User Tools

Site Tools


ssl:generate-certificates-self-signed

This is an old revision of the document!


Generate Root CA certificate

Generate private key

You should enter a password when required.

openssl genrsa -des3 -out ca.key 2048 -rand random-bits

Output:

Generating RSA private key, 2048 bit long modulus (2 primes)
..............................+++++
............+++++
e is 65537 (0x010001)
Enter pass phrase for ca.key:
Verifying - Enter pass phrase for ca.key:

Update the Root CA configuration

Edit the following configuration lines (if needed.)

root-ca.conf
[ req ]
default_bits = 2048
default_keyfile = ca.key
distinguished_name = req_distinguished_name
x509_extensions = v3_ca
string_mask = nombstr
req_extensions = v3_req
[ req_distinguished_name ]
countryName = RO
countryName_default = RO
countryName_min = 2
countryName_max = 2
stateOrProvinceName = Romania
stateOrProvinceName_default = Romania
localityName = Bucharest
localityName_default = Bucharest
0.organizationName = AX
0.organizationName_default = AX
organizationalUnitName = AX Software
organizationalUnitName_default = AX Software
commonName = AX Root CA
commonName_max = 64
emailAddress = admin@ax.com
emailAddress_max = 40
[ v3_ca ]
basicConstraints = critical,CA:true
subjectKeyIdentifier = hash
[ v3_req ]
nsCertType = objsign,email,server

Generate the final Root CA certificate

openssl req -new -x509 -days 3650 -config root-ca.conf -key ca.key -out ca.crt

ssl/generate-certificates-self-signed.1596891327.txt.gz · Last modified: 2023/07/04 19:36 (external edit)