openssl.txt

# Create CA

openssl genrsa -des3 -out ./ssl/rootCA.key -passout file:./ssl/pass 2048
# Check: openssl rsa -in ssl/rootCA.key -check

openssl req -x509 -new -nodes -key ./ssl/rootCA.key -sha256 -days 1024 -out ./ssl/rootCA.pem -passin file:./ssl/pass -subj "/C=PK/ST=Balochistan/L=Quetta/O=Hajiabad/CN=ca.ghazan.work"
# Check: openssl x509 -in ./ssl/rootCA.pem -text


# Create self signed cert

openssl req -new -sha256 -nodes -out ./ssl/server.csr -newkey rsa:2048 -keyout ./ssl/server.key -config <( cat ssl/server.csr.cnf )
# Check: openssl rsa -in ssl/server.key -check

openssl x509 -req -in ./ssl/server.csr -CA ./ssl/rootCA.pem -CAkey ./ssl/rootCA.key -CAcreateserial -out ./ssl/server.crt -days 500 -sha256 -extfile ./ssl/v3.ext -passin file:./ssl/pass
# Check: openssl x509 -in ssl/server.crt -text -noout


# Client key

#openssl genrsa -des3 -passout file:./ssl/pass -out ./ssl/client.key 1024
openssl genrsa -out ./ssl/client.key 1024
# Check: openssl rsa -in ssl/client.key -check

#openssl req -new -key ./ssl/client.key -passin file:./ssl/pass -subj "/C=PK/ST=Balochistan/L=Quetta/O=Hajiabad/CN=ghazan.work" -out ./ssl/client.csr
openssl req -new -key ./ssl/client.key -subj "/C=PK/ST=Balochistan/L=Quetta/O=Hajiabad/CN=ghazan.work" -out ./ssl/client.csr
# Check:

#openssl x509 -req -days 999 -in ./ssl/client.csr -CA ./ssl/rootCA.pem -CAkey ./ssl/rootCA.key -set_serial 01 -passin file:./ssl/pass -out ./ssl/client.crt
openssl x509 -req -days 999 -in ./ssl/client.csr -CA ./ssl/rootCA.pem -CAkey ./ssl/rootCA.key -set_serial 01 -out ./ssl/client.crt
# Check: openssl x509 -in ssl/client.crt -text -noout


# Convert to pkcs12:

#openssl pkcs12 -export -clcerts -in ./ssl/client.crt -inkey ./ssl/client.key -passin file:./ssl/pass -passout pass: -out ./ssl/client.p12
openssl pkcs12 -export -clcerts -in ./ssl/client.crt -inkey ./ssl/client.key -out ./ssl/client.p12 -password file:./ssl/pass
# Checks: openssl pkcs12 -info -in ssl/client.p12