Skip to content

Instantly share code, notes, and snippets.

@igilham igilham/
Last active Aug 25, 2016

What would you like to do?
Use OpenSSL to generate RSA key pairs for client and server using a CA

Useing OpenSSL to generate RSA keys for client-server applications

Set up directories

mkdir -p ca client server

Generate a CA

Generate CA file "ca.pem" and CA key "privkey.pem". You also need a serial number file "" containing just a two digit number and a newline.

openssl req -out ca/ca.pem -new -x509
echo "00" > ca/

Generate server certificate/key pair

No password required.

openssl genrsa -out server/server.key 1024
openssl req -key server/server.key -new -out server/server.req
openssl x509 -req -in server/server.req -CA ca/ca.pem -CAkey ca/privkey.pem -CAserial ca/ -out server/server.pem

Generate client certificate/key pair


openssl genrsa -des3 -out client/client.key 1024


openssl genrsa -out client/client.key 1024

Then do:

openssl req -key client/client.key -new -out client/client.req
openssl x509 -req -in client/client.req -CA ca/ca.pem -CAkey ca/privkey.pem -CAserial ca/ -out client/client.pem
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.