This blog post is about how to create ssl certificate using openssl. you require openssl software to create certificate so you can download the openssl binaries from here
https://www.openssl.org/source/
Below are the steps required to create ssl certificate
Create Root CA Key
genrsa -des3 -out ca.key 1024
This command generate 1024-bit key with password
https://www.openssl.org/source/
Below are the steps required to create ssl certificate
- Create Root CA Key
- Create Root CA based on the CA Key
- Create Subordinate certificate key
- Create subordinate certificate request
- Signed the subordinate certificate with the Root CA
genrsa -out ca.key 1024
This command create 1024-bit key with no password
genrsa -des3 -out ca.key 1024
This command generate 1024-bit key with password
Create Self Signed Root CA
req -new -x509 -days 730 -key ca.key -out ca.crt
ca.crt is root ca which is valid for 2 years.
Create subordinate certificate key
genrsa -out ia.key 1024
The key generated is 1024-bit with no password, you can create with password as created above for Root CA.
Note: Size of the key should be same
Create subordinate certificate request
req -new -key ia.key -out ia.csr
Signed subordinate certificate with Root CA
x509 -req -days 365 -in ia.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out ia.crt
This is a signed certificate valid for 1 year and used for actual signing. so use the ia.crt as certificate and ia.key its private key.
No comments:
Post a Comment