Last active
February 3, 2017 21:16
-
-
Save ttomsu/2668256021c0b9a9213200004cb83acb to your computer and use it in GitHub Desktop.
Using OpenSSL to generate and sign Server and Client SSL certificates
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create keys | |
| openssl genrsa -des3 -out ca.key 4096 | |
| openssl genrsa -des3 -out server.key 4096 | |
| openssl genrsa -des3 -out client.key 4096 | |
| # Self-sign CA certificate | |
| openssl req -new -x509 -days 365 -key ca.key -out ca.crt | |
| # Generate server and client certificate signing requets | |
| openssl req -new -key server.key -out server.csr | |
| openssl req -new -key client.key -out client.csr | |
| # Use CA to sign cert requests | |
| openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt | |
| openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt | |
| # Format client certificate into browser importable form | |
| openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.p12 | |
| # Format server certificate into jks importable form | |
| openssl pkcs12 -export -clcerts -in server.crt -inkey server.key -out server.p12 | |
| # Create Java Keystore by importing CA certificate | |
| keytool -keystore keystore.jks -import -trustcacerts -alias ca -file ca.crt | |
| # Import server certificate | |
| keytool -importkeystore -srckeystore server.p12 -srcstoretype pkcs12 -srcalias 1 -destkeystore keystore.jks -deststoretype jks -destalias server | |
| # Optional: Decrypt server key in case some clients need it unencrypted | |
| openssl rsa -in server.key -out server.key.pem |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment