -out fabrikam.crt -days 365 -sha256

then use below to merge fabrikam.key + fabrikam.crt to fabrikam.pfx

Refer blog

https://www.ssl.com/how-to/create-a-pfx-p12-certificate-file-using-openssl/

command:-
openssl pkcs12 -export -out fabrikam.pfx -inkey fabrikam.key -in fabrikam.crt

 and

 openssl pkcs12 -export -out contoso.pfx -inkey contoso.key -in contoso.crt


then continue with
https://docs.microsoft.com/bs-latn-ba/azure/application-gateway/self-signed-certificates
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

openssl ecparam -out rakeshca.key -name prime256v1 -genkey

openssl req -new -sha256 -key rakeshca.key -out rakeshca.csr

openssl x509 -req -sha256 -days 365 -in rakeshca.csr -signkey rakeshca.key -out rakeshca.crt


~~~~~ server certificate  named rakeshdevops.com issuer is  rakeshca~~~~~~~~~~~


openssl ecparam -out rakeshdevops.key -name prime256v1 -genkey

openssl req -new -sha256 -key rakeshdevops.key -out rakeshdevops.csr

openssl x509 -req -in rakeshdevops.csr -CA  rakeshca.crt -CAkey rakeshca.key -CAcreateserial -out rakeshdevops.crt -days 365 -sha256

openssl x509 -in rakeshdevops.crt -text -noout


Export:-

openssl pkcs12 -export -out rakeshdevops.pfx -inkey rakeshdevops.key -in rakeshdevops.crt


~~~~~other server certificate  named punamdevops.com issuer is  ~~~~~~~~~~~~~~~~~rakeshca~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


openssl ecparam -out punamdevops.key -name prime256v1 -genkey

openssl req -new -sha256 -key punamdevops.key -out punamdevops.csr

openssl x509 -req -in punamdevops.csr -CA  rakeshca.crt -CAkey rakeshca.key -CAcreateserial -out punamdevops.crt -days 365 -sha256

openssl x509 -in punamdevops.crt -text -noout


 Export:-

openssl pkcs12 -export -out punamdevops.pfx -inkey punamdevops.key -in punamdevops.crt




openssl pkcs12 -export -out rakeshca.pfx -inkey rakeshca.key -in rakeshca.crt


openssl s_client -connect localhost:443 -servername www.rakeshdevops.com -showcerts


No comments:
Subscribe to: Posts (Atom)