-
Notifications
You must be signed in to change notification settings - Fork 11
Generating CA and Client certificate
Birger Jarl edited this page Oct 6, 2017
·
2 revisions
Note: please don't blindly copy-paste the commands. It's important for you to know what you're doing.
openssl genrsa -out ca.key 2048
openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
When asked for the email, enter email of your app's user which will be autheticated with this certificate.
openssl req -new -utf8 -nameopt multiline,utf8 -newkey rsa:2048 -nodes -keyout client.key -out client.csr
openssl x509 -req -days 3650 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt
Optionally, generate a PKCS certificate to be installed into the browser, mobile or whatever:
openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.p12
For each user goto step 2.