Powered by GitBook

Quick Start

Certificate Authority

Certificate Authority (CA), including
- generating a private key
- and a signed certificate (.crt) by the key, the crt containing company information

$ openssl req -new -x509 -days <duration> -extensions v3_ca -keyout ca.key -out ca.crt

Server

Server Side

# generate private key without encryption as the server key
$ openssl genrsa [-rsa|-des3|-aes256] -out server.key 2048

# generate a certificate signing request to send to the CA
# server.csr saves lots of information of the company
$ openssl req -out server.csr -key server.key -new

After sending the server.csr to the CA, or sign it with your CA

$ openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days <duration>

Client

Client Side

# generate a client key
$ openssl genrsa [-rsa|-des3|-aes256] -out client.key 2048

# generate a certificate signing request to send to the CA
$ openssl req -out client.csr -key client.key -new

After sending the client.csr to the CA, or sign it with your CA

$ openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days <duration>

Flow

results matching ""

No results matching ""