This article shows how to generate self signed CA, then use it to generate csr and client/server certificate.
We will use openssl to deal with the certs and look at various command line options so we can:
1. generate ca and certs without human intervention, which could be useful during automation
2. validate generated certificate
3. look how to add extensions to the certs
Create CA
Generate CA key
1.1 phrase by default enter manually
openssl genrsa -des3 -out ca.key 4096 Generating RSA private key, 4096 bit long modulus ............................++ ....................++ e is 65537 (0x10001) Enter pass phrase for ca.key: Verifying - Enter pass phrase for ca.key:
1.2 or read from file
openssl genrsa -des3 -passout file:mypass.txt -out ca.key 4096
1.3 or elsewhere
vault read --field=value secret/path_to_ca_key/password | openssl genrsa -des3 -passout stdin -out ca.key 4096 -Comments closed