The Root CA and Intermediate CA are built.  Next project is try to get MariaDB to work with SSL/TLS.  I will create it from the intermediate CA.

#mariadb.scsiraidguru.local key

cd /root/ca
openssl req -out intermediate/csr/mariadb.scsiraidguru.local.csr.pem -newkey rsa:2048 -nodes -keyout intermediate/private/mariadb.scsiraidguru.local.key.pem -config intermediate/openssl_csr_san.cnf

#mariadb.scsiraidguru.local certificate

cd /root/ca
openssl ca -config intermediate/openssl_intermediate.cnf -extensions server_cert -days 10950 -notext -md sha512 -in intermediate/csr/mariadb.scsiraidguru.local.csr.pem -out intermediate/certs/mariadb.scsiraidguru.local.crt.pem

#Verify root – intermediate – server certs

openssl verify -CAfile /root/ca/certs/ca.scsiraidguru.crt.pem -untrusted /root/ca/intermediate/certs/int.scsiraidguru.crt.pem /root/ca/intermediate/certs/mariadb.scsiraidguru.local.crt.pem

/root/ca/intermediate/certs/mariadb.scsiraidguru.local.crt.pem: OK

#Verify root – intermediate – server certs on Mariadb in /etc/apache2/ssl

openssl verify -CAfile /etc/apache2/ssl/ca.scsiraidguru.crt.pem -untrusted /etc/apache2/ssl/int.scsiraidguru.crt.pem /etc/apache2/ssl/mariadb.scsiraidguru.local.crt.pem

/etc/apache2/ssl/mariadb.scsiraidguru.local.crt.pem: OK

openssl x509 -noout -text -in /root/ca/intermediate/certs/mariadb.scsiraidguru.local.crt.pem

Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4664 (0x1238)
Signature Algorithm: sha512WithRSAEncryption
Issuer: C = US, ST = Michigan, O = Home, OU = Basement, CN = interca.scsiraidguru.local, emailAddress = mike.mckenney@scsiraidguru.com
Validity
Not Before: Oct 2 01:24:12 2019 GMT
Not After : Sep 24 01:24:12 2049 GMT
Subject: C = US, ST = Michigan, L = Clinton Township, O = Home, CN = mariadb.scsiraidguru.local
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:62:ac:2b:ab:20:3b:b5:81:ed:be:88:cd:44:
af:52:9f:c9:cf:34:b1:d5:90:5d:5b:b5:77:9c:02:
49:9c:45:c4:b2:08:9f:49:21:a0:c7:49:75:89:62:
46:57:51:7b:d7:94:48:f1:72:5b:70:dc:b1:35:f7:
82:37:56:66:ed:5d:8f:a7:47:5a:f4:42:40:13:15:
39:ef:05:4e:ed:06:e6:bb:0f:eb:21:a7:24:31:56:
d9:85:4f:5b:aa:dd:27:ca:79:c1:70:49:63:ba:f0:
17:f1:55:82:85:44:48:29:4a:6a:45:56:44:3d:09:
b6:1b:e6:33:b3:17:ec:76:de:18:8f:ba:11:bb:15:
34:a6:ca:d7:35:82:8f:b6:2a:10:a1:eb:bb:a4:fb:
13:25:46:f0:1b:e8:96:a4:41:76:cf:12:21:39:d9:
62:f0:0e:c3:86:ef:28:45:1e:d6:4e:ea:8e:4a:24:
81:8c:c3:ec:5a:71:ba:fd:32:a1:9d:9d:6d:e1:b4:
58:56:65:ef:7a:13:8d:fe:13:26:7f:ee:69:4c:af:
2f:6d:c0:7b:06:53:d9:bf:9c:e6:c5:d7:0d:ca:20:
3a:ff:3e:16:f6:03:be:60:95:1c:01:82:a7:62:b9:
69:9c:89:64:07:46:3a:40:1c:c2:56:d4:08:56:be:
5b:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
OpenSSL Generated Server Certificate
X509v3 Subject Key Identifier:
31:17:B0:2B:77:D9:D8:6D:F7:09:7B:69:2C:85:D5:65:8E:9C:F3:9C
X509v3 Authority Key Identifier:
keyid:A5:94:3B:0F:47:FD:E4:E4:FF:AF:10:FA:99:A3:14:5B:F6:3B:53:8A
DirName:/C=US/ST=Michigan/L=Clinton Township/O=Home/OU=Basement/CN=rootca.scsiraidguru.local/emailAddress=mike.mckenney@scsiraidguru.com
serial:10:00

