ssl:generate-certificates-self-signed
This is an old revision of the document!
Table of Contents
Generate Root CA certificate
Generate private key
You should enter a password when required.
openssl genrsa -des3 -out ca.key 2048 -rand random-bits
Output:
Generating RSA private key, 2048 bit long modulus (2 primes) ..............................+++++ ............+++++ e is 65537 (0x010001) Enter pass phrase for ca.key: Verifying - Enter pass phrase for ca.key:
Update the Root CA configuration
Edit the following configuration lines (if needed.)
- root-ca.conf
[ req ] default_bits = 2048 default_keyfile = ca.key distinguished_name = req_distinguished_name x509_extensions = v3_ca string_mask = nombstr req_extensions = v3_req [ req_distinguished_name ] countryName = RO countryName_default = RO countryName_min = 2 countryName_max = 2 stateOrProvinceName = Romania stateOrProvinceName_default = Romania localityName = Bucharest localityName_default = Bucharest 0.organizationName = AX 0.organizationName_default = AX organizationalUnitName = AX Software organizationalUnitName_default = AX Software commonName = AX Root CA commonName_max = 64 emailAddress = admin@ax.com emailAddress_max = 40 [ v3_ca ] basicConstraints = critical,CA:true subjectKeyIdentifier = hash [ v3_req ] nsCertType = objsign,email,server
Generate the final Root CA certificate
openssl req -new -x509 -days 3650 -config root-ca.conf -key ca.key -out ca.crt
ssl/generate-certificates-self-signed.1596891327.txt.gz · Last modified: 2023/07/04 19:36 (external edit)