Wednesday, November 25, 2015

Creating a self-signed certificate with own CA

This post is a short howto for creating own certification authority (CA) and generating and signing certificate with this CA.


1 Create the Root Certificate

The first step is to create the CA private key:
  • openssl genrsa -out rootCA.key 2048
NOTE: it can be also password protected by specifying -des3 option.

The next step is to self-sign this key:
  • openssl req -x509 -new -nodes -key rootCA.key -days 365 -out rootCA.pem

2 Create a Self-signed Certificate

First, you’ll need to create a private key:
  • openssl genrsa -out device.key 2048

Once the key is created, generate the certificate signing request (CSR):
  • openssl req -new -key device.key -out device.csr

Last step is to sign the CSR, which requires the CA private key:
  • openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days 500
Posted by krisko at 1:29 PM
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)