X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Subject Alternative Name:
DNS:[Fully Qualified Domain Name], DNS:[Any variation of FQDN], DNS:[Any variation of FQDN]
Signature Algorithm: sha512WithRSAEncryption
82:50:fd:f2:a4:0c:33:c8:fe:6d:9b:14:b6:f7:a7:fb:5b:41:
21:71:55:3a:1c:8e:fc:64:db:0e:6d:08:5b:3b:ee:d8:4e:70:
01:4d:43:a3:15:92:87:67:ce:7b:21:8c:a8:21:09:4c:aa:05:
10:62:63:3d:97:04:99:f2:f2:6c:e6:dc:8f:3b:c9:3c:7e:6a:
02:c9:86:9a:8a:52:65:39:4d:06:01:8f:86:50:19:e1:3b:6b:
c5:29:92:6c:5d:5a:90:2b:c0:63:50:19:7d:08:43:05:d0:4a:
47:6f:f2:6d:b3:c3:5b:20:c2:ee:c7:51:a1:bc:95:d8:b9:9d:
45:70:2c:ac:63:74:8a:77:73:1c:12:da:51:c5:17:86:2d:2a:
24:93:f5:f3:b4:c0:d4:8f:6d:4c:33:f0:2a:b3:f0:9f:9a:f1:
1b:d9:72:91:37:d8:cd:2e:9c:55:71:06:f9:e7:21:60:e9:2d:
d9:61:87:10:c4:1f:00:3d:1c:65:9d:d6:47:89:df:3e:29:26:
94:a0:bb:31:26:34:f8:bb:01:c0:28:8a:4f:88:80:21:ac:46:
67:74:bb:16:49:52:89:0e:d0:c2:7b:c5:c0:fc:e1:08:4f:79:
14:a1:c4:87:28:76:16:1d:4f:48:12:07:0a:35:03:70:e3:71:
be:5e:f8:fd:a2:72:03:49:2b:30:4b:b4:f0:23:80:6d:e2:f9:
df:ca:91:f8:f4:1c:fe:1e:7d:1a:4a:fe:6d:50:44:2f:3a:d8:
2c:64:1f:ed:62:dc:80:30:ac:8f:45:dd:38:5b:6b:b3:9c:0b:
9c:61:fc:c7:fc:61:08:bc:79:2a:aa:0f:53:a2:30:24:c1:d8:
08:11:bd:c2:d6:66:6a:b2:32:94:f9:8b:0f:c9:13:0f:66:44:
45:22:03:2f:64:f5:6a:d2:a1:19:f1:e4:86:71:e4:61:03:3a:
a9:e3:47:51:8f:27:98:00:6d:0c:93:4f:77:c1:be:29:41:3d:
a4:cd:c5:a0:27:9d:8d:9b:e2:3f:6d:0b:d2:39:0e:65:c3:7c:
a4:7e:aa:4e:59:80:c9:fb:29:16:d2:f1:b1:39:95:e9:ed:3f:
58:d7:07:3e:f7:3e:4a:12:45:fd:07:88:8d:0b:2e:34:01:65:
09:51:45:29:3a:39:f7:5f:cd:03:e9:a1:3f:7c:2b:8c:e0:19:
e9:25:7e:9f:c6:f5:76:3c:ee:53:52:0d:53:e3:57:b2:c7:2b:
06:eb:92:eb:c9:ec:9a:c8:84:cd:1b:63:f3:64:05:4b:ec:1d:
be:8e:c1:9d:14:ef:72:a8:72:e1:db:0e:15:05:a7:bf:7a:0d:
ba:94:fe:d4:f6:97:df:05

openssl rsa -noout -text -in /root/ca/intermediate/private/mariadb.scsiraidguru.local.key.pem

