Monday, June 29, 2009

Creating a self-signed PKC212 certificate

These directions were taken from: http://marc.info/?l=apache-ssl&m=109047232527559&w=2

Create a new directory structure to house everything so that we can create our own CA (I used '/tmp/cert' for this):
  1. mkdir -p /tmp/cert/CA/newcerts
  2. touch /tmp/cert/CA/index.txt
  3. echo "00" > /tmp/cert/CA/serial
  4. mkdir -p /tmp/cert/1/2

(the "1/2" directory is arbitrary. The following process wants to write stuff to../../CA/* and thus the "1/2" fits my needs.)


Change to the appropriate directory:
  1. cd /tmp/cert/1/2

Create the CA key:
  1. openssl genrsa -des3 -out ca.key 1024

Create the CA certificate:
  1. openssl req -new -x509 -days 365 -key ca.key -out ca.crt

Generate client (private) key:
  1. openssl genrsa -des3 -out client.key 1024

Generate client certificate request:
  1. openssl req -new -key client.key -out client.csr -days 1

Certify the client cert using our own CA:
  1. openssl ca -in client.csr -out client.crt -keyfile ca.key -cert ca.crt -days 1

Generate .p12 cert:
For CA:
  1. openssl pkcs12 -export -in cacert.pem -inkey cakey.pem -out ca.p12
For client:
  1. openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12

0 Comments:

Post a Comment

<< Home