First generate Certification Authority key. Entering pasword is recommended.
$ openssl genrsa -des3 -out myCA.key 4096Change permissions of the key.
$ chmod 400 myCA.keyGenerate Root certificate for the Certification Authority.
$ openssl req -x509 -new -nodes -key myCA.key -sha256 -days 3650 -out myCA-certificate.pemOpen Chrome/Chromium Settings > Advanced > Manage Certificates > Authorities
Click on Import and select myCA-certificate.pem file.
On ios devices, send email with myCA-certificate.pem attached, and tap the file, install it.
Once, root certificate is installed, all the certificates signed using it will work on the devices.
First generate key.
$ openssl genrsa -out host.key 4096Now, generate Certificate Signing Request (CSR) using the key.
openssl req -new -key host.key -out host.csrCreate a new file with following contents and save it as host.ext
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = host.com
DNS.2 = *.host.com
Finally create certificate with following command.
openssl x509 \
-req \
-in host.csr \
-CA myCA-certificate.pem -CAkey myCA.key -CAcreateserial \
-out host.crt \
-days 365 -sha256 \
-extfile host.extFirst generate key.
$ openssl genrsa -out client.key 4096Now, generate Certificate Signing Request (CSR) using the key.
openssl req -new -key client.key -out client.csrFinally create certificate with following command.
openssl x509 \
-req \
-in client.csr \
-CA myCA-certificate.pem -CAkey myCA.key -CAcreateserial \
-out client.crt \
-days 365 -sha256Now generate PKCS #12
openssl pkcs12 -export -out client.pfx -inkey client.key -in client.crt -certfile myCA-certificate.crt