RSA Private-Key: (2048 bit, 2 primes)
modulus:
00:b2:62:ac:2b:ab:20:3b:b5:81:ed:be:88:cd:44:
af:52:9f:c9:cf:34:b1:d5:90:5d:5b:b5:77:9c:02:
49:9c:45:c4:b2:08:9f:49:21:a0:c7:49:75:89:62:
46:57:51:7b:d7:94:48:f1:72:5b:70:dc:b1:35:f7:
82:37:56:66:ed:5d:8f:a7:47:5a:f4:42:40:13:15:
39:ef:05:4e:ed:06:e6:bb:0f:eb:21:a7:24:31:56:
d9:85:4f:5b:aa:dd:27:ca:79:c1:70:49:63:ba:f0:
17:f1:55:82:85:44:48:29:4a:6a:45:56:44:3d:09:
b6:1b:e6:33:b3:17:ec:76:de:18:8f:ba:11:bb:15:
34:a6:ca:d7:35:82:8f:b6:2a:10:a1:eb:bb:a4:fb:
13:25:46:f0:1b:e8:96:a4:41:76:cf:12:21:39:d9:
62:f0:0e:c3:86:ef:28:45:1e:d6:4e:ea:8e:4a:24:
81:8c:c3:ec:5a:71:ba:fd:32:a1:9d:9d:6d:e1:b4:
58:56:65:ef:7a:13:8d:fe:13:26:7f:ee:69:4c:af:
2f:6d:c0:7b:06:53:d9:bf:9c:e6:c5:d7:0d:ca:20:
3a:ff:3e:16:f6:03:be:60:95:1c:01:82:a7:62:b9:
69:9c:89:64:07:46:3a:40:1c:c2:56:d4:08:56:be:
5b:d9
publicExponent: 65537 (0x10001)
privateExponent:
61:31:9a:15:80:fb:e3:0c:96:6a:6f:32:22:85:95:
f1:32:d6:c6:6b:33:a9:e5:2a:b8:d9:3a:fe:69:d0:
a9:b0:e9:e7:07:03:a2:d9:0b:bd:09:ad:5c:d9:8a:
f1:f0:97:c5:72:29:fc:44:0e:c6:83:b8:9a:6a:ed:
2c:31:8b:8b:31:3b:20:2d:a4:c5:09:83:d7:e1:ec:
da:ea:cd:82:20:0c:7f:47:c1:19:68:f4:33:5d:da:
ce:e3:da:52:52:85:67:b0:c7:50:e2:eb:cf:e3:19:
68:88:ea:c0:a9:df:97:7f:d0:3f:4f:2d:87:04:4f:
91:0b:f0:87:58:35:a2:dd:9e:71:e4:06:a5:9d:fb:
55:f3:61:b3:14:9c:3c:e5:74:79:64:55:db:e1:3d:
4a:bb:10:ea:65:58:54:7e:bf:cf:e8:3a:7d:8a:a3:
fc:8d:ac:aa:be:06:56:22:49:a4:e4:9a:20:4a:b8:
eb:6e:f2:a7:33:85:4e:9d:ff:fc:f5:0a:c2:5e:b1:
c9:9e:b7:41:2b:27:4d:b2:5b:b4:76:a4:b4:f1:2b:
d3:ec:01:bb:48:94:88:01:38:f0:17:68:ec:c4:07:
a4:38:0b:1e:bc:fa:3a:09:00:2d:63:02:92:66:86:
27:df:81:ed:70:85:8a:8d:31:48:ef:0e:c5:0b:1b:
71
prime1:
00:e7:54:8d:3e:63:e5:a7:44:0d:b5:c0:1d:b9:77:
3a:41:90:6f:72:eb:b1:ce:ec:30:32:28:67:01:fd:
fd:60:e7:d5:5b:9a:7e:5c:60:f8:d1:41:db:02:cb:
08:6e:02:1f:83:3c:97:be:b1:a0:c5:8c:fd:ce:e7:
16:b3:14:f8:ab:c1:c8:3c:9d:05:76:35:20:ee:86:
38:ae:55:74:31:70:58:3f:e9:5e:cb:36:aa:8e:1d:
f3:ed:60:f3:26:df:f5:f1:f8:6f:e9:2b:56:7c:bf:
32:a3:8c:4c:fa:26:00:ff:69:34:70:d2:03:3d:38:
b4:dc:1e:6b:78:6b:40:0d:5b
prime2:
00:c5:68:b2:50:37:a2:f1:1f:fc:e1:dd:28:d9:72:
66:60:ed:93:75:e3:7a:02:52:c7:e9:4c:e7:ae:19:
