Creating a self-signed PKC212 certificate
These directions were taken from: http://marc.info/?l=apache-ssl&m=109047232527559&w=2
Create a new directory structure to house everything so that we can create our own CA (I used '/tmp/cert' for this):
- mkdir -p /tmp/cert/CA/newcerts
- touch /tmp/cert/CA/index.txt
- echo "00" > /tmp/cert/CA/serial
- mkdir -p /tmp/cert/1/2
(the "1/2" directory is arbitrary. The following process wants to write stuff to../../CA/* and thus the "1/2" fits my needs.)
Change to the appropriate directory:
- cd /tmp/cert/1/2
Create the CA key:
- openssl genrsa -des3 -out ca.key 1024
Create the CA certificate:
- openssl req -new -x509 -days 365 -key ca.key -out ca.crt
Generate client (private) key:
- openssl genrsa -des3 -out client.key 1024
Generate client certificate request:
- openssl req -new -key client.key -out client.csr -days 1
Certify the client cert using our own CA:
- openssl ca -in client.csr -out client.crt -keyfile ca.key -cert ca.crt -days 1
Generate .p12 cert:
For CA:
- openssl pkcs12 -export -in cacert.pem -inkey cakey.pem -out ca.p12
- openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12