diff --git a/doc/CertificateAuthorityWithNEO.txt b/doc/CertificateAuthorityWithNEO.txt index 99896e7..0453231 100644 --- a/doc/CertificateAuthorityWithNEO.txt +++ b/doc/CertificateAuthorityWithNEO.txt @@ -80,9 +80,7 @@ counter as follows: permitted;IP.0=0.0.0.0/255.255.255.255 permitted;IP.1=::/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff EOF - openssl req -new -sha256 -x509 -set_serial 1 -days 1 -config yubico-internal-https-ca.conf -key yubico-internal-https-ca-key.pem -out yubico-internal-https-ca-crt.pem - echo 01 > yubico-internal-https-ca-crt.srl You may inspect the newly generated root CA with: @@ -101,13 +99,10 @@ This step is parametrized with the name of the YubiKey NEO user. Generate new management code, PIN and PUK as follows: user=Simon - key=`dd if=/dev/random bs=1 count=24 2>/dev/null | hexdump -v -e '/1 "%02X"'` echo $key > yubico-internal-https-$user-key.txt - pin=`dd if=/dev/random bs=1 count=6 2>/dev/null | hexdump -v -e '/1 "%u"'|cut -c1-6` echo $pin > yubico-internal-https-$user-pin.txt - puk=`dd if=/dev/random bs=1 count=6 2>/dev/null | hexdump -v -e '/1 "%u"'|cut -c1-8` echo $puk > yubico-internal-https-$user-puk.txt @@ -136,7 +131,7 @@ Generate the private key: openssl genrsa -out yubico-internal-https-subca-$user-key.pem 2048 -Generate the Sub-CA certificate: +Generate the Sub-CA certificate request: cat>yubico-internal-https-subca-$user-csr.conf<yubico-internal-https-subca-$user-crt.conf< yubico-internal-https-subca-$user-crt.srl You may inspect the newly generated EE cert with this command: @@ -181,7 +175,6 @@ Sub-CA used to sign the EE, so set it first: Then generate a new private key and certificate request: openssl genrsa -out yubico-internal-https-ee-$host-key.pem 2048 - cat>yubico-internal-https-ee-$host-csr.conf<yubico-internal-https-ee-$host-crt.conf<