SSH-PEM-to-PFX

openssl.md

root

openssl pkcs12 -export -out rootca.pfx -in <FILE_NAME>.pem -nokeys

certificate

openssl pkcs12 -export -out mycert.pfx -inkey private.pem -in public.crt

---

root CA

root

1. Generate Root key for root CA

openssl genrsa -out rootCA.key 4096

2. Generate root certificate

openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 3650 -out rootCA.crt

OR

openssl req -x509  -new -nodes -key rootCA.key \
  -days 3650 \
  -out rootCA.crt \
  -subj "/C=SA/ST=MK/L=MVT/O=<ORG>/OU=Cloud/CN=<COMMON_NAME>"

SSL using custom CA

1. Generate Server key (private) for certificate

openssl genrsa -out server.key 2048

2. Create a Certificate Signing Request (CSR) for the Client/Server

openssl req -new -key server.key -out server.csr

3. Sign CSR with custom root CA

openssl x509 -req -in server.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out server.crt -days 365 -sha256

verify

openssl verify -CAfile rootCA.crt server.crt

server.crt: OK