Last active
December 28, 2015 16:09
-
-
Save masihyeganeh/7527325 to your computer and use it in GitHub Desktop.
Generating Self-signed Certificate
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| mkdir keys # All keys will be generated in this folder | |
| openssl genrsa -out keys/rootCA.key 2048 -des3 # CA Private key | |
| openssl req -x509 -new -nodes -key keys/rootCA.key -days 1024 -out keys/rootCA.pem # CA self-signed certificate valid for 1024 days | |
| # CA certificate should be imported to all devices that are using these self-signed certificates | |
| openssl genrsa -out keys/server.key 2048 # Server private key | |
| openssl req -new -key keys/server.key -out keys/server.csr # Server certificate signing request | |
| openssl x509 -req -in keys/server.csr -CA keys/rootCA.pem -CAkey keys/rootCA.key -CAcreateserial -out keys/server.crt -days 1024 # Common Name should be server's host name or ip | |
| openssl genrsa -out keys/client.key 2048 # Client private key | |
| openssl req -new -key keys/client.key -out keys/client.csr # Client certificate signing request | |
| openssl x509 -req -in keys/client.csr -CA keys/rootCA.pem -CAkey keys/rootCA.key -CAcreateserial -out keys/client.crt -days 1024 # Common Name should be client's host name or ip |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What this says anyway?