December | 2018 | forum of geeks

1. Generate CA Certificate
1.1 Generate private Key
> openssl genrsa -out CA.key 2048

1.2 Generate CA CSR
> openssl req -new -sha256 -key CA.key -out CA.csr -subj “/C=US/ST=Massachusetts/L=Boston/O=My Company/CN=CA CERTIFICATE”

1.3 Generate CA Certificate (10 years)
> openssl x509 -signkey CA.key -in CA.csr -req -days 3650 -out CA.pem

2. Generate Server Certificate signed by CA
2.1 Generate private Key
> openssl genrsa -out ServerCert_signedByCA.key 2048

2.2 Create Server CSR
> openssl req -new -sha256 -key ServerCert_signedByCA.key -out ServerCert_signedByCA.csr -subj “/C=US/ST=Massachusetts/L=Boston/O=My Company/CN=lab.mycompany$

2.3 Generate Server Certificate
> openssl x509 -req -in ServerCert_signedByCA.csr -CA CA.pem -CAkey CA.key -CAcreateserial -out ServerCert_signedByCA.crt -days 3650 -sha256

2.4 View Certificate
> openssl x509 -text -noout -in ServerCert_signedByCA.crt

3. Generate Client Certificate signed by CA
3.1 Generate private Key
> openssl genrsa -out ClientCert_signedByCA.key 2048

3.2 Create Client CSR
> openssl req -new -sha256 -key ClientCert_signedByCA.key -out ClientCert_signedByCA.csr -subj “/C=US/ST=Massachusetts/L=Boston/O=My Company/CN=client”

3.3 Generate Client Certificate
> openssl x509 -req -in ClientCert_signedByCA.csr -CA CA.pem -CAkey CA.key -CAcreateserial -out ClientCert_signedByCA.crt -days 3650 -sha256

3.4 #View Certificate
> openssl x509 -text -noout -in ClientCert_signedByCA.crt

forum of geeks

4 out of 5 dentists recommend this WordPress.com site

Monthly Archives: December 2018

Procedures to generate CA certificate, server and client certificates signed by CA using Openssl