#create private key as PEM format
openssl genrsa -out private_key_as_a_.pem 1024
#convert private key into PEM format from DER
openssl pkcs8 -topk8 -inform DER -in private_key_as_a_.der -outform PEM -out private_key_as_a_.pem -nocrypt
#generate self-signed certificate from private key
openssl req -x509 -newkey rsa:1024 -key private_key_as_a_.pem -out certificate_as_a_.pe
m -config extensions.conf -days 3650 -extensions extensions
#convert certificate into DER
openssl x509 -in certificate_as_a_.pem -inform PEM -out certificate_as_a_.der -outform
DER
Notice the extentions.conf file:
[ req ]
default_bits = 1024
default_keyfile = keyfile.pem
distinguished_name = req_distinguished_name
prompt = no
output_password = mypass
[ req_distinguished_name ] (these fields need to be edited to fit your situation)
C = US
ST = Texas
L = Houston
O = Organizational Unit
OU = Headquarters
CN = server.domain.com
emailAddress = support@domain.com
[extensions]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid
keyUsage=critical, digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
basicConstraints=critical, CA:TRUE
extendedKeyUsage=serverAuth, clientAuth
Tuesday, April 20, 2010
Subscribe to:
Posts (Atom)