Creating a self-signed PKC212 certificate

These directions were taken from: http://marc.info/?l=apache-ssl&m=109047232527559&w=2

Create a new directory structure to house everything so that we can create our own CA (I used '/tmp/cert' for this):

1. mkdir -p /tmp/cert/CA/newcerts
2. touch /tmp/cert/CA/index.txt
3. echo "00" > /tmp/cert/CA/serial
4. mkdir -p /tmp/cert/1/2

(the "1/2" directory is arbitrary. The following process wants to write stuff to../../CA/* and thus the "1/2" fits my needs.)


Change to the appropriate directory:

1. cd /tmp/cert/1/2

Create the CA key:

1. openssl genrsa -des3 -out ca.key 1024

Create the CA certificate:

1. openssl req -new -x509 -days 365 -key ca.key -out ca.crt

Generate client (private) key:

1. openssl genrsa -des3 -out client.key 1024

Generate client certificate request:

1. openssl req -new -key client.key -out client.csr -days 1

Certify the client cert using our own CA:

1. openssl ca -in client.csr -out client.crt -keyfile ca.key -cert ca.crt -days 1

Generate .p12 cert:
For CA:

1. openssl pkcs12 -export -in cacert.pem -inkey cakey.pem -out ca.p12

For client:

1. openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12