By Marone: December 2019
Create certificates with openssl
Goal
This tutorial is about how to create certificates with opensslUsed technologies
OpenSSL 1.1.1dKeytool
server-side
Script for server-side
- The first command generates a private key called wstutorialPrivate.key. We used the RSA algorithm
genrsa
with a key length of 4096 bits. - The second command creates a
certificate signing request
. To prevent prompt we pass-subj
option with a argument - The subj argument takes key-value pairs, separated by a slash. The required fields are listed below:
- For test purpose, we create a self-signed certificate, this certificate will expire in
365
days - In Step 4 we store private key and the certificate in a keystore with
pkcs12
format - In Step 5 we store the certificate in a truststore, the format ist jks
Field | Meaning | Value |
---|---|---|
/C= | Country Name | US |
/ST= | State or Province Name | Ohio |
/L= | Locality Name | Ohio |
/O= | Organization Name | wstutorial |
/OU= | Organizational Unit Name | IT Department |
/CN= | Common Name | wstutorial.com |
client-side
Script for client-side
- The first command generates a private key called wstutorialPrivate.key. We used the RSA algorithm
genrsa
with a key length of 4096 bits. - The second command creates a
certificate signing request
. To prevent prompt we pass-subj
option with a argument - Generally the csr shoul be send to Certificate Authority
(CA)
to be signed.In this tutorial we will sign the CSR on behalf of the server certificate - After getting the certificate
marone.crt
back, we store it along with the private key in a PKCS12 keystore - The subj parameter is analog to server-side subj on top