daan/runelab-ca

Daan Boerlage b2b2f7c06e

2023-11-20 00:03:35 +01:00

658 B

Raw Blame History

Runelab CA

A certificate authority for the homelab.

The master key is a yubikey kept in a physical vault at a bank.

Signing

Required Software

OpenSSL
YKCS11
- AUR Link

Generating the Root

# Creating the CSR
openssl req -new -engine pkcs11 -keyform engine -key "pkcs11:object=Private key for PIV Authentication" -out server.csr
# Signing the CSR
openssl x509 -req -sha256 -days 8000 -in server.csr -engine pkcs11 -keyform engine -signkey "pkcs11:object=Private key for PIV Authentication" -out server.crt