Saturday, January 23, 2016

How to generate ssl certificate using openssl

This blog post is about how to create ssl certificate using openssl. you require openssl software to create certificate so you can download the openssl binaries from here
https://www.openssl.org/source/

Below are the steps required to create ssl certificate

  • Create Root CA Key
  • Create Root CA based on the CA Key
  • Create Subordinate certificate key
  • Create subordinate certificate request 
  • Signed the subordinate certificate with the Root CA


Create Root CA Key

genrsa -out ca.key 1024

This command create 1024-bit key with no password







genrsa -des3 -out ca.key 1024

This command generate 1024-bit key with password




Create Self Signed Root CA

req -new -x509 -days 730 -key ca.key -out ca.crt

ca.crt is root ca which is valid for 2 years.

Create subordinate certificate key

genrsa -out ia.key 1024

The key generated is 1024-bit with no password, you can create with password as created above for  Root CA.

Note: Size of the key should be same

Create subordinate certificate request

req -new -key ia.key -out ia.csr


Signed subordinate certificate with Root CA

x509 -req -days 365 -in ia.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out ia.crt



This is a signed certificate valid for 1 year and used for actual signing. so use the ia.crt as certificate and ia.key its private key.

No comments:

Post a Comment