...
| No Format |
|---|
$ openssl genrsa -out server.key 1024 # Create private/public key pair for server
$ openssl req -new -key server.key \
-out server.csr # Create certificate signing request
# (Remember: Common name *MUST* match server address)
$ openssl ca -config ca.conf \
-in server.csr \
-cert ca.crt \
-keyfile ca.key \
-out server.crt # Sign certificate request with CA certificate.
# Create PEM file with the server key and certificate for use with lightttpd
$ cat server.key server.crt > server.pem
|
Creating a client certificate for use with web browsers (remember it will also usually need the CA certificate used in signing):
| No Format |
|---|
# openssl genrsa -out client.key 1024 # Generate public/private key for client
# openssl req -new -key client.key \
-out client.csr # Create certificate signing request
# openssl ca -config ca.conf \
-in client.csr \
-cert ca.crt \
-keyfile ca.key \
-out client.crt # Sign certificate
# openssl pkcs12 -export -clcerts \
-in client.crt \
-inkey client.key \
-out client.p12 # Create PKCS12 keystore for use with web browsers
|
References:
Client certificates with apache
...