Creating SSL Certificates

From Pabut
Jump to: navigation, search

Steps to create a CA cert and a server key and cert

  • set up CA directory structure:
mkdir /root/CA
chmod 0770 CA
cd CA
  • Create the CA key
openssl genrsa -des3 -out my-ca.key 2048
  • Create the CA cert
openssl req -new -x509 -days 3650 -key my-ca.key -out my-ca.crt
  • Examine the CA cert
openssl x509 -in my-ca.crt -text -noout
  • Create the server key
openssl genrsa -des3 -out pabut-server.key 1024
  • Create the certificate request
openssl req -new -key pabut-server.key -out pabut-server.csr
  • sign the cert request with the CA cert yielding a server cert
openssl x509 -req -in pabut-server.csr -out pabut-server.crt -sha1 -CA my-ca.crt -CAkey my-ca.key -CAcreateserial -days 3650
  • examine the server cert
openssl x509 -in pabut-server.crt -text -noout

Creating a client key

  • create a private key
openssl genrsa -des3 -out bangzoom.key
  • create a certificate request
openssl req -new -key bangzoom.key -out bangzoom.csr
  • Certify the request with the CA key
openssl x509 -req -in bangzoom.csr -out bangzoom.crt -sha1 -CA my-ca.crt -CAkey my-ca.key -CAcreateserial -days 3650
  • export the key in pkcs12 format
openssl pkcs12 -export -in bangzoom.crt -inkey bangzoom.key -name "bangzoom Certificate" -out bangzoom.p12
  • examine the key
openssl pkcs12 -in bangzoom.p12 -clcerts -nokeys -info