dungdt88/Self-signed Server -client certificate.md

Last active February 19, 2017 08:06

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/dungdt88/2b124eab8f2e447b1d0e4ef87aadc131.js"></script>
Save dungdt88/2b124eab8f2e447b1d0e4ef87aadc131 to your computer and use it in GitHub Desktop.

Download ZIP

Raw

Self-signed Server -client certificate.md

Create the CA Key and Certificate for signing Client Certs

openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 1095 -key ca.key -out ca.crt

Create the Server Key, CSR, and Certificate

openssl genrsa -out server.key 4096
openssl req -new -key server.key -out server.csr

We're self signing our own server cert here. This is a no-no in production.

openssl x509 -req -days 1095 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt

Create the Client Key and CSR

openssl genrsa -out client.key 2048
openssl req -new -key client.key -out client.csr

Sign the client certificate with our CA cert. Unlike signing our own server cert, this is what we want to do.

openssl x509 -req -days 1095 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment