openssl generate ca certificate

Others 2022-05-18 23:38:09 views: 0

This generated certificate can be used in browsers, java, tomcat, c++, etc. Reminder here!


1. Create a root certificate private key
Command :
openssl genrsa -aes256 -out D:\abc\d\root-key.key 1024

2. Create a root certificate request file
Command :
openssl req -new -out D:\abc\d\ root-req.csr -key D:\abc\d\root-key.key -keyform PEM

3. Self-signed root certificate
Command :
openssl x509 -req -in D:\abc\d\root-req.csr -out D:\abc\d\root-cert.cer -signkey D:\abc\d\root-key.key -CAcreateserial -days 3650

4. Export root certificate in p12 format
Command :
openssl pkcs12 -export -clcerts -in D: \abc\d\root-cert.cer -inkey D:\abc\d\root-key.key -out D:\abc\d\root.p12

5. Generate root.jks file
keytool -import -v -trustcacerts -storepass 123456 -alias root -file D:\abc\d\root-cert.cer -keystore D:\abc\d\root.jks

Generate client file:
1. Generate client key
openssl genrsa -out client-key.key 1024
2. Generate client request file
openssl req -new -out client-req.csr -key client-key.key
3. Generate client certificate (root certificate , rootkey, client key, client request file, these 4 generate client certificate)
openssl x509 -req -in client-req.csr -out client-cert.cer -signkey client-key.key -CA root-cert. cer
-CAkey root-key.key -CAcreateserial -days 3650
4. Generate client p12 format root certificate
openssl pkcs12 -export -clcerts -in client-cert.cer -inkey client-key.key -out client.p12

client jks :
keytool -import -v -trustcacerts -storepass 123456 -alias client -file client-cert.cer -keystore
client.jks

Generate server file:
1. Generate server key
openssl genrsa -aes256 -out D:\abc\d\ server-key.key 1024
2. Generate server request file
openssl req -new -out D:\abc\d\server-req.csr -key D:\abc\d\server-key.key
3. Generate server certificates (root certificate, rootkey, client key, client request file these 4 generate client certificate)
openssl x509 -req -in D:\abc\d\server-req.csr -out D:\abc\d\server-cert.cer -signkey D:\abc\d \server-key.key -CA D:\abc\d\root-cert.cer -CAkey D:\abc\d\root-key.key -CAcreateserial -days 3650
4. Generate server-side p12 format root certificate
openssl pkcs12 -export -clcerts -in D:\abc\d\server-cert.cer -inkey D:\abc\d\server-key.key -out D:\abc\d\server.p12Server
JKS
keytool -import -v -trustcacerts -storepass 123456 -alias server -file D:\abc\d\server-cert.cer -keystore D:\abc\d\server.jks

passwordless key command:
openssl rsa -in client-key.key -out client-key.key.unsecure

Guess you like

Origin http://10.200.1.11:23101/article/api/json?id=326701963&siteId=291194637
Recommended
Open signature electronic signature: stop new additions, optimize experience, and make progress (work before the May Day holiday)
Kaiyuan Daily | Open source front-end animation engine for middle school students; the world’s first Llama3 8B Chinese version open source model; Lenovo Computer may be out of business; Linus satirizes AI hype
Ranking
Fast data acquisition card in the acquisition and analysis of radar signals in Application Notes
Simple understanding of regular expressions
Wannafly Challenge 15 C "a team" (Josephus kind of problem)
[Self-study] Using python for data analysis LESSON6 <Introduction to pandas——Introduction to pandas data structure 2>
RAID implementations 116.211.146.88
2020 strongest dubbo face questions + Answer: architectural design services + + framework design cluster configuration
Introduction to GPS time
DOTween download address for each version
Deep learning and computer vision practical learning (0) - basic tools, NVIDIA driver and CUDA installation
[NOIP2012 Improvement Group] Borrow classroom
Daily
More
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)
2024-04-17(31)
2024-04-16(23)
2024-04-15(5)
2024-04-14(0)
2024-04-13(18)

Code World

© 2018 codetd.com