Creating SSL Certificates
Jump to navigation
Jump to search
Steps to create a CA cert and a server key and cert
- set up CA directory structure:
- mkdir /root/CA
- chmod 0770 CA
- cd CA
- Create the CA key
- openssl genrsa -des3 -out my-ca.key 2048
- Create the CA cert
- openssl req -new -x509 -days 3650 -key my-ca.key -out my-ca.crt
- Examine the CA cert
- openssl x509 -in my-ca.crt -text -noout
- Create the server key
- openssl genrsa -des3 -out pabut-server.key 1024
- Create the certificate request
- openssl req -new -key pabut-server.key -out pabut-server.csr
- sign the cert request with the CA cert yielding a server cert
- openssl x509 -req -in pabut-server.csr -out pabut-server.crt -sha1 -CA my-ca.crt -CAkey my-ca.key -CAcreateserial -days 3650
- examine the server cert
- openssl x509 -in pabut-server.crt -text -noout
Creating a client key
- create a private key
- openssl genrsa -des3 -out bangzoom.key
- create a certificate request
- openssl req -new -key bangzoom.key -out bangzoom.csr
- Certify the request with the CA key
- openssl x509 -req -in bangzoom.csr -out bangzoom.crt -sha1 -CA my-ca.crt -CAkey my-ca.key -CAcreateserial -days 3650
- export the key in pkcs12 format
- openssl pkcs12 -export -in bangzoom.crt -inkey bangzoom.key -name "bangzoom Certificate" -out bangzoom.p12
- examine the key
- openssl pkcs12 -in bangzoom.p12 -clcerts -nokeys -info