Skip to content

Instantly share code, notes, and snippets.

@igilham

igilham/keygen.md

Last active August 25, 2016 10:04
Show Gist options
  • Save igilham/c0402c0420b3f2947b5885c5316ec85f to your computer and use it in GitHub Desktop.
Save igilham/c0402c0420b3f2947b5885c5316ec85f to your computer and use it in GitHub Desktop.
Download ZIP
Use OpenSSL to generate RSA key pairs for client and server using a CA
Raw
keygen.md

Useing OpenSSL to generate RSA keys for client-server applications

Set up directories

mkdir -p ca client server

Generate a CA

Generate CA file "ca.pem" and CA key "privkey.pem". You also need a serial number file "file.srl" containing just a two digit number and a newline.

openssl req -out ca/ca.pem -new -x509
echo "00" > ca/file.srl

Generate server certificate/key pair

No password required.

openssl genrsa -out server/server.key 1024
openssl req -key server/server.key -new -out server/server.req
openssl x509 -req -in server/server.req -CA ca/ca.pem -CAkey ca/privkey.pem -CAserial ca/file.srl -out server/server.pem

Generate client certificate/key pair

Encrypted:

openssl genrsa -des3 -out client/client.key 1024

Non-encrypted:

openssl genrsa -out client/client.key 1024

Then do:

openssl req -key client/client.key -new -out client/client.req
openssl x509 -req -in client/client.req -CA ca/ca.pem -CAkey ca/privkey.pem -CAserial ca/file.srl -out client/client.pem
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment