By Marone: December 2019

Goal

This tutorial is about how to create certificates with openssl

Used technologies

OpenSSL 1.1.1d
Keytool

server-side

openssl serverside

Script for server-side


  • The first command generates a private key called wstutorialPrivate.key. We used the RSA algorithm genrsa with a key length of 4096 bits.
  • The second command creates a certificate signing request. To prevent prompt we pass -subj option with a argument
  • The subj argument takes key-value pairs, separated by a slash. The required fields are listed below:
  • Field Meaning Value
    /C= Country Name US
    /ST= State or Province Name Ohio
    /L= Locality Name Ohio
    /O= Organization Name wstutorial
    /OU= Organizational Unit Name IT Department
    /CN= Common Name wstutorial.com
  • For test purpose, we create a self-signed certificate, this certificate will expire in 365 days
  • In Step 4 we store private key and the certificate in a keystore with pkcs12 format
  • In Step 5 we store the certificate in a truststore, the format ist jks

client-side

openssl serverside

Script for client-side


  • The first command generates a private key called wstutorialPrivate.key. We used the RSA algorithm genrsa with a key length of 4096 bits.
  • The second command creates a certificate signing request. To prevent prompt we pass -subj option with a argument
  • Generally the csr shoul be send to Certificate Authority (CA) to be signed.In this tutorial we will sign the CSR on behalf of the server certificate
  • After getting the certificate marone.crt back, we store it along with the private key in a PKCS12 keystore
  • The subj parameter is analog to server-side subj on top

References