■ Requirement : Generate CA certificate for server & client communication.
■ OS Environment : Linux
■ Application : openssl
■ Implementation Steps :
1. Create certification authority :
$ cd /etc/newcerts
$ openssl genrsa 2048 > ca-key.pem
$ openssl req -new -x509 -nodes -days 1000 -key ca-key.pem > ca-cert.pem
NOTE: Last command will ask for details of certificate provider. So, provide short names
2. Creating certificate for server using above CA certificate :
$ openssl req -newkey rsa:2048 -days 1000 -nodes -keyout server-key.pem > server-req.pem
$ openssl x509 -req -in server-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
NOTE: First command may ask for a password. Don't provide it. Just press enter key for two times.
3. Creating certificate for client using above CA certificate(similar like server) :
$openssl req -newkey rsa:2048 -days 1000 -nodes -keyout client-key.pem > client-req.pem .
$openssl x509 -req -in client-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem
NOTE : Provide details of client owner who will contact server. Client will be able to contact to server using client-cert.pem and server will consult it its server-cert.pem and approve encryption.
■ OS Environment : Linux
■ Application : openssl
■ Implementation Steps :
1. Create certification authority :
$ cd /etc/newcerts
$ openssl genrsa 2048 > ca-key.pem
$ openssl req -new -x509 -nodes -days 1000 -key ca-key.pem > ca-cert.pem
NOTE: Last command will ask for details of certificate provider. So, provide short names
2. Creating certificate for server using above CA certificate :
$ openssl req -newkey rsa:2048 -days 1000 -nodes -keyout server-key.pem > server-req.pem
$ openssl x509 -req -in server-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
NOTE: First command may ask for a password. Don't provide it. Just press enter key for two times.
3. Creating certificate for client using above CA certificate(similar like server) :
$openssl req -newkey rsa:2048 -days 1000 -nodes -keyout client-key.pem > client-req.pem .
$openssl x509 -req -in client-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem
NOTE : Provide details of client owner who will contact server. Client will be able to contact to server using client-cert.pem and server will consult it its server-cert.pem and approve encryption.