Last active
December 26, 2015 22:49
-
-
Save jamescarr/7226053 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create the CA Key and Certificate for signing Client Certs | |
| openssl genrsa -des3 -out ca.key 4096 | |
| openssl rsa -in ca.key -out ca.key # remove password! | |
| openssl req -new -x509 -days 365 -key ca.key -out ca.crt | |
| # Create the Server Key, CSR, and Certificate | |
| openssl genrsa -des3 -out server.key 1024 | |
| openssl rsa -in server.key -out server.key # remove password! | |
| openssl req -new -key server.key -out server.csr | |
| # We're self signing our own server cert here. This is a no-no in production. | |
| openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt | |
| # Create the Client Key and CSR | |
| openssl genrsa -des3 -out client.key 1024 | |
| openssl rsa -in client.key -out client.key # no password! | |
| openssl req -new -key client.key -out client.csr | |
| # Sign the client certificate with our CA cert. Unlike signing our own server cert, this is what we want to do. | |
| openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment