Embedded Files
Build an OpenSSL ECC-based certificate authority for your lab (Great F5 lab build)
Remove PEM Password
Remove PEM Password
You can use the openssl rsa command to remove the passphrase. As arguments, we pass in the SSL .key and get a .key file as output.
openssl rsa -in fplabs_with_pass.key -out fplabs.key
DDR cert auth notes
DDR cert auth notes
SSL forward proxy certificate signing
sudo openssl ca -config paloCAopenssl.cnf -extensions v3_intermediate_ca -days 3750 -notext -md sha256 -in intermediate/csr/ssl-lab20.csr -out intermediate/certs/ssl-lab20.crt
sudo openssl ca -config paloCAopenssl.cnf -extensions v3_intermediate_ca -days 3750 -notext -md sha256 -in intermediate/csr/cert_Palo_SSL_outbound.csr -out intermediate/certs/Palo_SSL_outbound.crt
-----------
This is what should be used
Creating proxy certificates
Creating proxy certificates can be done using the openssl-x509(1) command, with some extra extensions:
[ proxy ]
# A proxy certificate MUST NEVER be a CA certificate.
basicConstraints = CA:FALSE
# Usual authority key ID
authorityKeyIdentifier = keyid,issuer:always
# The extension which marks this certificate as a proxy
proxyCertInfo = critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB
ref; https://www.openssl.org/docs/manmaster/man7/proxy-certificates.html
Page updated
Google Sites
Report abuse