By Marone: December 2019
Create certificates with openssl
Goal
This tutorial is about how to create certificates with opensslUsed technologies
OpenSSL 1.1.1dKeytool
server-side
Script for server-side
- The first command generates a private key called wstutorialPrivate.key. We used the RSA algorithm
genrsawith a key length of 4096 bits. - The second command creates a
certificate signing request. To prevent prompt we pass-subjoption with a argument - The subj argument takes key-value pairs, separated by a slash. The required fields are listed below:
- For test purpose, we create a self-signed certificate, this certificate will expire in
365days - In Step 4 we store private key and the certificate in a keystore with
pkcs12format - In Step 5 we store the certificate in a truststore, the format ist jks
| Field | Meaning | Value |
|---|---|---|
| /C= | Country Name | US |
| /ST= | State or Province Name | Ohio |
| /L= | Locality Name | Ohio |
| /O= | Organization Name | wstutorial |
| /OU= | Organizational Unit Name | IT Department |
| /CN= | Common Name | wstutorial.com |
client-side
Script for client-side
- The first command generates a private key called wstutorialPrivate.key. We used the RSA algorithm
genrsawith a key length of 4096 bits. - The second command creates a
certificate signing request. To prevent prompt we pass-subjoption with a argument - Generally the csr shoul be send to Certificate Authority
(CA)to be signed.In this tutorial we will sign the CSR on behalf of the server certificate - After getting the certificate
marone.crtback, we store it along with the private key in a PKCS12 keystore - The subj parameter is analog to server-side subj on top