Skip to content

Instantly share code, notes, and snippets.

@avianey avianey/ca cert
Last active Aug 24, 2017

Embed
What would you like to do?
Self signed client / server certificat
openssl genrsa -out ca.key 2048
openssl req -new -key ./ca.key -out ./ca.csr
openssl x509 -req -days 365 -in ./ca.csr -out ./ca.crt -signkey ./ca.key
openssl x509 -in ca.crt -text
openssl rsa -in ca.key -passin pass:XXXX -pubout -out ca.public.key
openssl genrsa -des3 -out client.key 2048
openssl req -new -key ./client.key -out client.csr
openssl x509 -req -in ./client.csr -CA ./ca.crt -CAkey ./ca.key -CAcreateserial -out ./client.crt -days 365
openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12 -name "client certificate"
openssl pkcs12 -info -in client.p12
openssl rsa -in client.key -passin pass:XXXX -pubout -out client.public.key
# Doit correspondre au DN du certificat server
ServerName domain
# Encryption et certificat serveur
SSLEngine On
SSLCertificateFile conf/certs/server.crt
SSLCertificateKeyFile conf/certs/server.nopassphrase.key
# Impose la présentation d'un certificat client
SSLVerifyClient require
SSLVerifyDepth 2
# Certificat de l'autorité de certification reconnue pour les clients
SSLCACertificateFile conf/certs/ca.crt
openssl genrsa -des3 -out server.key 2048
openssl req -new -key ./server.key -out server.csr
openssl x509 -req -in ./server.csr -CA ./ca.crt -CAkey ./ca.key -CAcreateserial -out ./server.crt -days 365
openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -name "server certificate"
openssl pkcs12 -info -in server.p12
openssl rsa -in server.key -passin pass:XXXX -pubout -out server.public.key
openssl rsa -in server.key -out server.nopassphrase.key
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.