Skip to content

Instantly share code, notes, and snippets.

@lucaspiller
Created September 15, 2021 16:07
Show Gist options
  • Save lucaspiller/977846c00ddacbaa44351239141fb351 to your computer and use it in GitHub Desktop.
Save lucaspiller/977846c00ddacbaa44351239141fb351 to your computer and use it in GitHub Desktop.
OpenSSL Client Certificates
# Extra: Generate self-signed server certificate
openssl req -nodes -new -x509 -keyout server.key -out server.crt -days 3650
# Generate CA for client certificates
openssl req -nodes -new -x509 -keyout client-ca.key -out client-ca.crt -days 3650 -subj "/CN=Client CA/O=My Company Name LTD./C=US"
# Set client name which will be used as CN
export CLIENT=bob
# Generate CSR for client certificate
openssl req -nodes -newkey rsa -keyout client-$CLIENT.key -out client-$CLIENT.csr -subj "/CN=$CLIENT/O=My Company Name LTD./C=US"
# Sign client certificate
openssl x509 -req -in client-$CLIENT.csr -signkey client-ca.key -out client-$CLIENT.crt -days 3650
# Bundle everything into one file
cat client-$CLIENT.key client-$CLIENT.crt client-ca.crt > client-$CLIENT.pem
# Cleanup
rm client-$CLIENT.key client-$CLIENT.crt client-$CLIENT.csr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment