Med Java

User Tools

Site Tools

Trace: generate-certificates-self-signed
ssl:generate-certificates-self-signed

This is an old revision of the document!

Table of Contents

Generate Root CA certificate

Generate private key and CSR (certificate signing request)

Run the command and fill the required input values.
It will generate 2 files: ca.key and ca.csr. Let the challenge password empty. 

openssl req -new -newkey rsa:2048 -nodes -keyout ca.key -out ca.csr

Output: 

Generating RSA private key, 2048 bit long modulus (2 primes)
..............................+++++
............+++++
e is 65537 (0x010001)
Enter pass phrase for ca1.key:
Verifying - Enter pass phrase for ca1.key:

C:\Users\odefta\Desktop\CERT>openssl req -new -newkey rsa:2048 -nodes -keyout ca.key -out ca.csr
Generating a RSA private key
...............................+++++
.................................................................+++++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:RO
State or Province Name (full name) [Some-State]:Romania
Locality Name (eg, city) []:Bucharest
Organization Name (eg, company) [Internet Widgits Pty Ltd]:AX
Organizational Unit Name (eg, section) []:AX Software
Common Name (e.g. server FQDN or YOUR name) []:AX Root CA
Email Address []:admin@ax.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Update the Root CA configuration

Edit the following configuration lines (if needed.)

root-ca.conf
[ req ]
default_bits = 2048
default_keyfile = ca.key
distinguished_name = req_distinguished_name
x509_extensions = v3_ca
string_mask = nombstr
req_extensions = v3_req
[ req_distinguished_name ]
countryName = RO
countryName_default = RO
countryName_min = 2
countryName_max = 2
stateOrProvinceName = Romania
stateOrProvinceName_default = Romania
localityName = Bucharest
localityName_default = Bucharest
0.organizationName = AX
0.organizationName_default = AX
organizationalUnitName = AX Software
organizationalUnitName_default = AX Software
commonName = AX Root CA
commonName_max = 64
emailAddress = admin@ax.com
emailAddress_max = 40
[ v3_ca ]
basicConstraints = critical,CA:true
subjectKeyIdentifier = hash
[ v3_req ]
nsCertType = objsign,email,server

Level 2 Headline

ssl/generate-certificates-self-signed.1596890586.txt.gz · Last modified: 2023/07/04 19:36 (external edit)