fc:04:97:8b:28:66:f7:e8:23:6b:91:39:45:ec:09:
1f:c9:51:ff:0a:ac:78:d2:69:85:11:98:45:1e:1c:
cb:bb:68:fa:0b:be:2e:35:2f:e5:3d:fe:a4:9e:33:
46:50:50:33:17:3a:ac:71:ee:b7:9e:b9:88:e4:46:
74:58:55:9a:56:8d:9e:14:8b:b9:cb:52:ce:57:bf:
5b:92:7a:c0:0b:33:a6:8b:88:e4:68:8c:38:ba:b4:
9f:d2:1a:3c:dc:49:40:fd:db
exponent1:
00:b5:47:37:ec:25:62:89:22:36:50:30:3d:da:e2:
08:bf:ea:4c:bb:d4:e1:a0:d2:cb:ad:f2:a5:4e:15:
58:a2:c0:ea:1c:7f:c3:f7:e6:71:f5:a1:d2:db:ac:
79:6d:a3:b2:48:28:8a:8d:80:2b:09:c4:43:fd:08:
70:6c:63:c9:be:e6:fb:60:2c:78:64:3a:9c:14:ef:
0f:a9:e6:03:48:de:cd:f9:3f:8a:ee:5a:67:6b:39:
23:b6:e8:9b:82:e2:4c:9c:92:e0:37:eb:a3:39:dc:
a6:f5:2c:f4:01:af:18:67:0e:6d:6e:df:d4:73:fc:
65:16:7d:ac:20:50:83:80:33
exponent2:
77:66:4e:cb:b4:0b:0a:da:b5:22:8b:98:c4:84:ac:
25:9e:2c:9d:96:3b:da:a1:e5:26:58:0c:9d:42:3c:
2b:2e:d9:cd:53:12:48:c6:fb:ad:b7:bd:71:f9:46:
cf:86:97:c3:05:f4:82:17:ae:93:a8:cc:cd:5c:cf:
61:08:2a:8c:e5:b7:9f:15:dc:0a:f6:34:ed:36:c8:
25:95:8c:81:55:4c:ae:10:9b:e1:16:09:15:41:03:
e7:d5:c6:e6:e8:fb:1f:24:2f:f9:29:99:82:7b:4c:
50:b9:8b:e4:7a:96:16:39:73:25:45:02:9e:f2:d6:
e3:c6:58:df:48:33:56:17
coefficient:
47:27:6f:02:01:92:0c:97:04:61:a7:c0:43:e4:82:
da:e3:ce:1d:ab:17:c6:89:73:05:e7:7b:b0:22:48:
78:f5:7a:c7:48:69:d8:73:67:e6:71:c1:4e:2d:87:
46:53:13:eb:66:5c:53:9f:42:f0:e3:97:7e:42:b4:
ce:aa:bf:43:d1:1b:be:e3:1a:f4:1e:05:48:82:97:
04:97:83:da:08:5b:51:b3:97:a4:e6:7b:f3:0d:88:
5e:83:6b:ce:66:9d:8f:f7:c0:ed:f7:74:0a:95:4f:
b2:e7:99:35:6b:17:23:f1:33:ce:60:0b:86:ad:f6:
f0:47:69:e8:f9:18:a7:c6
root@interca:~/ca#

openssl x509 -noout -modulus -in /root/ca/intermediate/certs/mariadb.scsiraidguru.local.crt.pem | openssl md5 ;\
openssl rsa -noout -modulus -in /root/ca/intermediate/private/mariadb.scsiraidguru.local.key.pem | openssl md5

(stdin)= 0c959379dbaaddfc0e7af4078d0bf4e7
(stdin)= 0c959379dbaaddfc0e7af4078d0bf4e7

(openssl x509 -noout -modulus -in /root/ca/intermediate/certs/mariadb.scsiraidguru.local.crt.pem | openssl md5 ;\
openssl rsa -noout -modulus -in /root/ca/intermediate/private/mariadb.scsiraidguru.local.key.pem | openssl md5) | uniq

(stdin)= 0c959379dbaaddfc0e7af4078d0bf4e7

Back to top