http://pabut.org/wiki/index.php?action=history&feed=atom&title=Creating_SSL_CertificatesCreating SSL Certificates - Revision history2026-04-17T11:04:43ZRevision history for this page on the wikiMediaWiki 1.42.3http://pabut.org/wiki/index.php?title=Creating_SSL_Certificates&diff=10&oldid=prevPabut: Created page with "== Steps to create a CA cert and a server key and cert == *set up CA directory structure: :mkdir /root/CA :chmod 0770 CA :cd CA *Create the CA key :openssl genrsa -des3 -out..."2015-01-14T15:42:05Z<p>Created page with "== Steps to create a CA cert and a server key and cert == *set up CA directory structure: :mkdir /root/CA :chmod 0770 CA :cd CA *Create the CA key :openssl genrsa -des3 -out..."</p>
<p><b>New page</b></p><div>== Steps to create a CA cert and a server key and cert ==<br />
<br />
*set up CA directory structure:<br />
:mkdir /root/CA<br />
:chmod 0770 CA<br />
:cd CA<br />
<br />
*Create the CA key<br />
:openssl genrsa -des3 -out my-ca.key 2048<br><br />
<br />
*Create the CA cert<br />
:openssl req -new -x509 -days 3650 -key my-ca.key -out my-ca.crt<br />
<br />
*Examine the CA cert<br />
:openssl x509 -in my-ca.crt -text -noout<br />
<br />
*Create the server key<br />
:openssl genrsa -des3 -out pabut-server.key 1024<br />
<br />
*Create the certificate request<br />
:openssl req -new -key pabut-server.key -out pabut-server.csr<br />
<br />
*sign the cert request with the CA cert yielding a server cert<br />
:openssl x509 -req -in pabut-server.csr -out pabut-server.crt -sha1 -CA my-ca.crt -CAkey my-ca.key -CAcreateserial -days 3650<br />
<br />
*examine the server cert<br />
:openssl x509 -in pabut-server.crt -text -noout<br />
<br />
== Creating a client key ==<br />
<br />
*create a private key<br />
:openssl genrsa -des3 -out bangzoom.key<br />
<br />
*create a certificate request<br />
:openssl req -new -key bangzoom.key -out bangzoom.csr<br />
<br />
*Certify the request with the CA key<br />
:openssl x509 -req -in bangzoom.csr -out bangzoom.crt -sha1 -CA my-ca.crt -CAkey my-ca.key -CAcreateserial -days 3650<br />
<br />
*export the key in pkcs12 format<br />
:openssl pkcs12 -export -in bangzoom.crt -inkey bangzoom.key -name "bangzoom Certificate" -out bangzoom.p12<br />
<br />
*examine the key<br />
:openssl pkcs12 -in bangzoom.p12 -clcerts -nokeys -info</div>Pabut